ipaddr, ipv4addr ipv6addr

Arran Cudbard-Bell a.cudbardb at freeradius.org
Sat May 31 13:40:57 CEST 2014


On 31 May 2014, at 10:49, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:

> 
> On 31 May 2014, at 10:27, Alan Buxey <A.L.M.Buxey at LBORO.AC.UK> wrote:
> 
>> Hi
>> 
>> AAAA record should be used first if present. But if there's an a A and AAAA then both should be used too
> 
> I sort of agree, but that would break any existing implementations where the home_server has A and AAAA records but is not listening on it's V6 address, so it's really not a good idea.
> 
>> , ie in client or proxy mode - we have dual stack and gave both v6 and v4 defined to give us routing resiliency
> 
> If you want this behaviour then define a v4 and v6 home server and use ipv4addr and ipv6addr, that's exactly the sort of scenario they were added for.
> 
> Else the server would have to add both, then go through a vetting process to figure out whether there's a server listening on both the v4 and v6 addresses.
> 
> The logic we have here may not be the same for things like dynamic home servers/dynamic discovery. There's a very big difference between the system administrator hard coding the addresses of servers, and FreeRADIUS having to discover the state of the world from a realm.
> 
>> Also... if the address doesn't resolve the server fails to start? Ouch. Very nasty behaviour -1 
> 
> You've specified a remote resource which doesn't exist. It's the same with the connection pool, if it can't establish 'start' connections for a pool the server fails to start.

And to quote from the clients.conf file which has been shipped with the server for many years:

	#
	#  A note on DNS:  We STRONGLY recommend using IP addresses
	#  rather than host names.  Using host names means that the
	#  server will do DNS lookups when it starts, making it
	#  dependent on DNS.  i.e. If anything goes wrong with DNS,
	#  the server won't start!
	#
	#  The server also looks up the IP address from DNS once, and
	#  only once, when it starts.  If the DNS record is later
	#  updated, the server WILL NOT see that update.
	#

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140531/5f86203a/attachment.pgp>


More information about the Freeradius-Users mailing list