Commit a7ec7eb6 authored by Mark Andrews's avatar Mark Andrews

check that bits 64..71 in a dns64 prefix are zero

parent 06d8b107
options {
dns64 0000:0000:0000:0000:0100:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:0200:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:0400:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:0800:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:1000:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:2000:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:4000:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 0000:0000:0000:0000:8000:000f::/96 { }; /* bits [64..71] MBZ */
};
options {
dns64 ::/32 { suffix ::8000:0000:0000:0000; }; /* bits [64..71] MBZ */
};
options {
dns64 ::/32 { suffix ::0100:0000:0000:0000; }; /* bits [64..71] MBZ */
};
......@@ -5148,7 +5148,9 @@ options {
</para>
<para>
Compatible IPv6 prefixes have lengths of 32, 40, 48, 56,
64 and 96 as per RFC 6052.
64 and 96 as per RFC 6052. Bits 64..71 inclusive must
be zero with the most significate bit of the prefix in
position 0.
</para>
<para>
Additionally a reverse IP6.ARPA zone will be created for
......
......@@ -526,6 +526,13 @@ check_dns64(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
continue;
}
if (na.type.in6.s6_addr[8] != 0) {
cfg_obj_log(map, logctx, ISC_LOG_ERROR,
"invalid prefix, bits [64..71] must be zero");
result = ISC_R_FAILURE;
continue;
}
if (prefixlen != 32 && prefixlen != 40 && prefixlen != 48 &&
prefixlen != 56 && prefixlen != 64 && prefixlen != 96) {
cfg_obj_log(map, logctx, ISC_LOG_ERROR,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment