Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1446
Views
0
Helpful
4
Replies

ipv6 and ironport.......

mychrislo
Level 1
Level 1

‎02-21-2011 02:07 AM

Any compatibility matrix? And I suppose it is mostly depends on DNS resolver and query master version.

Anyone running very old dns server version (e.g. bind4) and have hit problem case?

Thanks...


/chrislo

Labels:
0 Helpful
4 Replies 4

Christopher Smith
Level 4
Level 4

‎02-21-2011 05:51 PM

Hi Chris,

Not sure if I completely follow your question.  Currently the ESA does not support IPV6 but it is slated to occur in an upcoming release. I may be missing your exact question here , let me know if I am.

Christopher C Smith

CSE
Cisco IronPort Customer Support 

0 Helpful

mychrislo
Level 1
Level 1
In response to Christopher Smith

‎02-21-2011 08:56 PM

We have a remote sending domain complaining to us email was rejected by bad reputation (ironport).

Normally, this is contributed by remote incorrect dns setting (missing reverse mapping).

This is one very common issue and it's off my back.

We checked further that it looks like their dns hosting has AAAA record on its nameserver ip.

The sending mailhost does _not_ have AAAA record.

We are being suspicious only. because our own dns server is still running bind/named4.

In "sendmail", there was/is a setting to manage "brokenAAAA" record, but we have nothing to relate this case.

As IPV6 is becoming a new issue. I have this question for Ironport

- Do ironport itself needs to be IPV6 ready? (your replies seem there _is_ a need for upgrade)

- Mail traffic mostly depends on DNS lookup, what are the requirement for DNS server / resolver if this is need to be

used by Ironport.

Example: Some DNS server may return AAAA record first before A record.....

- Another confusing issue seems to be, we can still have AAAA record even IPV4 only network?

0 Helpful

mychrislo
Level 1
Level 1
In response to mychrislo

‎02-21-2011 09:08 PM

CustHelp has a note on this. It's "new" to me too.

shorten url:

http://goo.gl/pV4h0

0 Helpful

mychrislo
Level 1
Level 1
In response to mychrislo

‎02-21-2011 11:57 PM

I find these two rfc/ietf document

http://www.ietf.org/rfc/rfc3974.txt

http://tools.ietf.org/html/draft-ietf-dnsop-misbehavior-against-aaaa-02

It would be nice if cisco can publish a best practice or guideline document for site running ipv4 mta but receiving from dual-stack and/or vice versa.

thanks

/chrislo

0 Helpful
Customers Also Viewed These Support Documents