From 0c87a2b8efb677f0a8aeb930250100478f132912 Mon Sep 17 00:00:00 2001
From: Peter van Dijk <peter.van.dijk@powerdns.com>
Date: Tue, 19 Mar 2024 14:54:05 +0100
Subject: [PATCH] ixfrdist: use IPV6_V6ONLY on listening sockets, closes #13878

---
 docs/upgrading.rst | 9 +++++++++
 pdns/ixfrdist.cc   | 5 +++++
 2 files changed, 14 insertions(+)

diff --git a/docs/upgrading.rst b/docs/upgrading.rst
index e43e0f593b..b0713eee9c 100644
--- a/docs/upgrading.rst
+++ b/docs/upgrading.rst
@@ -8,6 +8,15 @@ Please upgrade to the PowerDNS Authoritative Server 4.0.0 from 3.4.2+.
 See the `3.X <https://doc.powerdns.com/3/authoritative/upgrading/>`__
 upgrade notes if your version is older than 3.4.2.
 
+4.9.0 to 5.0.0/master
+--------------
+
+ixfrdist IPv6 support
+^^^^^^^^^^^^^^^^^^^^^
+
+``ixfrdist`` now binds listening sockets with `IPV6_V6ONLY set`, which means that ``[::]`` no longer accepts IPv4 connections.
+If you want to listen on both IPv4 and IPv6, you need to add a line with ``0.0.0.0`` to the ``listen`` section of your ixfrdist configuration.
+
 4.8.0 to 4.9.0
 --------------
 
diff --git a/pdns/ixfrdist.cc b/pdns/ixfrdist.cc
index 0f845f1ce5..9cebccded5 100644
--- a/pdns/ixfrdist.cc
+++ b/pdns/ixfrdist.cc
@@ -1621,6 +1621,11 @@ static std::optional<IXFRDistConfiguration> parseConfiguration(int argc, char**
           int s = SSocket(addr.sin4.sin_family, stype, 0);
           setNonBlocking(s);
           setReuseAddr(s);
+          if (addr.isIPv6()) {
+            int one = 1;
+            (void)setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &one, sizeof(one));
+          }
+
           SBind(s, addr);
           if (stype == SOCK_STREAM) {
             SListen(s, 30); // TODO make this configurable
-- 
2.47.2