Date: Sat, 23 Jan 2016 20:18:09 -0500 From: Jon Radel <jon@radel.com> To: Aleksandr Miroslav <alexmiroslav@gmail.com>, freebsd-questions@freebsd.org Subject: Re: IPV6-ifying all my boxes -- any gotchas to be aware of? Message-ID: <56A42651.8050801@radel.com> In-Reply-To: <CACcSE1zTxziM-np_G41wk=MfodoGaT6qQ2bS5K3JxYSZFepYHA@mail.gmail.com> References: <CACcSE1zTxziM-np_G41wk=MfodoGaT6qQ2bS5K3JxYSZFepYHA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format. --------------ms020108040802080304030706 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: quoted-printable On 1/23/16 7:38 PM, Aleksandr Miroslav wrote: > > Apart from some websites and mailing lists, I'm not running anything > mission-critical, but I'd like to avoid snafus if possible. Are there a= ny > gotchas that I should be aware of? > Make sure that any firewalling you find prudent with ipv4 is replicated=20 as appropriate with ipv6 and double check what processes are actually=20 listening on ipv6. There's no good that will come of finding at a later = time that something, say a back-end database, is listening on ipv4=20 loopback address only, but is listening on the public ipv6 address with=20 no firewall blocking access. That would probably mean certain=20 assumptions about the security of your database are no longer true. Make sure services actually work over ipv6 before putting AAAA records=20 in your DNS. Remember that there are an awful lot of client machines=20 out there that will prefer HTTP and SMTP over ipv6 once you have AAAA=20 records, but there are probably still some poor souls for whom this will = break connectivity or performance reaching your servers. (Though I'd=20 argue that this far into ipv6 roll-out that that's their, not your,=20 problem. However, if you have contracts with them or make money off of=20 them it would probably be your problem too.) Consider putting a DNS resolver reachable over IPv6 in your resolv.conf=20 after appropriate testing, though this isn't necessary to make things wor= k. On the whole I've found the process pretty painless. (Well other than=20 that my business class provider at home STILL doesn't provide native=20 ipv6. Shame on you Cox Business.) --Jon Radel jon@radel.com --------------ms020108040802080304030706 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC Cq8wggSvMIIDl6ADAgECAhEA4CPLFRKDU4mtYW56VGdrITANBgkqhkiG9w0BAQsFADBvMQsw CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4 dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTE0MTIyMjAwMDAwMFoXDTIwMDUzMDEwNDgzOFowgZsxCzAJBgNVBAYTAkdCMRswGQYD VQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNP TU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVu dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAImxDdp6UxlOcFIdvFamBia3uEngludRq/HwWhNJFaO0jBtgvHpRQqd5jKQi3xdh TpHVdiMKFNNKAn+2HQmAbqUEPdm6uxb+oYepLkNSQxZ8rzJQyKZPWukI2M+TJZx7iOgwZOak +FaA/SokFDMXmaxE5WmLo0YGS8Iz1OlAnwawsayTQLm1CJM6nCpToxDbPSBhPFUDjtlOdiUC ISn6o3xxdk/u4V+B6ftUgNvDezVSt4TeIj0sMC0xf1m9UjewM2ktQ+v61qXxl3dnUYzZ7ifr vKUHOHaMpKk4/9+M9QOsSb7K93OZOg8yq5yVOhM9DkY6V3RhUL7GQD/L5OKfoiECAwEAAaOC ARcwggETMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0GA1UdDgQWBBSSYWuC 4aKgqk/sZ/HCo/e0gADB7DAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFs Q0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVz ZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQELBQADggEBABsqbqxVwTqriMXY7c1V86prYSvACRAj mQ/FZmpvsfW0tXdeDwJhAN99Bf4Ss6SAgAD8+x1banICCkG8BbrBWNUmwurVTYT7/oKYz1gb 4yJjnFL4uwU2q31Ypd6rO2Pl2tVz7+zg+3vio//wQiOcyraNTT7kSxgDsqgt1Ni7QkuQaYUQ 26Y3NOh74AEQpZzKOsefT4g0bopl0BqKu6ncyso20fT8wmQpNa/WsadxEdIDQ7GPPprsnjJT 9HaSyoY0B7ksyuYcStiZDcGG4pCS+1pCaiMhEOllx/XVu37qjIUgAmLq0ToHLFnFmTPyOInl tukWeh95FPZKEBom+nyK+5swggX4MIIE4KADAgECAhBzVOU8fWu0zQ1gaQ38zgEbMA0GCSqG SIb3DQEBCwUAMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy MRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UE AxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h aWwgQ0EwHhcNMTUwMzMwMDAwMDAwWhcNMTgwMzI5MjM1OTU5WjCB+jELMAkGA1UEBhMCVVMx DjAMBgNVBBETBTIyMTUwMQswCQYDVQQIEwJWQTEUMBIGA1UEBxMLU3ByaW5nZmllbGQxGjAY BgNVBAkTETY5MTcgUmlkZ2V3YXkgRHIuMRUwEwYDVQQKEwxKb24gVC4gUmFkZWwxMjAwBgNV BAsTKUlzc3VlZCB0aHJvdWdoIEpvbiBULiBSYWRlbCBFLVBLSSBNYW5hZ2VyMR8wHQYDVQQL ExZDb3Jwb3JhdGUgU2VjdXJlIEVtYWlsMRIwEAYDVQQDEwlKb24gUmFkZWwxHDAaBgkqhkiG 9w0BCQEWDWpvbkByYWRlbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe 1Rth9hbQqaODn++C5dVAQH9nM2VH3oPazZufOwmIG2SXI/v3PuemcQQ3JkhmpQ06gYszyXbk TCLsqvEfalYj81jdt/K5lT4aVdj0LfJIWyTcU95V2rsCuHsSvn/PnIcsEtXg53rCtqS4EOtJ 9u3rY2hP8YCiyz1yY3mn4nKJs93MHG4AkXYuVpzfaIADETcVrA+razvXEfnDJXXDZZ9ZuuV1 06yIovOvhYWSlaVu8nrSHJjXFZI2IXwgIeVBoMih3yu6LLj14I/YdZ0rIA8K+UNB+NW6Ri3u wHXBbr4jh3ZqkrqIVUrf1VeybhdrJcdqXdMNHjKDSlCoaxYRbLy1AgMBAAGjggHVMIIB0TAf BgNVHSMEGDAWgBSSYWuC4aKgqk/sZ/HCo/e0gADB7DAdBgNVHQ4EFgQUz9YB10WEfBNHskRw o/0vh8qaQuwwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYB BQUHAwQGCCsGAQUFBwMCMEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQMFMCswKQYIKwYBBQUH AgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQvQ1BTMF0GA1UdHwRWMFQwUqBQoE6GTGh0 dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NPTU9ET1NIQTI1NkNsaWVudEF1dGhlbnRpY2F0aW9u YW5kU2VjdXJlRW1haWxDQS5jcmwwgZAGCCsGAQUFBwEBBIGDMIGAMFgGCCsGAQUFBzAChkxo dHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9TSEEyNTZDbGllbnRBdXRoZW50aWNhdGlv bmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9j YS5jb20wGAYDVR0RBBEwD4ENam9uQHJhZGVsLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAS1Pe +gBgP+SQ/a5I5e7zX0Rg0DhH378LHlZixJgS6LfCPL2edKMUQi3Th9GXfLjdeyeWuMWoz925 ZzBHcPwkBeH+iM/AEhu0Dhi0kop/p66g9tEPJUZ/KDsqxddNDrD0Typn3/33pHTjJEDqydzA gwB0Nn8blpMbqSwT+j8wuPakfLsj1cSDzXrTLLsmIQB7auAyaYXdWyW8Yqw336rLUCvjOUfn qOOyjVsieTw/0PLoOHJaGyez+VtV4eyi6p1SNiX32A+fvxBMzKQLCokE43cXItc9Okzq//f2 fuvGp17r8mpm4OjjM5E2kwsg9bBPUBMR4/sxosKVLn0o9rxlozGCBEEwggQ9AgEBMIGwMIGb MQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdT YWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UEAxM4Q09NT0RPIFNI QS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0ECEHNU5Tx9 a7TNDWBpDfzOARswDQYJYIZIAWUDBAIBBQCgggJhMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B BwEwHAYJKoZIhvcNAQkFMQ8XDTE2MDEyNDAxMTgxMFowLwYJKoZIhvcNAQkEMSIEIC0zp1xO AuRyQt95dPb0RXyLf6F7ugMNS8g8yEi+35TWMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUD BAEqMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgcEGCSsGAQQBgjcQBDGBszCBsDCBmzEL MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2Fs Zm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEt MjU2IENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhBzVOU8fWu0 zQ1gaQ38zgEbMIHDBgsqhkiG9w0BCRACCzGBs6CBsDCBmzELMAkGA1UEBhMCR0IxGzAZBgNV BAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N T0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2IENsaWVudCBBdXRoZW50 aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhBzVOU8fWu0zQ1gaQ38zgEbMA0GCSqGSIb3 DQEBAQUABIIBACyOHU0RYBnEgCQ7yMnKSnNbj/7ClSEjMI2vM2W0KFl5zzmMiOoz10L/ATRb 1rhBDey5YQgwRQVocvdFJvXUXtFS3qIj/GqpJCw0v1q27ODX/7A7wCcB75hsoTXNyrCX9P5k 7XGYVb6aXfOLScqtkX+iGCz5lu6u6Qbihz+xK9VRdR1DYwI2LY3lknFzyEimIRozYCBXbNI4 GVmVyijVr9B8fMTt/y/nzKEIx7Lx3Vt4Kwg8yIGRHvd7f9HYTyvUxGxWGxJ7ZgTfGrPEtGyq 6c4nrbtvlQK7/Ejo6zO5W4lTxEQ6L9yzARolv5YO74AA7+2UUIId5BtgSi6mn46c7FoAAAAA AAA= --------------ms020108040802080304030706--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56A42651.8050801>