Addresses are too long to remember so you have to use and understand DNS.
From what I’ve seen lately network admins really don’t like DNS.
“Please add 192.0.2.10 to the monitoring system. The hostname is router_foo_bar.”
No FQDN, no DNS records, no nothing. And underscores in the name. So once again one has to rely on the poor mans
DNS (aka /etc/hosts).
Recently at a customer I was astonished that the all Windows servers had IPv6 addresses.
Well my astonishment didn’t last long: All addresses started with 2002.
So what happened? Current Windows version have IPv6 enabled and they also have several tunnels in the default configuration.
One of them, a tunnel called 6to4 automatically adds it’s address to DNS (if you run Active
Directory and Microsoft DNS).
You should disable 6to4 tunnels because there are some issues which might lead to bad user experience. While your at it you also might to disable Teredo.
This link should give you a good starting point.
You should not disable IPv6 completely on Microsoft Windows:
From Microsoft’s perspective, IPv6 is a mandatory part of the Windows operating system and it is enabled and included in standard Windows service and application testing during the operating system development process. Because Windows was designed specifically with IPv6 present, Microsoft does not perform any testing to determine the effects of disabling IPv6. If IPv6 is disabled on Windows 7, Windows Vista, Windows Server 2008 R2, or Windows Server 2008, or later versions, some components will not function.
My current impression, after being offered several IPv6 related projects: “We need this IPv6 thing right now! And we need external help!” Some time later “Wait! External help costs more then 8,50 Euros an hour? We can’t afford that! Maybe we don’t need IPv6 after all.”
It reminds me of 1999 only that there is no fixed deadline. In 1999 someone told me: “I talked to my first customer about the year 2000 problem in 1980. He called last week. Do you now COBOL?
I can offer you 350DM an hour.”
So I’m available for IPv6 (and other) projects but be aware that I usually don’t work for free and the costs for external support are not the only costs you will have. You’ll also have to train your staff, check if your hard- and software is IPv6 enabled (and maybe replace them). And the longer you wait the more painful it will get.
Last week I gave a one day IPv6 introduction at a customer.
They are afraid of two things:
- Implementing IPv6 in there complex network which has grown over the years
- Not implementing IPv6
http://www.vyncke.org/ipv6status/ just came up at #denog over on IRCNET.
1. It feels good when a project you where involved in is relatively high in the list for Germany and all services (Web/ Mail / DNS) are green.
2. Many people will need consulting and training in the near future.
3. Whats so hard about IPv6 and DNS?
I have written a small article on IPv6 (in German) for the Uptimes (members’ magazine of the GUUG).
At the end of February 2013 (20th-23rd) I’ll be giving an IPv6 training at the Open Source School in Munich. (Language will be German).
According to this article (German) Hetzner a German ISP well know for selling dedicated servers is planing to charge more for IPv4.
The article states that they plan to charge between 2 and 5 Euro per IPv4 address.
Still thinking that there is time starting to implement IPv6?
We have IPv6! Really? Lets take a closer look:
jens@lagavulin:~$ dig mx t-online.de +short
jens@lagavulin:~$ dig mx t-online.de +short | cut -d " " -f 2 > t-online-dns
jens@lagavulin:~$ dig AAAA +short -f t-online-dns
jens@lagavulin:~$ ncat -6 2003:2:2:10:194:25:134:8 25
Meanwhile in another terminal (slightly shortened at the end of the line):
root@lagavulin:/home/jens# tcpdump tcp and port 25
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
18:44:23.157892 IP6 2001:6f8:110b:0:f2de:f1ff:fec9:25ce.43593 > mailin-v6.t-online.de.smtp: Flags [S],
18:44:23.228421 IP6 mailin-v6.t-online.de.smtp > 2001:6f8:110b:0:f2de:f1ff:fec9:25ce.43593: Flags [R.]
18:44:23.228435 IP6 mailin-v6.t-online.de.smtp > 2001:6f8:110b:0:f2de:f1ff:fec9:25ce.43593: Flags [R.]
So there is a DNS AAAA record for one mail server which does not answer to IPv6 requests.
Conclusions (from the outside):
* there is no monitoring
* there are different teams for SMTP and DNS they don’t communicate