FreeBSD Mail Archives

Date:      Sat, 23 Jan 2016 20:18:09 -0500
From:      Jon Radel <jon@radel.com>
To:        Aleksandr Miroslav <alexmiroslav@gmail.com>, freebsd-questions@freebsd.org
Subject:   Re: IPV6-ifying all my boxes -- any gotchas to be aware of?
Message-ID:  <56A42651.8050801@radel.com>
In-Reply-To: <CACcSE1zTxziM-np_G41wk=MfodoGaT6qQ2bS5K3JxYSZFepYHA@mail.gmail.com>
References:  <CACcSE1zTxziM-np_G41wk=MfodoGaT6qQ2bS5K3JxYSZFepYHA@mail.gmail.com>


[-- Attachment #1 --]
On 1/23/16 7:38 PM, Aleksandr Miroslav wrote:
>
> Apart from some websites and mailing lists, I'm not running anything
> mission-critical, but I'd like to avoid snafus if possible. Are there any
> gotchas that I should be aware of?
>
Make sure that any firewalling you find prudent with ipv4 is replicated 
as appropriate with ipv6 and double check what processes are actually 
listening on ipv6.  There's no good that will come of finding at a later 
time that something, say a back-end database, is listening on ipv4 
loopback address only, but is listening on the public ipv6 address with 
no firewall blocking access.  That would probably mean certain 
assumptions about the security of your database are no longer true.

Make sure services actually work over ipv6 before putting AAAA records 
in your DNS.  Remember that there are an awful lot of client machines 
out there that will prefer HTTP and SMTP over ipv6 once you have AAAA 
records, but there are probably still some poor souls for whom this will 
break connectivity or performance reaching your servers.  (Though I'd 
argue that this far into ipv6 roll-out that that's their, not your, 
problem.  However, if you have contracts with them or make money off of 
them it would probably be your problem too.)

Consider putting a DNS resolver reachable over IPv6 in your resolv.conf 
after appropriate testing, though this isn't necessary to make things work.

On the whole I've found the process pretty painless.  (Well other than 
that my business class provider at home STILL doesn't provide native 
ipv6.  Shame on you Cox Business.)

--Jon Radel
jon@radel.com






[-- Attachment #2 --]
0�	*�H��
��0�10
	`�He0�	*�H��
��
�0��0����#��S��anzTgk!0
	*�H��
0o10	USE10U
AddTrust AB1&0$UAddTrust External TTP Network1"0 UAddTrust External CA Root0
141222000000Z
200530104838Z0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1A0?U8COMODO SHA-256 Client Authentication and Secure Email CA0�"0
	*�H��
�0�
���
�zSNpR�V�&��I���Q���ZI���`�zQB�y��"�aN��v#
�J�	�n�=ٺ�����.CRC|�2PȦOZ��ϓ%�{��0d��V��*$3��D�i��FK�3��@�����@���:�*S��= a<U��Nv%!)��|qvO��_���T���{5R���"=,0-1Y�R7�3i-C��֥�wgQ���'뼥8v���8�ߌ��I���s�:2���:=F:WtaP��@?��⟢!��0�0U#0����z4�&���&T���$�T0U�ak�ᢠ�O�g�£�����0U��0U�0�0U%0++0U 
00U 0DU=0;09�7�5�3http://crl.usertrust.com/AddTrustExternalCARoot.crl05+)0'0%+0�http://ocsp.usertrust.com0
	*�H��
�*n�U�:������U�ka+�	#��fjo����w^a�}�������[jr
A���X�&���M������X�"c�R��6�}X�ޫ;c���s����{���B#�ʶ�M>�K��-�ػBK�i�ۦ74�{����:ǟO�4n�e�������6����d)5�ֱ�q�C��>��2S�v�ʆ4�,��Jؙ
��␒�ZBj#!�e��ջ~ꌅ b��:,Yř3�8���zy�J&�|���0��0��sT�<}k��
`i
��0
	*�H��
0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1A0?U8COMODO SHA-256 Client Authentication and Secure Email CA0
150330000000Z
180329235959Z0��10	UUS10U2215010	UVA10USpringfield10U	6917 Ridgeway Dr.10U
Jon T. Radel1200U)Issued through Jon T. Radel E-PKI Manager10UCorporate Secure Email10U	Jon Radel10	*�H��
	
jon@radel.com0�"0
	*�H��
�0�
���a�Щ������@@g3eGރ�͛�;	�d�#��>�q7&Hf�
:��3�v�L"��jV#�Xݷ�>U��-�H[$�S�Uڻ�{�Ϝ�,���z¶���I���chO��=rcy��r����n�v.V��h�7��k;���%u�e�Y��uӬ��󯅅���n�z����6!| !�A�ȡ�+�,�����u�+ 
�CA�պF-��u�n�#�vj���UJ��W�nk%�j]�
2�JP�kl�����0��0U#0��ak�ᢠ�O�g�£�����0U���E�|G�Dp��/�ʚB�0U��0U�00U%0++0FU ?0=0;+�10+0)+https://secure.comodo.net/CPS0]UV0T0R�P�N�Lhttp://crl.comodoca.com/COMODOSHA256ClientAuthenticationandSecureEmailCA.crl0��+��0��0X+0�Lhttp://crt.comodoca.com/COMODOSHA256ClientAuthenticationandSecureEmailCA.crt0$+0�http://ocsp.comodoca.com0U0�
jon@radel.com0
	*�H��
�KS��`?���H���_D`�8G߿VbĘ��<��t�B-Ӈї|��{'��Ũ�ݹg0Gp�$��������������%F(;*��M��O*g����t�$@�����t6���,�?0���|�#�ă�z�,�&!{j�2i��[%�b�7ߪ�P+�9G�㲍["y<?���8rZ'��[U���R6%����L̤
��w"�=:L����~�Ƨ^��jf���3�6� ��OP��1�.}(��e�1�A0�=0��0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1A0?U8COMODO SHA-256 Client Authentication and Secure Email CAsT�<}k��
`i
��0
	`�He��a0	*�H��
	1	*�H��
0	*�H��
	1
160124011810Z0/	*�H��
	1" -3�\N�rB�yt��E|��{�
K�<�H�ߔ�0l	*�H��
	1_0]0	`�He*0	`�He0
*�H��
0*�H��
�0
*�H��
@0+0
*�H��
(0��	+�71��0��0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1A0?U8COMODO SHA-256 Client Authentication and Secure Email CAsT�<}k��
`i
��0��*�H��
	1�����0��10	UGB10UGreater Manchester10USalford10U
COMODO CA Limited1A0?U8COMODO SHA-256 Client Authentication and Secure Email CAsT�<}k��
`i
��0
	*�H��
�,�M`Ā$;���Js[��!#0��3e�(Yy�9���3�B�4[ָA
�a0Ehr�E&��^�Rޢ#�j�$,4�Z������;�'�l�5�ʰ���d�q�U��]�Iʭ��,�����?�+�QuCc6-��qs�H�!3` Wl�8Y��(կ�||���/�̡ǲ��[x+<ȁ��{��O+��lV{f��Ĵl���'��o���H��3�[�S�D:/ܳ%�����P��`J.�����Z

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56A42651.8050801>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation