IPV6-ifying all my boxes -- any gotchas to be aware of?
jon at radel.com
Sun Jan 24 02:18:21 UTC 2016
On 1/23/16 7:38 PM, Aleksandr Miroslav wrote:
> Apart from some websites and mailing lists, I'm not running anything
> mission-critical, but I'd like to avoid snafus if possible. Are there any
> gotchas that I should be aware of?
Make sure that any firewalling you find prudent with ipv4 is replicated
as appropriate with ipv6 and double check what processes are actually
listening on ipv6. There's no good that will come of finding at a later
time that something, say a back-end database, is listening on ipv4
loopback address only, but is listening on the public ipv6 address with
no firewall blocking access. That would probably mean certain
assumptions about the security of your database are no longer true.
Make sure services actually work over ipv6 before putting AAAA records
in your DNS. Remember that there are an awful lot of client machines
out there that will prefer HTTP and SMTP over ipv6 once you have AAAA
records, but there are probably still some poor souls for whom this will
break connectivity or performance reaching your servers. (Though I'd
argue that this far into ipv6 roll-out that that's their, not your,
problem. However, if you have contracts with them or make money off of
them it would probably be your problem too.)
Consider putting a DNS resolver reachable over IPv6 in your resolv.conf
after appropriate testing, though this isn't necessary to make things work.
On the whole I've found the process pretty painless. (Well other than
that my business class provider at home STILL doesn't provide native
ipv6. Shame on you Cox Business.)
jon at radel.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3890 bytes
Desc: S/MIME Cryptographic Signature
More information about the freebsd-questions