On 2014/04/29 10:52, Giancarlo Razzolini wrote: > Em 29-04-2014 04:51, Stuart Henderson escreveu: > > Too soon I think. Wait a little longer and more major ISPs will turn > > IPv4 into the second class citizen as they fumble with their cgnat > > deployments then this will make a lot more sense. Now that akamai have > > their /10 taking ARIN into the final /8 run-out position that RIPE and > > APNIC have been in for some time, this will accelerate. > > I disable ipv6 across all my linux desktops installations because some > daemons aren't smart enough to not try it first. Postfix is one that > comes from the top of my mind.
This is not something you should have to touch at desktops. Either you run router advs in which case you should have working v6, or you don't, in which case programs using AI_ADDRCONFIG should not automatically pick them. The two biggest problems: 1. networks which run router advs but the v6 connectivity is broken. 2. networks with a malicious user sending adv's. similar to rogue dhcp servers for v4, but less understood and fewer controls in switches to deal with it, > Also, I believe firefox will default to > ipv6 then ipv4 if you have it enabled. Too soon I think. I'm hoping for > ipv6 get more traction soon, so we could end using nat on our pf rules. Mainstream browsers have their own heuristics to use ipv6 where it works, but they way they do this only makes sense for a longer-running process. AI_ADDRCONFIG is meant to be the way to select use of v6 where it works. Problem 1 above could possibly be dealt with by caching the status as to whether v6 actually works or not somewhere and using that in the decision whether to return v4 or v6 addresses.. Problem 2, well, I think networks who sufficiently care about it can make things safer, and those that don't probably aren't blocking rogue DHCP either.
