On Wed, Dec 30, 2009 at 11:12:41AM +0000, Philipp Kern wrote: > On 2009-12-29, Adam Borowski <kilob...@angband.pl> wrote: > > It's not "hypothetical". IPv4 sucks so badly compared to IPv6 that once you > > switch your internal hosts to v6-only, you don't want to go back. > > You don't switch to v6-only, you switch to dual stack IPv4+IPv6. One point > being that with a v6-only host you're totally unable to reach IPv4 sites > without the help of application-level proxies.
Dual stack means you have to configure BOTH. Of course, that's needed for world-facing servers only. Client machines will want dual stack too, but these can be behind plain outgoing-only NAT v4-wise. I can't think of a reason to keep IPv4 on internal servers, though. In fact, this does give you an extra layer of security if you firewall something wrong: when an IPv6-only box gets pwned, it's of little use for your usual attacker. The main benefit of IPv6 is making things simpler, and dual stacking doesn't help there. -- 1KB // Microsoft corollary to Hanlon's razor: // Never attribute to stupidity what can be // adequately explained by malice. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org