On Wed, Dec 30, 2009 at 11:12:41AM +0000, Philipp Kern wrote:
> On 2009-12-29, Adam Borowski <kilob...@angband.pl> wrote:
> > It's not "hypothetical". IPv4 sucks so badly compared to IPv6 that once you
> > switch your internal hosts to v6-only, you don't want to go back.
>
> You don't switch to v6-only, you switch to dual stack IPv4+IPv6. One point
> being that with a v6-only host you're totally unable to reach IPv4 sites
> without the help of application-level proxies.
Dual stack means you have to configure BOTH. Of course, that's needed for
world-facing servers only. Client machines will want dual stack too, but
these can be behind plain outgoing-only NAT v4-wise.
I can't think of a reason to keep IPv4 on internal servers, though. In
fact, this does give you an extra layer of security if you firewall
something wrong: when an IPv6-only box gets pwned, it's of little use for
your usual attacker.
The main benefit of IPv6 is making things simpler, and dual stacking doesn't
help there.
--
1KB // Microsoft corollary to Hanlon's razor:
// Never attribute to stupidity what can be
// adequately explained by malice.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
