Re: AAAA entry for openbsd.org
Moin, On Mon, 2023-10-23 at 20:52 +0300, Mikhail wrote: > I think ipv6 just expand attack surface for the services for very > little benefit, ... Well,... there is a ton of reasons one may not want to deploy v6; I disagree, but well, my boxes are dual-stack through-and-through; My network, my rules, your network your rules, and the rest comes to opinions*. But could we please stop with the "IPv6 is a security risk"-thing? Yes, it is if you do not conf your systems properly (e.g., only v4 firewalling and binding $backend globally). Then again, so is OpenSSH if you think allowing root logins with a password and setting the root password to "root" is a good thing to do. But honestly, then you have a whole bunch of different issues. OpenBSD has an awesome v6 stack; I have several prod boxes on v6 only, and it just works (granted, installed via an in-AS mirror, so never hit the mirror list thing). With best regards, Tobias *And on opinions: What should motivate _everyone_ to get on v6 ASAP is that it would end the business model of some rather annoying IPv4 address traders (I acknowledge there are also not-annoying ones who would be affected, but that is a sacrifice i am willing to make. ;-)).
Re: AAAA entry for openbsd.org
On 2023-10-23, Philip Guenther wrote: > See, this is why being clear about What Fine Problem You're Trying To Solve > is important: AFAICT the installer tries to fetch the mirror list from > ftplist1.openbsd.org and not from openbsd.org. The installer writes out its own /etc/hosts file with the known address of ftplist1 so simply adding an to the DNS zone won't help. But then, to make it work somewhat nicely for the uncommon case of v6 only without v4 or NAT64, the installer would really need to probe for working v4, working v6, and show an appropriate subset of the mirror list. But what is "working v6" anyway? Even though it's 14 years since the famous HE/Cogent cake, you still can't reach chunks of the internet (including c.root-servers.net) from HE, and other chunks over Cogent. So the definition and testing to detect that is not trivial.
Re: AAAA entry for openbsd.org
> If you want to volunteer to host an ipv6 mirror, I think the
> licensing already allows that.
There are already IPv6-enabled mirrors. The issue is that
{ftplist1.,ftplist2.,''}openbsd.org doesn't have IPv6, so it can't fetch
a list of them.
Re: AAAA entry for openbsd.org
On Mon, Oct 23, 2023 at 07:58:08AM +0200, Armin Jenewein wrote: > No idea what you perceive here as a "rant", my apologies if that seemed > like one to you, that's not my intention. > > FWIW both ftplist1.openbsd.org and ftplist2.openbsd.org have no > entry, either. > > I don't see what I need to prove here. That's 3 hosts already that don't > have an DNS record, so if you're on an IPv6-only link, you can't > access these. I didn't check ALL the mirrors that the installer has in > the list, but the one popping up in my list as ftp.spline.de doesn't > have one, either, so that's just number four. > > With prices for IPv4 addresses are starting to increase, it surprises me > that this is still such a heated topic. Nobody asks about removing > IPv4-connectivity here. Nobody wants to break functionaly for v4-only > users. > > I did try installing OpenBSD in v6-only networks, yes. On an IPv6-only > host it doesn't even suggest a mirror to download from. > > My initial mail was about this one here, nevertheless: > > $ ping6 openbsd.org > ping6: no address associated with name > $ > > The fact that all the other hosts I mentioned are v4-only doesn't change > that situation in any way. I think ipv6 just expand attack surface for the services for very little benefit, if you're really interested in fixing installation case, maybe patch for the installer will be the right direction
Re: AAAA entry for openbsd.org
Martin Schröder wrote: > Am Mo., 23. Okt. 2023 um 17:14 Uhr schrieb Theo de Raadt > : > > Martin Schröder wrote: > > > > > Am Mo., 23. Okt. 2023 um 16:54 Uhr schrieb Theo de Raadt > > > : > > > > So many, many words demanding that I configure my networks for ipv6. > > > > > > "is there any reason openbsd.org still has no entry at the end of > > > 2023?" > > > > > > So the reason is "Theo doesn't want to configure his networks for v6"? > > > > Martin, what is the reason for your response? > > I'm using OpenBSD, I've configured my network for v6 and I think the > question is valid > and hasn't received an answer. And I would accept a simple "yes" as an > answer from you. Are you my boss? If you are not, what is your role here that allows you to speak to me like that?
Re: AAAA entry for openbsd.org
Am Mo., 23. Okt. 2023 um 17:14 Uhr schrieb Theo de Raadt : > Martin Schröder wrote: > > > Am Mo., 23. Okt. 2023 um 16:54 Uhr schrieb Theo de Raadt > > : > > > So many, many words demanding that I configure my networks for ipv6. > > > > "is there any reason openbsd.org still has no entry at the end of > > 2023?" > > > > So the reason is "Theo doesn't want to configure his networks for v6"? > > Martin, what is the reason for your response? I'm using OpenBSD, I've configured my network for v6 and I think the question is valid and hasn't received an answer. And I would accept a simple "yes" as an answer from you. Best Martin
Re: AAAA entry for openbsd.org
Martin Schröder wrote: > Am Mo., 23. Okt. 2023 um 16:54 Uhr schrieb Theo de Raadt > : > > So many, many words demanding that I configure my networks for ipv6. > > "is there any reason openbsd.org still has no entry at the end of 2023?" > > So the reason is "Theo doesn't want to configure his networks for v6"? Martin, what is the reason for your response?
Re: AAAA entry for openbsd.org
OpenBSD is a volunteer organization. If you want to volunteer to host an ipv6 mirror, I think the licensing already allows that. Please correct me if I'm wrong. Thanks, -- Raul On Mon, Oct 23, 2023 at 2:00 AM Armin Jenewein wrote: > > No idea what you perceive here as a "rant", my apologies if that seemed > like one to you, that's not my intention. > > FWIW both ftplist1.openbsd.org and ftplist2.openbsd.org have no > entry, either. > > I don't see what I need to prove here. That's 3 hosts already that don't > have an DNS record, so if you're on an IPv6-only link, you can't > access these. I didn't check ALL the mirrors that the installer has in > the list, but the one popping up in my list as ftp.spline.de doesn't > have one, either, so that's just number four. > > With prices for IPv4 addresses are starting to increase, it surprises me > that this is still such a heated topic. Nobody asks about removing > IPv4-connectivity here. Nobody wants to break functionaly for v4-only > users. > > I did try installing OpenBSD in v6-only networks, yes. On an IPv6-only > host it doesn't even suggest a mirror to download from. > > My initial mail was about this one here, nevertheless: > > $ ping6 openbsd.org > ping6: no address associated with name > $ > > The fact that all the other hosts I mentioned are v4-only doesn't change > that situation in any way. > > ~ Armin > > > > > On 23-10-22 19:29:28, Philip Guenther wrote: > > On Sun, Oct 22, 2023 at 6:53 PM Armin Jenewein wrote: > > > > > Hi. > > > > > > On 23-10-22 15:47:45, Kastus Shchuka wrote: > > > > On Sun, Oct 22, 2023 at 10:29:08PM +0200, Armin Jenewein wrote: > > > > > Hi, > > > > > > > > > > as I'm almost 100% sure adding IPv6 connectivity to the openbsd.org > > > > > host > > > > > wouldn't introduce side-effects for IPv4 users: is there any reason > > > > > openbsd.org still has no entry at the end of 2023? > > > > > > > > Why do you need it? > > > > > > Because it's extremely inconvenient to have manually type in the name of > > > a mirror that I know has an entry. The installer won't even be able > > > to download the mirror list because of the reason I mentioned. It tries > > > to talk to openbsd.org which obviously fails. > > > > > > See, this is why being clear about What Fine Problem You're Trying To Solve > > is important: AFAICT the installer tries to fetch the mirror list from > > ftplist1.openbsd.org and not from openbsd.org. > > > > Can you confirm that your _actual_ request is to have the installer be able > > to get the mirror list when on an IPv6-only host? > > > > (Please don't rant at people who try to help, particularly when doing > > exactly what you requested would NOT HAVE HELPED, unless you *want* people > > to drop you in their kill-file as "not worth trying to help".) > > > > > > Philip Guenther > > -- > > ,_^_. > \- -/ > \_/ \ Armin Jenewein > |O o | > |_ < ) 3 ) > / \ / > /-__,__-\ > > > > >
Re: AAAA entry for openbsd.org
Am Mo., 23. Okt. 2023 um 16:54 Uhr schrieb Theo de Raadt : > So many, many words demanding that I configure my networks for ipv6. "is there any reason openbsd.org still has no entry at the end of 2023?" So the reason is "Theo doesn't want to configure his networks for v6"? Best Martin
Re: AAAA entry for openbsd.org
So many, many words demanding that I configure my networks for ipv6. Armin Jenewein wrote: > No idea what you perceive here as a "rant", my apologies if that seemed > like one to you, that's not my intention. > > FWIW both ftplist1.openbsd.org and ftplist2.openbsd.org have no > entry, either. > > I don't see what I need to prove here. That's 3 hosts already that don't > have an DNS record, so if you're on an IPv6-only link, you can't > access these. I didn't check ALL the mirrors that the installer has in > the list, but the one popping up in my list as ftp.spline.de doesn't > have one, either, so that's just number four. > > With prices for IPv4 addresses are starting to increase, it surprises me > that this is still such a heated topic. Nobody asks about removing > IPv4-connectivity here. Nobody wants to break functionaly for v4-only > users. > > I did try installing OpenBSD in v6-only networks, yes. On an IPv6-only > host it doesn't even suggest a mirror to download from. > > My initial mail was about this one here, nevertheless: > > $ ping6 openbsd.org > ping6: no address associated with name > $ > > The fact that all the other hosts I mentioned are v4-only doesn't change > that situation in any way. > > ~ Armin > > > > > On 23-10-22 19:29:28, Philip Guenther wrote: > > On Sun, Oct 22, 2023 at 6:53 PM Armin Jenewein wrote: > > > > > Hi. > > > > > > On 23-10-22 15:47:45, Kastus Shchuka wrote: > > > > On Sun, Oct 22, 2023 at 10:29:08PM +0200, Armin Jenewein wrote: > > > > > Hi, > > > > > > > > > > as I'm almost 100% sure adding IPv6 connectivity to the openbsd.org > > > > > host > > > > > wouldn't introduce side-effects for IPv4 users: is there any reason > > > > > openbsd.org still has no entry at the end of 2023? > > > > > > > > Why do you need it? > > > > > > Because it's extremely inconvenient to have manually type in the name of > > > a mirror that I know has an entry. The installer won't even be able > > > to download the mirror list because of the reason I mentioned. It tries > > > to talk to openbsd.org which obviously fails. > > > > > > See, this is why being clear about What Fine Problem You're Trying To Solve > > is important: AFAICT the installer tries to fetch the mirror list from > > ftplist1.openbsd.org and not from openbsd.org. > > > > Can you confirm that your _actual_ request is to have the installer be able > > to get the mirror list when on an IPv6-only host? > > > > (Please don't rant at people who try to help, particularly when doing > > exactly what you requested would NOT HAVE HELPED, unless you *want* people > > to drop you in their kill-file as "not worth trying to help".) > > > > > > Philip Guenther > > -- > > ,_^_. > \- -/ > \_/ \ Armin Jenewein > |O o | > |_ < ) 3 ) > / \ / > /-__,__-\ > > > > >
Re: AAAA entry for openbsd.org
If you're looking for a mirror to install/update ftp.cc.uoc.gr runs on both IPv4/IPv6 and is listed in official mirrors. http://ftp.cc.uoc.gr/mirrors/OpenBSD/ G On 23/10/2023 08:58, Armin Jenewein wrote: > No idea what you perceive here as a "rant", my apologies if that seemed > like one to you, that's not my intention. > > FWIW both ftplist1.openbsd.org and ftplist2.openbsd.org have no > entry, either. > > I don't see what I need to prove here. That's 3 hosts already that don't > have an DNS record, so if you're on an IPv6-only link, you can't > access these. I didn't check ALL the mirrors that the installer has in > the list, but the one popping up in my list as ftp.spline.de doesn't > have one, either, so that's just number four. > > With prices for IPv4 addresses are starting to increase, it surprises me > that this is still such a heated topic. Nobody asks about removing > IPv4-connectivity here. Nobody wants to break functionaly for v4-only > users. > > I did try installing OpenBSD in v6-only networks, yes. On an IPv6-only > host it doesn't even suggest a mirror to download from. > > My initial mail was about this one here, nevertheless: > > $ ping6 openbsd.org > ping6: no address associated with name > $ > > The fact that all the other hosts I mentioned are v4-only doesn't change > that situation in any way. > > ~ Armin > > > > > On 23-10-22 19:29:28, Philip Guenther wrote: >> On Sun, Oct 22, 2023 at 6:53 PM Armin Jenewein wrote: >> >>> Hi. >>> >>> On 23-10-22 15:47:45, Kastus Shchuka wrote: >>>> On Sun, Oct 22, 2023 at 10:29:08PM +0200, Armin Jenewein wrote: >>>>> Hi, >>>>> >>>>> as I'm almost 100% sure adding IPv6 connectivity to the openbsd.org >>>>> host >>>>> wouldn't introduce side-effects for IPv4 users: is there any reason >>>>> openbsd.org still has no entry at the end of 2023? >>>> Why do you need it? >>> Because it's extremely inconvenient to have manually type in the name of >>> a mirror that I know has an entry. The installer won't even be able >>> to download the mirror list because of the reason I mentioned. It tries >>> to talk to openbsd.org which obviously fails. >> >> See, this is why being clear about What Fine Problem You're Trying To Solve >> is important: AFAICT the installer tries to fetch the mirror list from >> ftplist1.openbsd.org and not from openbsd.org. >> >> Can you confirm that your _actual_ request is to have the installer be able >> to get the mirror list when on an IPv6-only host? >> >> (Please don't rant at people who try to help, particularly when doing >> exactly what you requested would NOT HAVE HELPED, unless you *want* people >> to drop you in their kill-file as "not worth trying to help".) >> >> >> Philip Guenther
Re: AAAA entry for openbsd.org
No idea what you perceive here as a "rant", my apologies if that seemed like one to you, that's not my intention. FWIW both ftplist1.openbsd.org and ftplist2.openbsd.org have no entry, either. I don't see what I need to prove here. That's 3 hosts already that don't have an DNS record, so if you're on an IPv6-only link, you can't access these. I didn't check ALL the mirrors that the installer has in the list, but the one popping up in my list as ftp.spline.de doesn't have one, either, so that's just number four. With prices for IPv4 addresses are starting to increase, it surprises me that this is still such a heated topic. Nobody asks about removing IPv4-connectivity here. Nobody wants to break functionaly for v4-only users. I did try installing OpenBSD in v6-only networks, yes. On an IPv6-only host it doesn't even suggest a mirror to download from. My initial mail was about this one here, nevertheless: $ ping6 openbsd.org ping6: no address associated with name $ The fact that all the other hosts I mentioned are v4-only doesn't change that situation in any way. ~ Armin On 23-10-22 19:29:28, Philip Guenther wrote: > On Sun, Oct 22, 2023 at 6:53 PM Armin Jenewein wrote: > > > Hi. > > > > On 23-10-22 15:47:45, Kastus Shchuka wrote: > > > On Sun, Oct 22, 2023 at 10:29:08PM +0200, Armin Jenewein wrote: > > > > Hi, > > > > > > > > as I'm almost 100% sure adding IPv6 connectivity to the openbsd.org > > > > host > > > > wouldn't introduce side-effects for IPv4 users: is there any reason > > > > openbsd.org still has no entry at the end of 2023? > > > > > > Why do you need it? > > > > Because it's extremely inconvenient to have manually type in the name of > > a mirror that I know has an entry. The installer won't even be able > > to download the mirror list because of the reason I mentioned. It tries > > to talk to openbsd.org which obviously fails. > > > See, this is why being clear about What Fine Problem You're Trying To Solve > is important: AFAICT the installer tries to fetch the mirror list from > ftplist1.openbsd.org and not from openbsd.org. > > Can you confirm that your _actual_ request is to have the installer be able > to get the mirror list when on an IPv6-only host? > > (Please don't rant at people who try to help, particularly when doing > exactly what you requested would NOT HAVE HELPED, unless you *want* people > to drop you in their kill-file as "not worth trying to help".) > > > Philip Guenther -- ,_^_. \- -/ \_/ \ Armin Jenewein |O o | |_ < ) 3 ) / \ / /-__,__-\
Re: AAAA entry for openbsd.org
On Sun, Oct 22, 2023 at 6:53 PM Armin Jenewein wrote: > Hi. > > On 23-10-22 15:47:45, Kastus Shchuka wrote: > > On Sun, Oct 22, 2023 at 10:29:08PM +0200, Armin Jenewein wrote: > > > Hi, > > > > > > as I'm almost 100% sure adding IPv6 connectivity to the openbsd.org > > > host > > > wouldn't introduce side-effects for IPv4 users: is there any reason > > > openbsd.org still has no entry at the end of 2023? > > > > Why do you need it? > > Because it's extremely inconvenient to have manually type in the name of > a mirror that I know has an entry. The installer won't even be able > to download the mirror list because of the reason I mentioned. It tries > to talk to openbsd.org which obviously fails. See, this is why being clear about What Fine Problem You're Trying To Solve is important: AFAICT the installer tries to fetch the mirror list from ftplist1.openbsd.org and not from openbsd.org. Can you confirm that your _actual_ request is to have the installer be able to get the mirror list when on an IPv6-only host? (Please don't rant at people who try to help, particularly when doing exactly what you requested would NOT HAVE HELPED, unless you *want* people to drop you in their kill-file as "not worth trying to help".) Philip Guenther
Re: AAAA entry for openbsd.org
On 23/10/23 11:51, Armin Jenewein wrote: Why do you need it? > Because it's extremely inconvenient to have manually type in the name of a mirror that I know has an entry. The installer won't even be able to download the mirror list because of the reason I mentioned. It tries to talk to openbsd.org which obviously fails. So the reason is as simple as "Because 2^32 IP addresses are not sufficient for over 8 millian humans.". I see no point in making the life of IPv6-only attached users harder here. Long-term, it may become necessary to do this as IPv4 address depletion bites further… but I think it's a bit disingenuous to equate the number of people to the number of IP addresses available. Humans do not have network interfaces (yet). The vast majority of IPv6-only users actually have some means of accessing IPv4 through carrier-grade NAT64. A short-term solution might be to download the installXX.img or installXX.iso images, which include the install sets so remove any need to select a mirror until such time as you have the system bootstrapped. That'll let you get 90% of the job done without IPv4 access. -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere.
Re: AAAA entry for openbsd.org
Hi. On 23-10-22 15:47:45, Kastus Shchuka wrote: > On Sun, Oct 22, 2023 at 10:29:08PM +0200, Armin Jenewein wrote: > > Hi, > > > > as I'm almost 100% sure adding IPv6 connectivity to the openbsd.org > > host > > wouldn't introduce side-effects for IPv4 users: is there any reason > > openbsd.org still has no entry at the end of 2023? > > Why do you need it? Because it's extremely inconvenient to have manually type in the name of a mirror that I know has an entry. The installer won't even be able to download the mirror list because of the reason I mentioned. It tries to talk to openbsd.org which obviously fails. So the reason is as simple as "Because 2^32 IP addresses are not sufficient for over 8 millian humans.". I see no point in making the life of IPv6-only attached users harder here. > > > > > This has likely be discussed in the past and OpenBSD does a good job > > for > > me on both servers and desktops running IPv6, but with IPv4 > > addresses > > becoming more and more expensive, I would love to have the option to > > deploy OpenBSD on IPv6-only hosts, even IPv6 only with NAT64 was no > > problem here - the installer defaults to do auto configuration for > > v4 > > only and by default doesn't even auto-configure v6, which surprised > > me, > > too, though. > > Nothing prevents you from installing ipv6-only hosts, just use mirrors > as installurl. That's simply harder as it needs to be. I'm convinced that the benefits of having entries outrule the disadvantages here - in fact I don't see any. > > Four out of six CDN mirrors listed on https://www.openbsd.org/ftp.html > have ipv6 addresses with appropriate DNS entries. > > -Kastus > I'm not even able to access the list of CDN mirrors on an IPv6-only hosts to find these - that makes not much sense to me. ~ Armin -- ,_^_. \- -/ \_/ \ Armin Jenewein |O o | |_ < ) 3 ) / \ / /-__,__-\
Re: AAAA entry for openbsd.org
On Sun, Oct 22, 2023 at 10:29:08PM +0200, Armin Jenewein wrote: > Hi, > > as I'm almost 100% sure adding IPv6 connectivity to the openbsd.org host > wouldn't introduce side-effects for IPv4 users: is there any reason > openbsd.org still has no entry at the end of 2023? Why do you need it? > > This has likely be discussed in the past and OpenBSD does a good job for > me on both servers and desktops running IPv6, but with IPv4 addresses > becoming more and more expensive, I would love to have the option to > deploy OpenBSD on IPv6-only hosts, even IPv6 only with NAT64 was no > problem here - the installer defaults to do auto configuration for v4 > only and by default doesn't even auto-configure v6, which surprised me, > too, though. Nothing prevents you from installing ipv6-only hosts, just use mirrors as installurl. Four out of six CDN mirrors listed on https://www.openbsd.org/ftp.html have ipv6 addresses with appropriate DNS entries. -Kastus
AAAA entry for openbsd.org
Hi, as I'm almost 100% sure adding IPv6 connectivity to the openbsd.org host wouldn't introduce side-effects for IPv4 users: is there any reason openbsd.org still has no entry at the end of 2023? This has likely be discussed in the past and OpenBSD does a good job for me on both servers and desktops running IPv6, but with IPv4 addresses becoming more and more expensive, I would love to have the option to deploy OpenBSD on IPv6-only hosts, even IPv6 only with NAT64 was no problem here - the installer defaults to do auto configuration for v4 only and by default doesn't even auto-configure v6, which surprised me, too, though. Anything I'm overlooking here? Is there a technical reason to keep these things v4-only? ~ Armin -- ,_^_. \- -/ \_/ \ Armin Jenewein |O o | |_ < ) 3 ) / \ / /-__,__-\
