Re: IPv6 and DNS
Andrew McGlashan andrew.mcglas...@affinityvision.com.au wrote: ... or is it the following ok? Firewalling, ala IPCop's port forwarding setup. That is, we have a firewall in IPCop (or similar) and outside access to ANY internal machine is still restricted by what is port forwarded? If yes, then I am sure that would be fine. You can use ip6tables on the firewall to restrict access to the machines on the internal network as tightly as desired. For example, you could deny everything by default, then selectively allow established connections and incoming traffic for certain protocols. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/j15o4k$uc8$1...@dough.gmane.org
Re: IPv6 and DNS
Johan Kullstam kullstj...@verizon.net writes: […] My ISP does not offer IPv6. With a static IPv4 address, setting up 6to4 is as simple as adding a bit to interfaces(5), like: ## An 6to4 tunnel auto 6to4 iface 6to4 inet6 v4tunnel ## IPv4 address: 192.0.2.34 ## $ printf 2002:%x%02x:%x%02x::1\\n 192 0 2 34 address 2002:c000:222::1 netmask 16 local192.0.2.34 endpoint 0.0.0.0 ## Use the following 6to4 gateway (anycast) if it works gateway ::192.88.99.1 ## Use an HE.NET router if it doesn't # gateway ::216.66.80.98 ## Mark our routes not explicitly configured as unreachable post-up ip route add unreachable $IF_ADDRESS/48 || true post-down ip route del unreachable $IF_ADDRESS/48 || true ## AIUI, IPv6 forwarding cannot be enabled on a per-interface basis # post-up sysctl -w net.ipv6.conf.$IFACE.forwarding=1 (Don't forget # ifup -a after the edits are done.) Or, a 6in4 tunnel may be requested at http://tunnelbroker.net/. The relevant interfaces(5) bit would be like: ## A he.net 6in4 tunnel auto he-ipv6 iface he-ipv6 inet6 v4tunnel address 2001:db8:1234:5678::2 netmask 64 ## Local IPv4 address local192.0.2.34 ## Remote IPv4 address (that of the 6in4 router) endpoint 192.0.2.211 gateway 2001:db8:1234:5678::1 ## Add unreachable's as appropriate # post-up ip route add unreachable 2001:db8:1234:4200/56 || true # post-down ip route del unreachable 2001:db8:1234:4200/56 || true ## AIUI, IPv6 forwarding cannot be enabled on a per-interface basis # post-up sysctl -w net.ipv6.conf.$IFACE.forwarding=1 Should the IPv4 address be dynamic (but not NAT'ed, RFC 1918 one), simply installing Miredo (# apt-get install miredo) would give one a single IPv6 address. And in the case of NAT'ed IPv4, it's still possible to register for a free-of-charge tunnel service at http://sixxs.net/ and use AICCU (# apt-get install aiccu.) -- FSF associate member #7257 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/86mxg8xfay@gray.siamics.net
Re: IPv6 and DNS
On Jul 21, 2011, at 3:29 AM, Ivan Shmakov wrote: Johan Kullstam kullstj...@verizon.net writes: […] My ISP does not offer IPv6. And in the case of NAT'ed IPv4, it's still possible to register for a free-of-charge tunnel service at http://sixxs.net/ and use AICCU (# apt-get install aiccu.) This (SIXXS) is what I use at home. It works a treat for me. Easy to set up. Easy to use. Fully connected to the IPv6 internet. Rick -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/ef9e9f22-e686-4ab6-a285-1afe47680...@pobox.com
Re: IPv6 and DNS
Rick Thomas rbtho...@pobox.com writes: On Jul 19, 2011, at 6:13 PM, John Hasler wrote: Go Linux writes: How is [IPv6] going to work on DIALUP! I wrote: Just fine. What makes you think it wouldn't? Johan Kullstam writes: The fact that it doesn't work anywhere else? :- Works fine here. Here too. What kind of problems are you having, Johan? My ISP does not offer IPv6. -- Johan KULLSTAM -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87ei1ksgch@emmy.axel.nom
Re: IPv6 and DNS
John Hasler jhas...@debian.org writes: Go Linux writes: How is [IPv6] going to work on DIALUP! Just fine. What makes you think it wouldn't? The fact that it doesn't work anywhere else? :- -- John Hasler -- Johan KULLSTAM -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87zkkandh0@emmy.axel.nom
Re: IPv6 and DNS
Go Linux writes: How is [IPv6] going to work on DIALUP! I wrote: Just fine. What makes you think it wouldn't? Johan Kullstam writes: The fact that it doesn't work anywhere else? :- Works fine here. -- John Hasler -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87hb6hvryz@thumper.dhh.gt.org
Re: IPv6 and DNS
On Jul 19, 2011, at 6:13 PM, John Hasler wrote: Go Linux writes: How is [IPv6] going to work on DIALUP! I wrote: Just fine. What makes you think it wouldn't? Johan Kullstam writes: The fact that it doesn't work anywhere else? :- Works fine here. Here too. What kind of problems are you having, Johan? Rick -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4c618f70-431f-42fc-8c91-383a45896...@pobox.com
Re: IPv6 and DNS
William Hopkins (we.hopk...@gmail.com on 2011-07-12 17:29 -0400): On 07/12/11 at 08:50pm, Arno Schuring wrote: As of this moment, it is not recommended to run IPv6-only networks, dual-stack is preferred. Not in the least because most of the Internet is not yet reachable over v6 (sadly...). The best way to go forward is to get IPv6 running in basic mode first (autoconfiguration), and then start moving more services on IPv6 once you feel confident -- but take a *good* look at firewalling rules before you do so. Who doesn't recommend it? It's almost impossible at this moment, but not recommended not to if you can. Ok, fair enough. Let's rephrase that as I wouldn't recommend you to go IPv6-only right now, because most of the Internet still operates on IPv4 and going IPv6-only is almost impossible at this moment. And just because you have to keep IPv4 around to reach non-IPv6 internet resources is *no reason* to ignore the perfectly working native IPv6 solutions to OPs problems. I wasn't ignoring them, see the rest of my message. Regards, Arno -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110714142547.7f65f...@neminis.loos.site
Re: IPv6 and DNS
On Thu, Jul 14, 2011 at 02:25:47PM +0200, Arno Schuring wrote: William Hopkins (we.hopk...@gmail.com on 2011-07-12 17:29 -0400): On 07/12/11 at 08:50pm, Arno Schuring wrote: As of this moment, it is not recommended to run IPv6-only networks, dual-stack is preferred. Not in the least because most of the Internet is not yet reachable over v6 (sadly...). The best way to go forward is to get IPv6 running in basic mode first (autoconfiguration), and then start moving more services on IPv6 once you feel confident -- but take a *good* look at firewalling rules before you do so. Who doesn't recommend it? It's almost impossible at this moment, but not recommended not to if you can. Ok, fair enough. Let's rephrase that as I wouldn't recommend you to go IPv6-only right now, because most of the Internet still operates on IPv4 and going IPv6-only is almost impossible at this moment. I think it's fair to say that it's entirely possible today if you use DNS64/NAT64 proxying to make the IPv4 internet visible on your IPv6 network. Your entire network can then be IPv6 only with the exception of the machine acting as the gateway to the IPv4 world. The tools to do this should be available in Debian, e.g. tayga, pdns. All you need to do is install them on a single machine with dual stack networking. Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `-GPG Public Key: 0x25BFB848 Please GPG sign your mail. signature.asc Description: Digital signature
Re: IPv6 and DNS
Hello, pe...@chubb.wattle.id.au a écrit : This is the killer for me. I want to be able to plug something into the network (usually an embedded board, with no console), and then be able to ssh to it by name. [...] With stateless configuration, there is no log of what is assigned, and there is no way for an authoritative agent (i.e., dhcpd for IPV4) to update the DNS tables. And the IPv6 security extensions mean that one cannot predict the IPV6 address from the known MAC address. *Privacy* extensions, not security. AFAIK, privacy extensions just provide options for SLAAC to create extra IPv6 addresses not based on the MAC address and use them as default source address for outgoing communications. The IPv6 address based on the MAC address still exists and is usable for incoming - and outgoing - connections. In fact, there's no straightfoward way to tell that something's plugged into the network and is now addressable. DHCP isn't reliable either. The device could have been unplugged at any time since the last lease. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e1d4f27.5000...@plouf.fr.eu.org
Re: IPv6 and DNS
Hi, Rick Thomas wrote: +) It can be nice to be able to bypass the ISP-imposed NAT. You can SSH directly into your home server without messing around with port mapping. This has a security downside, of course, but the convenience is nice. Yes, but that can be a huge negative too. Any machine that can be gotten to directly must have a good firewall installed and if any service is compromised, then there is a potential inside attack point for your network. ... or is it the following ok? Firewalling, ala IPCop's port forwarding setup. That is, we have a firewall in IPCop (or similar) and outside access to ANY internal machine is still restricted by what is port forwarded? If yes, then I am sure that would be fine. But if it is no, then I can see some potentially huge vulnerabilities opening up for those using IPv6. Some services belong in a DMZ, but even then you have to be concerned with what risk ANY compromised service can bring to other services / machines in the DMZ. Many using 3G USB modems are opening themselves up to abuse if (by default) having their machines directly connected to the Internet. Any machine that is directly accessible via the Internet _must_ have suitable security, ie a restrictive firewall at least. I can just imagine all the Windows laptops (well, not just Windows, but hey), becoming owned just because they are using a 3G USB modem directly on their machine without a firewall -- this will be amplified for those on ANY network that has open slather via IPv6 addressing. -- Kind Regards AndrewM Andrew McGlashan Broadband Solutions now including VoIP -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e1d77fb.5000...@affinityvision.com.au
Re: IPv6 and DNS
On 13/07/11 02:30, Laurence Hurst wrote:
On Tue, Jul 12, 2011 at 04:09:27PM +0100, Scott Ferguson wrote:
Why not just use a single host file on your firewall/router?
snipped
^^^
I addition I need forward and reverse host-name lookups to function
correctly across a variety of platforms which is easily achieved by
running my own internal DNS with little more effort than a static
hosts file which I then have to copy around a dozen machines (and
spend time wondering why stuff broke when I forget one!).
Just brush up on your reading skills and that problem will vanish. ;-p
I can think of a number of large networks that don't run internal DNS
servers - dynamic addresses are a pain to manage on a large scale, and
static addresses make DNS servers redundant on most private networks.
But them my motivation is not to increase the workload for the network
monkeys (I mean - valued, value-adding staff) :-D
I am curious, if I wanted to translate my IPv4 configuration
into an IPv6 world; � * I know there's a lot of talk about
IPv6's wonderful auto-configuration eliminating the need for
DHCP but how does this work with a static DNS setup?
Read the internode links - the tunnel makes that redundant.
Pretty much the same as the example above - just substitute an
IPv6 address. Debian is just waiting for you to feed it IPv6, ditto
for Windows 7, not so much for OSX, dunno about your embedded
devices.
From what I've read the auto-configured address is NOT guaranteed
to be identical each time a machine is connected to the network
(e.g. turned on after being powered off for a period of time), just
unique to the network at the time it is configured. While in
practice IF the mac address of the NIC is used to generate the IPv6
address it may be the same,
A static address assigned by MAC is the same process whether by IPv4,5,
or 6.
Dynamic addressing is randomising.
the RFC[0] simply states it will be generated from an interface
identifier and makes specific reference to instances where the
identifier is not a hardware address which means that although
current convention seems to be to use the MAC address this is not
guaranteed. If the addresses are not guaranteed to be static
between connections to the network then surely a local static DNS
(or, indeed, hosts file) cannot guarantee to be reliable?
[0] http://tools.ietf.org/html/rfc4862
I believe you've misinterpreted the context their. None of your concerns
were validated by the trials I looked at during IPv6 day where very
large WANs ran native IPv6 - but then those networks don't allow dynamic
addresses (or bluetooth, or wireless). Again - I'd encourage you to read
the internode guides I linked rather than just one of over a dozen RFCs,
which only cover the basics.
snip /
� * In the DHCP-less world, how would clients discover the
local DNS suffix (e.g. (fictitous) internal.home.my.tld)?
hostname?
/hosts file?
\hosts file?
\lmhosts file?
And - what DHCP-less world?
It will depend on what methods your ISP provides
I'm talking about DNS which exists entirely within my private network
and has nothing to do with my isp. Currently my DHCP server hands out
my DNS server's details and the search domain (for the sake of
argument 'internal.home.my.tld). The configured clients then use my
DNS for all their DNS lookups - my server is configured to be
authoritative for hosts on my network, within my subdomain
('internal.home.my.tld') and for reverse lookups on 192.168.0.0/24
addresses (and on it's other subnets, but let's not over-complicate
here) and forwards any other request upstream to my ISPs DNS servers.
It's the DNS bit contained in my network that I'm unclear on.
It's your network - you can make it as complicated as you want. But if
you have a compelling reason to use DHCP to hand out dynamic addresses
I've missed it. A central hosts file and static addresses make the
question redundant.
But it's really too early to determine what can be done with what
the ISPs will provide, until the ISPs provide it.
For some current real world implementations try:-
http://ipv6.internode.on.net/configuration/
http://ipv6.internode.on.net/access/tunnel-broker/
NOTE: your region and ISPs may offer different implementations, I
don't know how relevant the examples of Internode are as I've only
compared them to iiNet's offerings. As discussed in another thread
the big ISPs in my country have no plans for IPv6 in the
forseeable future. As in $43 billion for a National Broadband
network that doesn't support IPv6 :-(
snip /
snipped
Indeed, I think a lot of this is still to be figured out (there maybe
a spec but how the large corporations choose to interpret it may
have knock on impact for the rest of us).
Hence the links to real-world implementations for users like yourself
I am more interested from an experimental point of
Re: IPv6 and DNS
On Wed, Jul 13, 2011 at 12:09:45PM +0100, Scott Ferguson wrote: On 13/07/11 02:30, Laurence Hurst wrote: On Tue, Jul 12, 2011 at 04:09:27PM +0100, Scott Ferguson wrote: Why not just use a single host file on your firewall/router? snipped ^^^ I addition I need forward and reverse host-name lookups to function correctly across a variety of platforms which is easily achieved by running my own internal DNS with little more effort than a static hosts file which I then have to copy around a dozen machines (and spend time wondering why stuff broke when I forget one!). Just brush up on your reading skills and that problem will vanish. ;-p Ah, yes I did misread what you were suggesting. For my current setup my way works for me, your way works for you. My setup at home is also very similar to that of a number of companies I work for, which is handy for experimentation (say, look at how IPv6 might integrate with and eventually replace the IPv4 infrastructure) ;-) I can think of a number of large networks that don't run internal DNS servers - dynamic addresses are a pain to manage on a large scale, and static addresses make DNS servers redundant on most private networks. But them my motivation is not to increase the workload for the network monkeys (I mean - valued, value-adding staff) :-D I'm still going to disagree with you on this point - user's expect to be able to plug in a machine and it just work without faffing around with setting IP/Subnet/Gateway/DNS/local domain settings (or getting the network monkeys to do it for them). I also worked for a company which had static addresses and the amount of time changing the settings on every single network connected device on the 2 occasions we had to change the router and/or DNS settings was measured in days - had we been using DHCP it would have been a 30s change to the config at the end of the day and the clients would most likely all be working next morning having renewed their leases and got the updated configuration at the same time. At lot of this depends on your (and mine!) users and environment. I think, from what I've read, this goes away with IPv6 whereby even if I statically configure the interfaces address it will still use the route-discovery to find the router and DNS server so infrastructure changes are picked up automatically (after a period of time) without the need to change every connected hosts settings (as was the case with a static IPv4 setup). snip / Pretty much the same as the example above - just substitute an IPv6 address. Debian is just waiting for you to feed it IPv6, ditto for Windows 7, not so much for OSX, dunno about your embedded devices. From what I've read the auto-configured address is NOT guaranteed to be identical each time a machine is connected to the network (e.g. turned on after being powered off for a period of time), just unique to the network at the time it is configured. While in practice IF the mac address of the NIC is used to generate the IPv6 address it may be the same, A static address assigned by MAC is the same process whether by IPv4,5, or 6. Dynamic addressing is randomising. I think we're talking at cross purposes here. I am specifically referring to stateless auto-configuration which the current most common convention, for IPv6, is to use the MAC address for the but this is not guaranteed and I have specific references to other methods being used whereby a given NIC does not always auto-configure to the same address each time it is connected to the same network. the RFC[0] simply states it will be generated from an interface identifier and makes specific reference to instances where the identifier is not a hardware address which means that although current convention seems to be to use the MAC address this is not guaranteed. If the addresses are not guaranteed to be static between connections to the network then surely a local static DNS (or, indeed, hosts file) cannot guarantee to be reliable? [0] http://tools.ietf.org/html/rfc4862 I believe you've misinterpreted the context their. None of your concerns were validated by the trials I looked at during IPv6 day where very large WANs ran native IPv6 - but then those networks don't allow dynamic addresses (or bluetooth, or wireless). Again - I'd encourage you to read the internode guides I linked rather than just one of over a dozen RFCs, which only cover the basics. Again I think we're talking cross purposes. My interest is purely in how IPv6 will operate within a private network. Assuming my ISP allocated me a range of addresses how I go about managing that range within the networks which exist in my house (or an organisation). In terms of a smallish network I'm repeatedly being told that stateless auto-configuration makes DHCP redundant (which it clearly does as far as
Re: IPv6 and DNS
Le mercredi 13 juillet 2011 à 20:48 +1000, Andrew McGlashan a écrit : Hi, [...] Many using 3G USB modems are opening themselves up to abuse if (by default) having their machines directly connected to the Internet. Any machine that is directly accessible via the Internet _must_ have suitable security, ie a restrictive firewall at least. I can just imagine all the Windows laptops (well, not just Windows, but hey), becoming owned just because they are using a 3G USB modem directly on their machine without a firewall -- this will be amplified for those on ANY network that has open slather via IPv6 addressing. NAT-like security may be enabled with 2 rules on the router/firewall ISPs send to their customers. ip6tables -A INPUT -i wan -m state --state ESTABLISHED,RELATED -j ACCEPT ip6tables -A INPUT -i wan -j DROP Actually you need to accept some icmpv6 packets, then we need another rule ;) If ISPs sent their modem/box/router/whatever properly configured (default configuration disallowing incoming connections), there is no more security issues than with the ipv4/NAT setup. -- Bastien Durel -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1310558568.2356.24.camel@data-dev4
Re: IPv6 and DNS
What I've wanted is for avahi-daemon to do dynamic DNS updates into forward and reverse based upon what it sees on the network. Or have radvd do this. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/6678.1310570...@marajade.sandelman.ca
Re: IPv6 and DNS
On Wed, Jul 13, 2011 at 11:23:00AM -0400, Michael Richardson wrote: What I've wanted is for avahi-daemon to do dynamic DNS updates into forward and reverse based upon what it sees on the network. Or have radvd do this. It does that mdns update fine. I'be ssh'ed to server.local via IPv6 and last etc say I've connected from client.local That's only useful for the local network of course. - Craig -- Craig Small VK2XLZhttp://www.enc.com.au/ csmall at : enc.com.au Debian GNU/Linux http://www.debian.org/ csmall at : debian.org GPG fingerprint: 1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110713230017.ga29...@enc.com.au
Re: IPv6 and DNS
On 14/07/11 01:00, Craig Small wrote: On Wed, Jul 13, 2011 at 11:23:00AM -0400, Michael Richardson wrote: What I've wanted is for avahi-daemon to do dynamic DNS updates into forward and reverse based upon what it sees on the network. Or have radvd do this. It does that mdns update fine. I'be ssh'ed to server.local via IPv6 and last etc say I've connected from client.local That's only useful for the local network of course. But mDNS is not DNS reached in multicast, it is a totally differnt protocol, limited to local LAN, which is not sufficient. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e1e2f17.9030...@rail.eu.org
IPv6 and DNS
Hi folks, I notice a couple of other IPv6 related questions on this list so I hope this isn't too far of topic... I currently have an IPv4-only network (192.168.0.0/24 behind a NAT firewall/router) at home which includes a variety of systems (Windows, Debian, OSX and some embedded devices). All of these devices support IPv4 DHCP so the least painful and most reliable method of configuring them with hostnames has been to run my own DHCP server and DNS with static mappings for most of the devices (I do not allow dynamic updating of the DNS) including reverse DNS. I am curious, if I wanted to translate my IPv4 configuration into an IPv6 world; * I know there's a lot of talk about IPv6's wonderful auto-configuration eliminating the need for DHCP but how does this work with a static DNS setup? * Would I need to use DHCP6 and DNS, or auto-configuration and allow dynamic DNS updating (assuming IPv6's router discovery allows the clients to discover and update the DNS themselves)? * Would I have to trust the clients to update their own DNS records (I don't at the moment)? * In the DHCP-less world, how would clients discover the local DNS suffix (e.g. (fictitous) internal.home.my.tld)? As I'm sure you can see I've got a whole load of questions and no compelling answers so I hope that some of the well informed folks on this list might be willing to point me in something approximating the right direction! Cheers, Laurence -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110712105439.ga68...@diss-84-211.lut.ac.uk
Re: IPv6 and DNS
--- On Tue, 7/12/11, Laurence Hurst l.a.hu...@lboro.ac.uk wrote: From: Laurence Hurst l.a.hu...@lboro.ac.uk Subject: IPv6 and DNS To: debian-user@lists.debian.org Date: Tuesday, July 12, 2011, 5:54 AM Hi folks, I notice a couple of other IPv6 related questions on this list so I hope this isn't too far of topic... I currently have an IPv4-only network (192.168.0.0/24 behind a NAT firewall/router) at home which includes a variety of systems (Windows, Debian, OSX and some embedded devices). All of these devices support IPv4 DHCP so the least painful and most reliable method of configuring them with hostnames has been to run my own DHCP server and DNS with static mappings for most of the devices (I do not allow dynamic updating of the DNS) including reverse DNS. I am curious, if I wanted to translate my IPv4 configuration into an IPv6 world; * I know there's a lot of talk about IPv6's wonderful auto-configuration eliminating the need for DHCP but how does this work with a static DNS setup? * Would I need to use DHCP6 and DNS, or auto-configuration and allow dynamic DNS updating (assuming IPv6's router discovery allows the clients to discover and update the DNS themselves)? * Would I have to trust the clients to update their own DNS records (I don't at the moment)? * In the DHCP-less world, how would clients discover the local DNS suffix (e.g. (fictitous) internal.home.my.tld)? As I'm sure you can see I've got a whole load of questions and no compelling answers so I hope that some of the well informed folks on this list might be willing to point me in something approximating the right direction! Cheers, Laurence And I'd like to add an IPV6 question to which I have not found an answer . . . How is it going to work on DIALUP!!! At least I have a good internal hardware modem . . . -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1310478368.8750.yahoomailclas...@web59506.mail.ac4.yahoo.com
Re: IPv6 and DNS
On Tue, Jul 12, 2011 at 06:46:08AM -0700, Go Linux wrote: --- On Tue, 7/12/11, Laurence Hurst l.a.hu...@lboro.ac.uk wrote: And I'd like to add an IPV6 question to which I have not found an answer . . . How is it going to work on DIALUP!!! At least I have a good internal hardware modem . . . The same way it works for IPv4? PPP is a link layer protocol, on a par with Ethernet or ADSL (in fact, ADSL /uses/ PPP to transport data between your router and the DSLAM). It doesn't really care what data is being transported, so there should be no problem using IPv6 on a dial-up modem. The problem you do face is not a technical one, but rather a financial/business one. You would need to find either an ISP who provides native IPv6 (rare at the moment) and does so on dial-up lines or alternatively, use a tunnel broker such as HE.net or SIXXS.net to be your IPv6 endpoint in their stead. -- Paul Saunders signature.asc Description: Digital signature
Re: IPv6 and DNS
Go Linux writes: How is [IPv6] going to work on DIALUP! Just fine. What makes you think it wouldn't? -- John Hasler -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/8762n71rfi@thumper.dhh.gt.org
Re: IPv6 and DNS
On 12/07/11 23:46, Go Linux wrote: --- On Tue, 7/12/11, Laurence Hurst l.a.hu...@lboro.ac.uk wrote: From: Laurence Hurst l.a.hu...@lboro.ac.uk Subject: IPv6 and DNS To: debian-user@lists.debian.org Date: Tuesday, July 12, 2011, 5:54 AM Hi folks, I notice a couple of other IPv6 related questions on this list so I hope this isn't too far of topic... I currently have an IPv4-only network (192.168.0.0/24 behind a NAT firewall/router) at home which includes a variety of systems (Windows, Debian, OSX and some embedded devices). All of these devices support IPv4 DHCP so the least painful and most reliable method of configuring them with hostnames has been to run my own DHCP server and DNS with static mappings for most of the devices (I do not allow dynamic updating of the DNS) including reverse DNS. Why not just use a single host file on your firewall/router? DHCP always seems like overkill for equipment you own. eg. reserve static addresses 192.168.0.2-10 for your machines, 192.168.10-20 for people who regularly bring machines onto your network (LAN parties, your mums computer when it needs fixing etc) and use DHCP for 192.168.0.30-40 for irregularly connected machines. I'm simplifying - you probably have at least a Green zone, which would we setup up similar to the above example, and an Orange for webserver/s - where you definitely want static addresses eg 192.168.1.2-10, and a Blue zone for wireless devices eg 192.168.2.2-10, with maybe 192.168.2.11-20 as dynamic. Your router/firewall would then be 192.168.0.1 for the Green gateway, 192.168.1.1 for the Orange, and 192.168.2.1 for the Blue. Your name resolution would be fast, the load on your DHCP server minimal, and pinholes and portforwarding would be simple and easy to maintain. I am curious, if I wanted to translate my IPv4 configuration into an IPv6 world; � * I know there's a lot of talk about IPv6's wonderful auto-configuration eliminating the need for DHCP but how does this work with a static DNS setup? Pretty much the same as the example above - just substitute an IPv6 address. Debian is just waiting for you to feed it IPv6, ditto for Windows 7, not so much for OSX, dunno about your embedded devices. Hopefully someone with experience will correct my statements about those OS's and support - or you could consult isc.org and wikipedia ;-p � * Would I need to use DHCP6 and DNS, or auto-configuration and allow dynamic DNS updating (assuming IPv6's router discovery allows the clients to discover and update the DNS themselves)? Not unless you want to make it more complicated than it needs to be. � * Would I have to trust the clients to update their own DNS records (I don't at the moment)? See above. � * In the DHCP-less world, how would clients discover the local DNS suffix (e.g. (fictitous) internal.home.my.tld)? It will depend on what methods your ISP provides But it's really too early to determine what can be done with what the ISPs will provide, until the ISPs provide it. For some current real world implementations try:- http://ipv6.internode.on.net/configuration/ http://ipv6.internode.on.net/access/tunnel-broker/ NOTE: your region and ISPs may offer different implementations, I don't know how relevant the examples of Internode are as I've only compared them to iiNet's offerings. As discussed in another thread the big ISPs in my country have no plans for IPv6 in the forseeable future. As in $43 billion for a National Broadband network that doesn't support IPv6 :-( As I'm sure you can see I've got a whole load of questions and no compelling answers so I hope that some of the well informed folks on this list might be willing to point me in something approximating the right direction! Cheers, Laurence And I'd like to add an IPV6 question to which I have not found an answer . . . How is it going to work on DIALUP!!! At least I have a good internal hardware modem . . . Fortunately neither of you have got to worry about that for a while :-) When the majority of sites and ISPs move to IPv6 it'll be dual-stacks and tunnels for some time - maybe not out of respect for your investment in dial-up modems but there's a lot of big ticket telco equipment (and other gear) owned by influential companies that won't natively support IPv6. I'd hesitantly suggest not buying IPv6 equipment until it's absolutely necessary - both for price and feature reasons. Cheers -- What did moths bump into before the electric light bulb was invented? Boy, the lightbulb really screwed the moth up didn't it? Are there moths on their way to the sun now going, It's gonna be worth it! ~ Bill Hicks -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e1c63a7.4040...@gmail.com
Re: IPv6 and DNS
On Tue, Jul 12, 2011 at 04:09:27PM +0100, Scott Ferguson wrote:
Why not just use a single host file on your firewall/router? DHCP
always seems like overkill for equipment you own.
eg. reserve static addresses 192.168.0.2-10 for your machines,
192.168.10-20 for people who regularly bring machines onto your network
(LAN parties, your mums computer when it needs fixing etc) and use DHCP
for 192.168.0.30-40 for irregularly connected machines.
I'm simplifying - you probably have at least a Green zone, which would
we setup up similar to the above example, and an Orange for webserver/s
- where you definitely want static addresses eg 192.168.1.2-10, and a
Blue zone for wireless devices eg 192.168.2.2-10, with maybe
192.168.2.11-20 as dynamic.
Your router/firewall would then be 192.168.0.1 for the Green gateway,
192.168.1.1 for the Orange, and 192.168.2.1 for the Blue.
Your name resolution would be fast, the load on your DHCP server
minimal, and pinholes and portforwarding would be simple and easy to
maintain.
That as may be, my current setup works very well for me and to date has been
reliable. I addition I need forward and reverse host-name lookups to function
correctly across a variety of platforms which is easily achieved by running my
own internal DNS with little more effort than a static hosts file which I then
have to copy around a dozen machines (and spend time wondering why stuff broke
when I forget one!).
I am curious, if I wanted to translate my IPv4
configuration into an IPv6 world;
� * I know there's a lot of talk about IPv6's
wonderful auto-configuration eliminating the need for DHCP
but how does this work with a static DNS setup?
Pretty much the same as the example above - just substitute an IPv6
address. Debian is just waiting for you to feed it IPv6, ditto for
Windows 7, not so much for OSX, dunno about your embedded devices.
From what I've read the auto-configured address is NOT guaranteed to be
identical each time a machine is connected to the network (e.g. turned on
after being powered off for a period of time), just unique to the network at
the time it is configured. While in practice IF the mac address of the NIC is
used to generate the IPv6 address it may be the same, the RFC[0] simply states
it will be generated from an interface identifier and makes specific
reference to instances where the identifier is not a hardware address which
means that although current convention seems to be to use the MAC address this
is not guaranteed. If the addresses are not guaranteed to be static between
connections to the network then surely a local static DNS (or, indeed, hosts
file) cannot guarantee to be reliable?
[0] http://tools.ietf.org/html/rfc4862
snip /
� * In the DHCP-less world, how would clients
discover the local DNS suffix (e.g. (fictitous)
internal.home.my.tld)?
It will depend on what methods your ISP provides
I'm talking about DNS which exists entirely within my private network and has
nothing to do with my isp. Currently my DHCP server hands out my DNS server's
details and the search domain (for the sake of argument 'internal.home.my.tld).
The configured clients then use my DNS for all their DNS lookups - my server is
configured to be authoritative for hosts on my network, within my subdomain
('internal.home.my.tld') and for reverse lookups on 192.168.0.0/24 addresses
(and on it's other subnets, but let's not over-complicate here) and forwards
any other request upstream to my ISPs DNS servers. It's the DNS bit contained
in my network that I'm unclear on.
But it's really too early to determine what can be done with what the
ISPs will provide, until the ISPs provide it.
For some current real world implementations try:-
http://ipv6.internode.on.net/configuration/
http://ipv6.internode.on.net/access/tunnel-broker/
NOTE: your region and ISPs may offer different implementations, I don't
know how relevant the examples of Internode are as I've only compared
them to iiNet's offerings. As discussed in another thread the big ISPs
in my country have no plans for IPv6 in the forseeable future. As in $43
billion for a National Broadband network that doesn't support IPv6 :-(
snip /
Fortunately neither of you have got to worry about that for a while :-)
When the majority of sites and ISPs move to IPv6 it'll be dual-stacks
and tunnels for some time - maybe not out of respect for your investment
in dial-up modems but there's a lot of big ticket telco equipment (and
other gear) owned by influential companies that won't natively support IPv6.
I'd hesitantly suggest not buying IPv6 equipment until it's absolutely
necessary - both for price and feature reasons.
Indeed, I think a lot of this is still to be figured out (there maybe a spec
but how the large corporations choose to interpret it may have knock on
impact for the rest of us). I am more interested from an experimental point of
view. I am only
Re: IPv6 and DNS
Laurence Hurst (l.a.hu...@lboro.ac.uk on 2011-07-12 11:54 +0100): Hi folks, I notice a couple of other IPv6 related questions on this list so I hope this isn't too far of topic... [..] I am curious, if I wanted to translate my IPv4 configuration into an IPv6 world; As of this moment, it is not recommended to run IPv6-only networks, dual-stack is preferred. Not in the least because most of the Internet is not yet reachable over v6 (sadly...). The best way to go forward is to get IPv6 running in basic mode first (autoconfiguration), and then start moving more services on IPv6 once you feel confident -- but take a *good* look at firewalling rules before you do so. * I know there's a lot of talk about IPv6's wonderful auto-configuration eliminating the need for DHCP but how does this work with a static DNS setup? It can work in multiple ways: - keep your static DNS setup on IPv4 only - configure your servers with static IPv6 addresses (as v4) - configure your DHCPv6 server with static leases (as v4) It is worth pointing out that IPv6 has no problems with multiple addresses for the same device, so you can assign static addresses and use autoconfiguration at the same time. * Would I need to use DHCP6 and DNS, or auto-configuration and allow dynamic DNS updating (assuming IPv6's router discovery allows the clients to discover and update the DNS themselves)? You don't *need* anything as long as your IPv4 network is still operational. * Would I have to trust the clients to update their own DNS records (I don't at the moment)? I'm not sure if there is a spec yet for Dynamic DNS Updates for IPv6. Heck, the v4 version has not even been formalized yet. * In the DHCP-less world, how would clients discover the local DNS suffix (e.g. (fictitous) internal.home.my.tld)? http://tools.ietf.org/html/rfc6106 caveat: I don't know how good tool support for this standard is. For example, Router Advertisements are handled by the kernel directly but the kernel does not write to /etc/resolv.conf. Regards, Arno -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110712205001.07798...@neminis.loos.site
Re: IPv6 and DNS
On Jul 12, 2011, at 12:30 PM, Laurence Hurst wrote: I am only aware of using DHCP with DNS to achieve what I currently do wrt reliable, cross-device, forward and reverse host lookups but was wondering if there was a way to take advantage of IPv6's stateless configuration to get the same end. Looking at the research I've done so far it's not looking good since the stateless addresses are not guaranteed - I found one document referring to Windows specifically randomising IPv6 addresses rather than using the MAC (no idea if this is default or configurable). H Laurence, I've been doing essentially this (what you propose) for over a year, using a tunnel from SIXXS. What I've found is: +) Stateless automatic address configuration (SLAAC) works OK on all the platforms I've tried it on (MacOS-X, Windows Vista and XP, Debian and CentOS Linux). By works I mean A unique IPv6 address is assigned and people can connect to and from that address. +) SLAAC does not interact automatically with DNS or DHCP/DHCPv6. That's up to you. +) Manually entering IPv6 addresses into DHCPv6 or DNS tables is no harder than the same job for IPv4 addresses. The only difference is that the addresses involved are not assigned by you, the admin -- they are the addresses discovered by SLAAC. +) Addresses assigned by SLAAC are permanent enough for most purposes. If you swap NIC cards around a lot for some reason, this would change; but I'm having a hard time imagining a SO/HO network where you would do that. +) Getting your reverse DNS (IPv6 address - name) supported outside of your home network is difficult/impossible. It's no problem, of course, *inside* the home network where you control the DNS server. [**] +) Getting global (outside the home network) forward DNS (name - IPv6 address) support is easy. I use PairNIC, but almost any registrar will provide the service for a reasonable fee. +) It can be nice to be able to bypass the ISP-imposed NAT. You can SSH directly into your home server without messing around with port mapping. This has a security downside, of course, but the convenience is nice. +) Essentially everything I used to do with IPv4, I've been able to do the same with IPv6. One exception is installing software. Even the Debian installer exclusively over IPv6 is a work in progress. I haven't tried it with CentOS, but I expect Debian is ahead of them. Microsoft or Apple, forget it! On the other hand, once you have an OS installed, apt and aptitude work just fine over IPv6. +) I haven't experimented with doing IPv6 firewalls yet, but that's a project I do plan on exploring soon. Have fun! It's a big new world out there! Rick [**] I haven't found a good free way to do reverse DNS outside the home network (either sense of free -- or even proprietary but inexpensive, for that matter!). I'd love to hear from anyone who has! -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/b118254f-3abc-4670-8e7d-f5db216d3...@pobox.com
Re: IPv6 and DNS
On 07/12/11 at 08:50pm, Arno Schuring wrote: Laurence Hurst (l.a.hu...@lboro.ac.uk on 2011-07-12 11:54 +0100): Hi folks, I notice a couple of other IPv6 related questions on this list so I hope this isn't too far of topic... [..] I am curious, if I wanted to translate my IPv4 configuration into an IPv6 world; As of this moment, it is not recommended to run IPv6-only networks, dual-stack is preferred. Not in the least because most of the Internet is not yet reachable over v6 (sadly...). The best way to go forward is to get IPv6 running in basic mode first (autoconfiguration), and then start moving more services on IPv6 once you feel confident -- but take a *good* look at firewalling rules before you do so. Who doesn't recommend it? It's almost impossible at this moment, but not recommended not to if you can. And just because you have to keep IPv4 around to reach non-IPv6 internet resources is *no reason* to ignore the perfectly working native IPv6 solutions to OPs problems. -- Liam signature.asc Description: Digital signature
Re: IPv6 and DNS
On 2011-07-12T16:58:33-0400, Rick Thomas rbtho...@pobox.com wrote: +) Getting your reverse DNS (IPv6 address - name) supported outside of your home network is difficult/impossible. It's no problem, of course, *inside* the home network where you control the DNS server. [**] [...] [**] I haven't found a good free way to do reverse DNS outside the home network (either sense of free -- or even proprietary but inexpensive, for that matter!). I'd love to hear from anyone who has! Getting reverse DNS supported outside is easy if you use a Hurricane Electric tunnelbroker.net tunnel. They allow you to delegate reverse DNS lookups, so you can run your own authoritative DNS server for the reverse zones, or host it wherever. -- Kenyon Ralph signature.asc Description: Digital signature
Re: IPv6 and DNS
Rick == Rick Thomas rbtho...@pobox.com writes: Rick On Jul 12, 2011, at 12:30 PM, Laurence Hurst wrote: I am only aware of using DHCP with DNS to achieve what I currently do wrt reliable, cross-device, forward and reverse host lookups but was wondering if there was a way to take advantage of IPv6's stateless configuration to get the same end. Looking at the research I've done so far it's not looking good since the stateless addresses are not guaranteed - I found one document referring to Windows specifically randomising IPv6 addresses rather than using the MAC (no idea if this is default or configurable). Rick I've been doing essentially this (what you propose) for over a Rick year, using a tunnel from SIXXS. Rick What I've found is: Rick +) SLAAC does not interact automatically with DNS or Rick DHCP/DHCPv6. That's up to you. Rick +) Manually entering IPv6 addresses into DHCPv6 or DNS tables is Rick no harder than the same job for IPv4 addresses. The only Rick difference is that the addresses involved are not assigned by Rick you, the admin -- they are the addresses discovered by SLAAC. This is the killer for me. I want to be able to plug something into the network (usually an embedded board, with no console), and then be able to ssh to it by name. For IPv4, the dhcp client on the board requests a unique host-id, which is then automatically put into DNS using ddns. And I can track what it is by looking in the DHCPD logs if something goes wrong. With stateless configuration, there is no log of what is assigned, and there is no way for an authoritative agent (i.e., dhcpd for IPV4) to update the DNS tables. And the IPv6 security extensions mean that one cannot predict the IPV6 address from the known MAC address. In fact, there's no straightfoward way to tell that something's plugged into the network and is now addressable. Peter C -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/w4d3hfnjiq.wl%pe...@chubb.wattle.id.au
Re: Desplegando IPv6 (Era: DNS security extensions now available for Debian's zone entries)
El día 14 de mayo de 2011 16:23, Julio jul...@escomposlinux.org escribió: El 14/05/2011 18:47, Camaleón escribió: Por cierto, ¿sabéis de alguna herramienta que permita comprobar si un dispositivo con adaptador de red está preparado para funcionar sobre IPv6 o hay que ir mirando las hojas de especificaciones para cada uno de los aparatos? Pues quizás lo mas simple es que hagas un ping IPv6 a una máquina de prueba de tu red que conteste en IPv6. Y si quieres profundizar en el tema de tests y comprobaciones: http://blog.theliel.es/2011/02/la-muerte-de-ipv4-%C2%BFrealidad-o-ficcion-%C2%BFestas-preparado-aprendamos-ipv6-por-si-acaso.html Un saludo JulHer -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4dcee4c9.7040...@escomposlinux.org Pero el ping ipv6 no te servira de mucho si dicho dispositivo en su configuración tiene deshabilitado el soporte IPv6, la mejor manera hasta el día de hoy y que no falla, es buscar las especificaciones del dispositivo y en el fijarse si lo tiene o no. Saludos Cordiales. -- Roberto Quiñones Owner - Service Manager and System ACShell.NET – Internet Services robe...@acshell.net - www.acshell.net San Martin #311 Santiago – CL (Chile) +560981361713 -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/banlktin63kloncbjhc_k8jkrfmvgpmj...@mail.gmail.com
Re: Desplegando IPv6 (Era: DNS security extensions now available for Debian's zone entries)
El Sat, 14 May 2011 19:41:06 -0400, Francisco escribió: recordemos que los switches, hubs, y muchos otros dispositivos que trabajan en la capa 2 y 1 del modelo OSI no les importa lo que viaja a traves de ellos pues (son como si fueran repetidores a todos los puertos en el caso de los hub) y en el caso de los swiches son repetidores a puertos especificos del propio dispositivo. Ya, pero tengo algunos conmutadores de esos que se pueden configurar vía web (websmart) y a los que se les puede poner una IP :-? tampoco hay que cambiar la tarjeta de red que trabaja en capa 1 con lo cual si admiten IPv6 que esta en una capa superior del ya mensionado modelo OSI ¿Y los adaptadores de red que van con las impresoras u otros sistemas? No me queda claro... lo que si pudiera dar problemas son los ruoters que solo implementen IPv4 (pero se pueden cambiar por PC routers que implementen IPv6) las impresoras si estan conectadas a un PC con IPv6 no tienen problemas, a lo mejor ahi que hecer una pequenna modificacion al software que se usa. El problema es que las impresoras que tenemos tienen un adaptador de red independiente. los dispositivos que pueden dar problemas son los que implementan nativo IPv4, o sea que se conectan directo a los switches, como por ejemplo alguna Camnet(camara parecida a la Webcam pero que se conecta a un switch) Pues eso es lo que me temo, que los aparatos que tenemos no admiten IPv6 y voy a tener que mantener la doble pila hasta que no se reemplacen por equipos nuevos, pero eso puede tardar años... :-/ Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2011.05.15.07.59...@gmail.com
Re: Desplegando IPv6 (Era: DNS security extensions now available for Debian's zone entries)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 El 14/05/11 23:43, Camaleón escribió: Los ordenadores ya sé que no me van a dar problemas pero las impresoras, los switches, un sistema SAN, videograbadores... que actualmente tienen configurada una IP convencional (IPv4) pero no sé si admiten IPv6. Buff, pues me temo que vas a tener que leer las especificaciones de cada uno... o preguntarle al fabricante ya que seguramente por la política de cada cual algunos de esos equipos serán duales, otros actualizables, otros no... Pero no sé por qué me da la impresión de que todos los artículos que leo se centran en lo mismo (configuración de los servicios de la red) pero lo que más interesa ahora mismo es saber si podría pasar a IPv6 sin hacer transiciones, es decir, usar sólo el protocolo IPv6 o voy a tener que mantener un sistema dual debido a que algunos dispositivos no lo admiten. En mi opinión el doble stack nos lo vamos a comer con patatas si o si, entre otras cosas porque habrá un montón de equipos perfectamente capaces de hacer su trabajo y no los vamos a cambiar (debido al coste) sin más... Un saludo JulHer -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3P8/wACgkQN4Xu4S1+RItuQgCdFM4lAtTUEzq5X1SSIL0tUU5u MuEAoJpknP5PXBGVRmNEAlhbkSvFzhws =Drnk -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4dcff3fc.5010...@escomposlinux.org
Desplegando IPv6 (Era: DNS security extensions now available for Debian's zone entries)
El Fri, 13 May 2011 20:01:47 +0200, JulHer escribió: El 13/05/11 17:39, Camaleón escribió: Lástima que nuestros proveedores (y lo digo principalmente por nuestra querida Telefónica -alias Movistar-) no se pongan las pilas ni con esto ni con el ipv6... Camaleon, respecto al IPv6 te paso un enlace que aunque es muy viejo y no sé si seguirá funcionando el tema, quizás te interese: http://libertonia.escomposlinux.org/story/2003/12/10/211045/21 Hum... qué bueno. Y eso que lo escribiste hace ~8 años (por esa época estaba yo instalando mi primer linux y de IPv6 no había oído ni hablar). A mí me gustaría empezar a desplegar el IPv6 en algunos equipos de la red (o al menos en alguna VM) para ir probándolo pero es que sé que en el equipo donde lo configure me voy a quedar sin Internet porque Telefónica no me va a dar salida más que por IPv4 y aún no he visto una forma sencilla (sí, documentación hay para aburrir pero yo busco algo más práctico) de probarlo, bien a través de túneles o lo que sea que tenga implementado hoy en día Telefónica, pero no sé qué tendría que hacer yo como administrador (o como mero usuario) porque sé que los equipos de la red admiten IPv6 y los sistemas operativos están preparados para trabajar con IPv6, pero ¿y la salida a Internet? Eso ya no depende de mí sino de mi ISP ¿no? :-? Ayer mismo salía esta noticia: Telefónica acelera la migración hacia el IPv6 http://www.cincodias.com/articulo/empresas/Telefonica-acelera-migracion-IPv6/20110513cdscdiemp_18/ (...) El responsable de Telefónica I+D señaló que el objetivo de esa jornada es depurar los navegadores y los sistemas operativos para evitar fallos cuando se suban los contenidos al nuevo protocolo. Una vez que se resuelvan las incidencias, se empezarán a ofrecer los contenidos a los usuarios. ¿Quiere eso decir que hasta el mismo día 8 no hay forma de que podamos probar nada? El tortazo que nos podemos llevar ese día puede ser de fábula :-P Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2011.05.14.07.24...@gmail.com
Re: Desplegando IPv6 (Era: DNS security extensions now available for Debian's zone entries)
Hola: con IPv6, pero ¿y la salida a Internet? Eso ya no depende de mí sino de mi ISP ¿no? :-? si se puede tengo unos colegas que usan ipv6 desde hace años. Tunelizando ipv6 en un tunel ipv4. Existe una red ipv6 en europa a la que se accede por los tuneles. Por poder se puede eso sí, ni idea de como se implementa. Cuando llegue la necesidad pues habrá que ponerse las pilas saludos BasaBuru -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201105141041.41070.basab...@basatu.org
Re: Desplegando IPv6 (Era: DNS security extensions now available for Debian's zone entries)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 El 14/05/11 09:24, Camaleón escribió: A mí me gustaría empezar a desplegar el IPv6 en algunos equipos de la red (o al menos en alguna VM) para ir probándolo pero es que sé que en el equipo donde lo configure me voy a quedar sin Internet Lo normal es que el equipo donde pruebes tenga doble pila (IPv4 e IPv6) por lo que no deberías quedar sin Internet. Imagino que ya sabes que los sistemas Debian ya vienen así. yo busco algo más práctico) de probarlo, bien a través de túneles o lo que sea que tenga implementado hoy en día Telefónica, pero no sé qué tendría que hacer yo como administrador (o como mero usuario) porque sé que los equipos de la red admiten IPv6 y los sistemas operativos están preparados para trabajar con IPv6, pero ¿y la salida a Internet? Eso ya no depende de mí sino de mi ISP ¿no? :-? Los operadores diseñan un plan, harán pilotos, pruebas como la del día 8 de junio, y migrarán también soportando la doble pila si o si. Como usuario y administrador puedes probar a través de túnel. Si no funciona el de Telefónica del artículo pues busca otro y si que te dan salida a Internet sin que tu operador tenga nada que ver en el tema. Piensa que en la prueba todo tu tráfico v6 va encapsulado en paquetes v4 hasta el proveedor del tunel, el cual extrae el tráfico y lo mete en la Internet v6. OJO, en esa Internet v6 hay mucha menos gente que en la tradicional... ¿Quiere eso decir que hasta el mismo día 8 no hay forma de que podamos probar nada? El tortazo que nos podemos llevar ese día puede ser de fábula :-P La migración de un operador es muy compleja cuando hay planta instalada y requiere mucho tiempo y pruebas para minimizar el impacto del cambio. Además, que haya que mantener el IPv4 (millones de equipos de clientes no soportan el V6 y cambiarlos es una pasta) complica un poco más todo. Un saludo JulHer -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3OQnEACgkQN4Xu4S1+RIs/9gCeOh4IdjX+AwEtdgrAGhmRKc/2 EgkAoJfeGPoYLiASZ/dzHdRQrsbwZq8W =213V -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4dce4271.5080...@escomposlinux.org
Re: Desplegando IPv6 (Era: DNS security extensions now available for Debian's zone entries)
El Sat, 14 May 2011 10:50:57 +0200, JulHer escribió: El 14/05/11 09:24, Camaleón escribió: yo busco algo más práctico) de probarlo, bien a través de túneles o lo que sea que tenga implementado hoy en día Telefónica, pero no sé qué tendría que hacer yo como administrador (o como mero usuario) porque sé que los equipos de la red admiten IPv6 y los sistemas operativos están preparados para trabajar con IPv6, pero ¿y la salida a Internet? Eso ya no depende de mí sino de mi ISP ¿no? :-? Los operadores diseñan un plan, harán pilotos, pruebas como la del día 8 de junio, y migrarán también soportando la doble pila si o si. Como usuario y administrador puedes probar a través de túnel. Si no funciona el de Telefónica del artículo pues busca otro y si que te dan salida a Internet sin que tu operador tenga nada que ver en el tema. Parece que la web oficial de España para conocer el estado de la implementación de IPv6 es esta: http://www.ipv6.es/es-ES/Paginas/Index.aspx Pero sigo sin ver un apartado que diga: Quiero empezar a salir por Internet a través de IPv6 ¿Qué tengo que hacer?, nada, todo es teoría, manuales sobre el funcionamiento, requisitos y ya está. En cuanto a usar un túnel, he visto que hay 3 proveedores: http://en.wikipedia.org/wiki/List_of_IPv6_tunnel_brokers#Worldwide Pero todos requieren registro... juvar :-( Piensa que en la prueba todo tu tráfico v6 va encapsulado en paquetes v4 hasta el proveedor del tunel, el cual extrae el tráfico y lo mete en la Internet v6. OJO, en esa Internet v6 hay mucha menos gente que en la tradicional... Aparentemente el día de la prueba no hay que hacer nada, sólo va a servir a los ISP para que prueben sus equipos y sus túneles, etc... pero a mí me gustaría plantearme ya el cambio a IPv6 en la red de la empresa, aunque antes voy a tener que ver si los switches y las impresoras soportan IPv6. Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2011.05.14.11.55...@gmail.com
Re: Desplegando IPv6 (Era: DNS security extensions now available for Debian's zone entries)
El Sat, 14 May 2011 11:55:01 + (UTC) Camaleón noela...@gmail.com va dir: El Sat, 14 May 2011 10:50:57 +0200, JulHer escribió: El 14/05/11 09:24, Camaleón escribió: yo busco algo más práctico) de probarlo, bien a través de túneles o lo que sea que tenga implementado hoy en día Telefónica, pero no sé qué tendría que hacer yo como administrador (o como mero usuario) porque sé que los equipos de la red admiten IPv6 y los sistemas operativos están preparados para trabajar con IPv6, pero ¿y la salida a Internet? Eso ya no depende de mí sino de mi ISP ¿no? :-? Los operadores diseñan un plan, harán pilotos, pruebas como la del día 8 de junio, y migrarán también soportando la doble pila si o si. Como usuario y administrador puedes probar a través de túnel. Si no funciona el de Telefónica del artículo pues busca otro y si que te dan salida a Internet sin que tu operador tenga nada que ver en el tema. Parece que la web oficial de España para conocer el estado de la implementación de IPv6 es esta: http://www.ipv6.es/es-ES/Paginas/Index.aspx Pero sigo sin ver un apartado que diga: Quiero empezar a salir por Internet a través de IPv6 ¿Qué tengo que hacer?, nada, todo es teoría, manuales sobre el funcionamiento, requisitos y ya está. En cuanto a usar un túnel, he visto que hay 3 proveedores: http://en.wikipedia.org/wiki/List_of_IPv6_tunnel_brokers#Worldwide Pero todos requieren registro... juvar :-( Piensa que en la prueba todo tu tráfico v6 va encapsulado en paquetes v4 hasta el proveedor del tunel, el cual extrae el tráfico y lo mete en la Internet v6. OJO, en esa Internet v6 hay mucha menos gente que en la tradicional... Aparentemente el día de la prueba no hay que hacer nada, sólo va a servir a los ISP para que prueben sus equipos y sus túneles, etc... pero a mí me gustaría plantearme ya el cambio a IPv6 en la red de la empresa, aunque antes voy a tener que ver si los switches y las impresoras soportan IPv6. Saludos, I que tu router también lo soporte, si es que usas router. apa, suerte -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2011.05.14.11.55...@gmail.com -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110514173327.8a5d3cf2.hub...@telefonica.net
Re: Desplegando IPv6 (Era: DNS security extensions now available for Debian's zone entries)
El Sat, 14 May 2011 17:33:27 +0200, hubble escribió: El Sat, 14 May 2011 11:55:01 + (UTC) Camaleón noela...@gmail.com va dir: El Sat, 14 May 2011 10:50:57 +0200, JulHer escribió: (...) Piensa que en la prueba todo tu tráfico v6 va encapsulado en paquetes v4 hasta el proveedor del tunel, el cual extrae el tráfico y lo mete en la Internet v6. OJO, en esa Internet v6 hay mucha menos gente que en la tradicional... Aparentemente el día de la prueba no hay que hacer nada, sólo va a servir a los ISP para que prueben sus equipos y sus túneles, etc... pero a mí me gustaría plantearme ya el cambio a IPv6 en la red de la empresa, aunque antes voy a tener que ver si los switches y las impresoras soportan IPv6. I que tu router también lo soporte, si es que usas router. apa, suerte Si usas un túnel no es necesario que el router/modem ADSL tenga soporte de IPv6 ya que el tráfico permanece en IPv4 hasta el último tramo, pero eso ya es problema del ISP, que se las apañe como pueda ;-) Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2011.05.14.15.43...@gmail.com
Re: Desplegando IPv6 (Era: DNS security extensions now available for Debian's zone entries)
El Sat, 14 May 2011 15:43:02 + (UTC) Camaleón noela...@gmail.com va dir: El Sat, 14 May 2011 17:33:27 +0200, hubble escribió: El Sat, 14 May 2011 11:55:01 + (UTC) Camaleón noela...@gmail.com va dir: El Sat, 14 May 2011 10:50:57 +0200, JulHer escribió: (...) Piensa que en la prueba todo tu tráfico v6 va encapsulado en paquetes v4 hasta el proveedor del tunel, el cual extrae el tráfico y lo mete en la Internet v6. OJO, en esa Internet v6 hay mucha menos gente que en la tradicional... Aparentemente el día de la prueba no hay que hacer nada, sólo va a servir a los ISP para que prueben sus equipos y sus túneles, etc... pero a mí me gustaría plantearme ya el cambio a IPv6 en la red de la empresa, aunque antes voy a tener que ver si los switches y las impresoras soportan IPv6. I que tu router también lo soporte, si es que usas router. apa, suerte Si usas un túnel no es necesario que el router/modem ADSL tenga soporte de IPv6 ya que el tráfico permanece en IPv4 hasta el último tramo, pero eso ya es problema del ISP, que se las apañe como pueda ;-) Bueno si, ahora sí, pero tarde o temprano deberas salir por ipv6 sin tunel, no? Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2011.05.14.15.43...@gmail.com -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110514182548.6b8e8639.hub...@telefonica.net
Re: Desplegando IPv6 (Era: DNS security extensions now available for Debian's zone entries)
El Sat, 14 May 2011 18:25:48 +0200, hubble escribió: El Sat, 14 May 2011 15:43:02 + (UTC) Camaleón noela...@gmail.com va dir: Aparentemente el día de la prueba no hay que hacer nada, sólo va a servir a los ISP para que prueben sus equipos y sus túneles, etc... pero a mí me gustaría plantearme ya el cambio a IPv6 en la red de la empresa, aunque antes voy a tener que ver si los switches y las impresoras soportan IPv6. I que tu router también lo soporte, si es que usas router. apa, suerte Si usas un túnel no es necesario que el router/modem ADSL tenga soporte de IPv6 ya que el tráfico permanece en IPv4 hasta el último tramo, pero eso ya es problema del ISP, que se las apañe como pueda ;-) Bueno si, ahora sí, pero tarde o temprano deberas salir por ipv6 sin tunel, no? Hombre, espero que para ese día Movistar haya sido tan amable de facilitarlos un routercico con soporte de IPv6. De hecho, están obligados a hacerlo (a facilitarlo, digo) sí o sí... y de hecho, así lo hicieron cuando nos pasaron de ADSL a ADSL2+, todo hay que decirlo :-) Por cierto, ¿sabéis de alguna herramienta que permita comprobar si un dispositivo con adaptador de red está preparado para funcionar sobre IPv6 o hay que ir mirando las hojas de especificaciones para cada uno de los aparatos? Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2011.05.14.16.47...@gmail.com
Re: Desplegando IPv6 (Era: DNS security extensions now available for Debian's zone entries)
El 14/05/2011 18:47, Camaleón escribió: Por cierto, ¿sabéis de alguna herramienta que permita comprobar si un dispositivo con adaptador de red está preparado para funcionar sobre IPv6 o hay que ir mirando las hojas de especificaciones para cada uno de los aparatos? Pues quizás lo mas simple es que hagas un ping IPv6 a una máquina de prueba de tu red que conteste en IPv6. Y si quieres profundizar en el tema de tests y comprobaciones: http://blog.theliel.es/2011/02/la-muerte-de-ipv4-%C2%BFrealidad-o-ficcion-%C2%BFestas-preparado-aprendamos-ipv6-por-si-acaso.html Un saludo JulHer -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4dcee4c9.7040...@escomposlinux.org
Re: Desplegando IPv6 (Era: DNS security extensions now available for Debian's zone entries)
El Sat, 14 May 2011 22:23:37 +0200, Julio escribió: El 14/05/2011 18:47, Camaleón escribió: Por cierto, ¿sabéis de alguna herramienta que permita comprobar si un dispositivo con adaptador de red está preparado para funcionar sobre IPv6 o hay que ir mirando las hojas de especificaciones para cada uno de los aparatos? Pues quizás lo mas simple es que hagas un ping IPv6 a una máquina de prueba de tu red que conteste en IPv6. ¿Cómo? Los ordenadores ya sé que no me van a dar problemas pero las impresoras, los switches, un sistema SAN, videograbadores... que actualmente tienen configurada una IP convencional (IPv4) pero no sé si admiten IPv6. Y si quieres profundizar en el tema de tests y comprobaciones: http://blog.theliel.es/2011/02/la-muerte-de-ipv4-%C2%BFrealidad-o-ficcion-%C2%BFestas-preparado-aprendamos-ipv6-por-si-acaso.html Gracias. Pero no sé por qué me da la impresión de que todos los artículos que leo se centran en lo mismo (configuración de los servicios de la red) pero lo que más interesa ahora mismo es saber si podría pasar a IPv6 sin hacer transiciones, es decir, usar sólo el protocolo IPv6 o voy a tener que mantener un sistema dual debido a que algunos dispositivos no lo admiten. Saludos, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/pan.2011.05.14.21.43...@gmail.com
Re: Desplegando IPv6 (Era: DNS security extensions now available for Debian's zone entries)
El sáb, 14-05-2011 a las 21:43 +, Camaleón escribió: El Sat, 14 May 2011 22:23:37 +0200, Julio escribió: El 14/05/2011 18:47, Camaleón escribió: Por cierto, ¿sabéis de alguna herramienta que permita comprobar si un dispositivo con adaptador de red está preparado para funcionar sobre IPv6 o hay que ir mirando las hojas de especificaciones para cada uno de los aparatos? Pues quizás lo mas simple es que hagas un ping IPv6 a una máquina de prueba de tu red que conteste en IPv6. ¿Cómo? Los ordenadores ya sé que no me van a dar problemas pero las impresoras, los switches, un sistema SAN, videograbadores... que actualmente tienen configurada una IP convencional (IPv4) pero no sé si admiten IPv6. Y si quieres profundizar en el tema de tests y comprobaciones: http://blog.theliel.es/2011/02/la-muerte-de-ipv4-%C2% BFrealidad-o-ficcion-%C2% BFestas-preparado-aprendamos-ipv6-por-si-acaso.html Gracias. Pero no sé por qué me da la impresión de que todos los artículos que leo se centran en lo mismo (configuración de los servicios de la red) pero lo que más interesa ahora mismo es saber si podría pasar a IPv6 sin hacer transiciones, es decir, usar sólo el protocolo IPv6 o voy a tener que mantener un sistema dual debido a que algunos dispositivos no lo admiten. Saludos, -- Camaleón Hola todos recordemos que los switches, hubs, y muchos otros dispositivos que trabajan en la capa 2 y 1 del modelo OSI no les importa lo que viaja a traves de ellos pues (son como si fueran repetidores a todos los puertos en el caso de los hub) y en el caso de los swiches son repetidores a puertos especificos del propio dispositivo. tampoco hay que cambiar la tarjeta de red que trabaja en capa 1 con lo cual si admiten IPv6 que esta en una capa superior del ya mensionado modelo OSI lo que si pudiera dar problemas son los ruoters que solo implementen IPv4 (pero se pueden cambiar por PC routers que implementen IPv6) las impresoras si estan conectadas a un PC con IPv6 no tienen problemas, a lo mejor ahi que hecer una pequenna modificacion al software que se usa. los dispositivos que pueden dar problemas son los que implementan nativo IPv4, o sea que se conectan directo a los switches, como por ejemplo alguna Camnet(camara parecida a la Webcam pero que se conecta a un switch) Salu2 Francisco -- To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1305416486.10325.0.camel@Debian-Asus
Re: IPv4, IPv6 et DNS
Le 10 mars 2011 23:20, Stephane Bortzmeyer steph...@sources.org a écrit : On Thu, Mar 10, 2011 at 03:49:55PM +0100, La solution propre est d'éditer /etc/gai.conf pour dire que vous préférez IPv4. Cela peut même se faire réseau par réseau. Ici, par exemple, je dis que je veux faire de l'IPv6 avec 2001:660:3003::/48 et de l'IPv4 avec le reste du monde : # For testing purposes, always use IPv6 for AFNIC precedence 2001:660:3003::/48 200 # Otherwise, always prefer IPv4 precedence :::0:0/96 100 Cela fonctionne comme un charme. Merci à tous pour vos réponses ; j'ai bien gambergé, et il me reste encore à lire la RFC3484. -- David -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktikukhaeup-0hq1wbxrmr0hujkspbff+jw3s+...@mail.gmail.com
IPv4, IPv6 et DNS
Bonjour. Pour les besoins de mes développements, j'ai installé radvd sur un réseau local et je dispose donc d'adresses IPv6 globales pour les machines de ce réseau. Cependant, le routeur vers l'internet, lui, n'est pas configuré pour faire transiter de l'IPv6. Mon problème est que pour certains domaines, ma machine tente de se connecter en IPv6, puis seulement sur timeout en IPv4. J'observe cela notamment chez debian ou lorsque je récupère mon courriel depuis les serveurs d'OVH je crois. Cela ralentit déjà bien aptitude, offlineimap et imapfilter, mais c'est surtout nettement agaçant depuis firefox. De ce que je comprends, ma machine effectue deux requêtes DNS pour trouver un domaine ; A et . Le problème se pose lorsqu'il existe un enregistrement , auquel cas IPv6 est utilisé en premier lieu. J'ai recherché au niveau de resolv.conf une option pour empêcher de faire des requêtes de type mais je n'ai rien trouvé (il semble qu'il existe une telle option sur freebsd). Est-il possible de configurer ma machine pour arranger les choses. Ou au pire, est-ce qu'il est possible de corriger cela sur le serveur DNS local ? -- David -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktimhe6r5cmobsuck0supthzofyypor_1ibioh...@mail.gmail.com
Re: IPv4, IPv6 et DNS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le 10/03/2011 16:00, David Soulayrol a écrit : Mon problème est que pour certains domaines, ma machine tente de se connecter en IPv6, puis seulement sur timeout en IPv4. C'est le genre de problème que Google veut démontrer avec son IPv6 day. PDF qui mentionne exactement ton problème: http://ripe61.ripe.net/presentations/223-World_IPv6_day.pdf Si la chaîne IPv6 n'est pas intégralement gérée (du serveur jusqu'au client en passant par les FAI), la transition IPv4/IPv6 sera très douloureuse pour beaucoup, en praticulier sur la phase de mélange des 2 protocoles (ce qui semble ton cas). Pas grand chose à faire étant donné qu'il s'agit du comportement intégré aux piles TCP/IP donc trop bas niveau pour pouvoir être contourné, sinon passer en IPv6 de bout en bout, y compris ton FAI et tes routeurs. - -- Aeris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNeR+oAAoJEK8zQvxDY4P9jK4H/09rgov0U1JgFMmoTq78WEC/ 8Ux0PJPf8d1vNpwegyCGYnrGwXfQpqkMabfPAoMGkj9vfe81XwFOQVvdHIktOOb3 b5zsxMk08E9S/OzU86JCcTGGGVy6V77xc+CMq6PTpyeeVYR/GApDHhypYhSsGcr8 k/yPVmdhIkGo8F6/xGLl3gkeZIREIlfEPRryDGiOOTopCBALroKJ5i/YXd+T6FaU iYT474FChc7X90qN+/qqxpAspYmcRwyp4LOdRwdideIdB5x60I49OUA3C3Njyzrp mq3dfFaRWik7JwEppFLsB4EWaLBVaKcaRT1MMikZDkR29KjaMh0qww9qteDyFpU= =mZ60 -END PGP SIGNATURE- -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: http://lists.debian.org/4d791fae$0$1582$426a3...@news.free.fr
Re: IPv4, IPv6 et DNS
On Thu, Mar 10, 2011 at 03:49:55PM +0100, David Soulayrol david.soulay...@gmail.com wrote a message of 40 lines which said: Est-il possible de configurer ma machine pour arranger les choses. La solution propre est d'éditer /etc/gai.conf pour dire que vous préférez IPv4. Cela peut même se faire réseau par réseau. Ici, par exemple, je dis que je veux faire de l'IPv6 avec 2001:660:3003::/48 et de l'IPv4 avec le reste du monde : # For testing purposes, always use IPv6 for AFNIC precedence 2001:660:3003::/48 200 # Otherwise, always prefer IPv4 precedence :::0:0/96 100 Sur Debian, ce fichier est très bien documenté. Question lecture, voyez aussi, par exemple http://www.bortzmeyer.org/5220.html -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: http://lists.debian.org/20110310222016.ga26...@sources.org
Re: IPv4, IPv6 et DNS
On Thu, Mar 10, 2011 at 07:59:57PM +0100, Aéris ae...@imirhil.fr wrote a message of 43 lines which said: Pas grand chose à faire étant donné qu'il s'agit du comportement intégré aux piles TCP/IP donc trop bas niveau pour pouvoir être contourné, Mais non. Outre la solution propre du /etc/gai.conf, les applications peuvent parfaitement s'adapter : http://www.isc.org/community/blog/201101/how-to-connect-to-a-multi-homed-server-over-tcp -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: http://lists.debian.org/2011031005.gb26...@sources.org
Re: IPv4, IPv6 et DNS
Salut, David Soulayrol a écrit : Pour les besoins de mes développements, j'ai installé radvd sur un réseau local et je dispose donc d'adresses IPv6 globales pour les machines de ce réseau. Cependant, le routeur vers l'internet, lui, n'est pas configuré pour faire transiter de l'IPv6. Mon problème est que pour certains domaines, ma machine tente de se connecter en IPv6, puis seulement sur timeout en IPv4. J'observe cela notamment chez debian ou lorsque je récupère mon courriel depuis les serveurs d'OVH je crois. Cela ralentit déjà bien aptitude, offlineimap et imapfilter, mais c'est surtout nettement agaçant depuis firefox. De ce que je comprends, ma machine effectue deux requêtes DNS pour trouver un domaine ; A et . Le problème se pose lorsqu'il existe un enregistrement , auquel cas IPv6 est utilisé en premier lieu. Cela ne devrait pas poser de problème si les programmes se comportaient correctement, à savoir : La station envoie un paquet IPv6 au routeur par défaut défini dans les annonces émises par radvd. Si ce routeur n'a pas de route vers la destination, il renvoie immédiatement un message d'erreur ICPMv6 Destination Unreachable à la station. La pile IPv6 de de celle-ci remonte l'information à l'application émettrice qui essaie immédiatement avec l'adresse suivante. Il ne devrait pas y avoir de délai perceptible. En fait peu importe que la première soit une adresse IPv6 et la seconde une adresse IPv4, le principe serait le même avec deux adresses IPv4 en redondance. Mais effectivement j'observe comme toi un problème avec Firefox qui s'obstine à se connecter à l'adresse IPv6 très longtemps alors que la station reçoit un ICMPv6 Destination Unreachable à chaque fois. J'ai recherché au niveau de resolv.conf une option pour empêcher de faire des requêtes de type mais je n'ai rien trouvé (il semble qu'il existe une telle option sur freebsd). Est-il possible de configurer ma machine pour arranger les choses. Ou au pire, est-ce qu'il est possible de corriger cela sur le serveur DNS local ? Tu peux essayer d'ajouter une option AdvDefaultLifetime à 0 dans radvd.conf. Ainsi la machine ne devrait pas être considérée comme un routeur IPv6 par défaut, les stations recevant les RA ne devraient pas avoir de route IPv6 par défaut et ne devraient pas essayer de communiquer en IPv6 au-delà du réseau local. -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: http://lists.debian.org/4d795029.90...@plouf.fr.eu.org
Re: IPv4, IPv6 et DNS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le 10/03/2011 23:30, Stephane Bortzmeyer a écrit : Mais non. Outre la solution propre du /etc/gai.conf, les applications peuvent parfaitement s'adapter : http://www.isc.org/community/blog/201101/how-to-connect-to-a-multi-homed-server-over-tcp Ce qui n?est absolument pas à la portée des utilisateurs pour une utilisation classique. - -- Aeris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNeVZgAAoJEK8zQvxDY4P9lGQH/04p/0Te4ahgzHRokWMzPBfh R/5rC3BC3qAqcsX0uH6gpBhXp8qPRY3BaFBdYd9KxvXvmccQxEz1qec+san+1TQ6 XnFmfpx4OsQwPzssp6yh0Rb4uT0FzDC6WsAg8sxWJdJAPjIKpsEhG8lcoScrSmJ0 a06QOnAupQzY4Fxi2DHa5Caeh+q9PR0wUbOiksu1uYsSdOppkt7Dh48Lo0oaetpz KYT249pHn1WRuU12zfMGLGMtV2SzZJj9sqdlVus0zZyIhRLS0uGbhbYkUOFbkIFv rTi2CiUdhwFJvelmnfh96BI0GZ/Bu+URYWqXZD1Y1pphimt7I3ghK/PdfVG92kY= =Fc6Y -END PGP SIGNATURE- -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.org/fr/FrenchLists Pour vous DESABONNER, envoyez un message avec comme objet unsubscribe vers debian-user-french-requ...@lists.debian.org En cas de soucis, contactez EN ANGLAIS listmas...@lists.debian.org Archive: http://lists.debian.org/4d795667$0$7208$426a7...@news.free.fr
Re: IPv6 et DNS
On Thu, Jan 17, 2008 at 04:22:24PM +0100, Pascal Hambourg [EMAIL PROTECTED] wrote a message of 39 lines which said: A noter qu'à partir du 4 février 2008, quatre enregistrements d'adresse IPv6 de serveurs DNS racines seront ajoutées à la zone racine, Yargla, c'est fait. % dig NS . ; DiG 9.3.4 NS . ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 43457 ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 15 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 368422 IN NS I.ROOT-SERVERS.NET. . 368422 IN NS M.ROOT-SERVERS.NET. . 368422 IN NS G.ROOT-SERVERS.NET. . 368422 IN NS L.ROOT-SERVERS.NET. . 368422 IN NS C.ROOT-SERVERS.NET. . 368422 IN NS E.ROOT-SERVERS.NET. . 368422 IN NS H.ROOT-SERVERS.NET. . 368422 IN NS A.ROOT-SERVERS.NET. . 368422 IN NS D.ROOT-SERVERS.NET. . 368422 IN NS F.ROOT-SERVERS.NET. . 368422 IN NS K.ROOT-SERVERS.NET. . 368422 IN NS B.ROOT-SERVERS.NET. . 368422 IN NS J.ROOT-SERVERS.NET. ;; ADDITIONAL SECTION: K.ROOT-SERVERS.NET. 520103 IN A 193.0.14.129 K.ROOT-SERVERS.NET. 87977 IN 2001:7fd::1 L.ROOT-SERVERS.NET. 454832 IN A 199.7.83.42 M.ROOT-SERVERS.NET. 454832 IN A 202.12.27.33 A.ROOT-SERVERS.NET. 520082 IN A 198.41.0.4 A.ROOT-SERVERS.NET. 87977 IN 2001:503:ba3e::2:30 B.ROOT-SERVERS.NET. 520113 IN A 192.228.79.201 C.ROOT-SERVERS.NET. 454832 IN A 192.33.4.12 D.ROOT-SERVERS.NET. 454832 IN A 128.8.10.90 E.ROOT-SERVERS.NET. 454832 IN A 192.203.230.10 F.ROOT-SERVERS.NET. 520020 IN A 192.5.5.241 F.ROOT-SERVERS.NET. 87977 IN 2001:500:2f::f G.ROOT-SERVERS.NET. 454832 IN A 192.112.36.4 H.ROOT-SERVERS.NET. 454832 IN A 128.63.2.53 I.ROOT-SERVERS.NET. 454832 IN A 192.36.148.17 -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Vous pouvez aussi ajouter le mot ``spam'' dans vos champs From et Reply-To: To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 et DNS
Stephane Bortzmeyer a écrit : On Thu, Jan 17, 2008 at 04:22:24PM +0100, Pascal Hambourg [EMAIL PROTECTED] wrote a message of 39 lines which said: A noter qu'à partir du 4 février 2008, quatre enregistrements d'adresse IPv6 de serveurs DNS racines seront ajoutées à la zone racine, Yargla, c'est fait. Voui, j'ai vu et signalé dans fr.comp.reseaux.ip mais j'avais oublié que j'en avais parlé ici aussi. % dig NS . ; DiG 9.3.4 NS . ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 43457 ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 15 [...] Il manque trois et un A dans la section ADDITIONAL. Comme je disais dans frci, d'une part conformément à l'annonce de l'IANA [1] ce ne sont pas quatre mais six enregistrements qui ont finalement été ajoutés, et d'autre part la taille de la réponse complète dépassant désormais 512 octets, il aurait fallu envoyer la requête en EDNS ou en TCP pour que la réponse ne soit pas tronquée. [1] http://www.iana.org/reports/root--announcement.html -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Vous pouvez aussi ajouter le mot ``spam'' dans vos champs From et Reply-To: To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 et DNS
Le (on) samedi 19 janvier 2008 02:00, mouss a écrit (wrote) : mpg wrote: Tiens, je ne savais pas pour les DNS IPv6 chez free. Ou peut-on trouver plus d'infos à ce sujet ? Gougueule ne m'a pas vraiment aidé sur ce point... tu parles du DNS ou de l'adressage? Je parle des DNS : sinon j'aurais dit, tiens, je ne savais pas pour l'adressage ;-) pour le DNS, il n'y a rien à faire. tu testes ta config en faisant # host itojun.org et dans la réponse il doit y avoir une IPv6. Non. Comme l'a déjà expliqué un autre contributeur de la liste (flemme de rechercher), ça n'a rien à voir : ton pécé peut tout à fait avoir une simple pile IPv4, et parler avec un DNS dans le même cas, tout en ayant accès aux champs renseignés dans ce DNS. Croire le contraire revient à croire qu'on ne peut pas échanger des mails contenant le mot IPv6 sur un réseau IPv4 ! Bref, je ne savais pas que free fournissait des serveurs DNS accessibles en IPv6, et juste par curiosité, j'aimerais bien en lire plus sur le sujet (les IP des machines par exemple)... Manuel. -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Vous pouvez aussi ajouter le mot ``spam'' dans vos champs From et Reply-To: To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 et DNS
mpg a écrit : Tiens, je ne savais pas pour les DNS IPv6 chez free. Ou peut-on trouver plus d'infos à ce sujet ? Gougueule ne m'a pas vraiment aidé sur ce point... On en a parlé dans les forums de discussion de Free, proxad.free.*. Le communiqué de Free dit que les annonces RA émises par la Freebox contiennent non seulement le préfixe IPv6 qui sert à l'autoconfiguration sans état mais aussi une option RDNSS (cf. RFC 5006) avec les adresses IPv6 des deux serveurs DNS. Mais cette option étant récente, il faut avoir un noyau Linux 2.6.24 (actuellement en -rc8, bietôt publié en stable) au minimum ou bien patché ainsi qu'un démon rdnssd pour que cette option soit prise en compte (cf. http://rdnssd.linkfanel.net/ pour le patch et le démon). En attendant, le plus simple est de les mettre en dur dans /etc/resolv.conf : 2a01:5d8:e0ff::1 et 2a01:5d8:e0ff::2. -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Vous pouvez aussi ajouter le mot ``spam'' dans vos champs From et Reply-To: To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 et DNS
On Fri, Jan 18, 2008 at 02:36:20PM +0100, DUFRESNE, Mathias (STERIA) [EMAIL PROTECTED] wrote a message of 106 lines which said: Je sais bien qu'on a largement le temps avant un vrai déploiement de l'IPv6, Pas sûr. L'épuisement des adresses IPv4 étant prévu pour 2009 ou 2010 (http://www.ripe.net/ripe/meetings/ripe-55/presentations/huston-ipv4.pdf), la transition risque de devoir se faire de manière rapide et sans préparation. -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Vous pouvez aussi ajouter le mot ``spam'' dans vos champs From et Reply-To: To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 et DNS
Le (on) samedi 19 janvier 2008 13:40, Pascal Hambourg a écrit (wrote) : On en a parlé dans les forums de discussion de Free, proxad.free.*. Je ne suis que proxad.free.annonces, où il n'y a pas trop de traffic. Je devrais peut-être en lire un peu plus... Le communiqué de Free dit que les annonces RA émises par la Freebox contiennent non seulement le préfixe IPv6 qui sert à l'autoconfiguration sans état mais aussi une option RDNSS (cf. RFC 5006) avec les adresses IPv6 des deux serveurs DNS. Mais cette option étant récente, il faut avoir un noyau Linux 2.6.24 (actuellement en -rc8, bietôt publié en stable) au minimum ou bien patché ainsi qu'un démon rdnssd pour que cette option soit prise en compte (cf. http://rdnssd.linkfanel.net/ pour le patch et le démon). En attendant, le plus simple est de les mettre en dur dans /etc/resolv.conf : 2a01:5d8:e0ff::1 et 2a01:5d8:e0ff::2. Oki, donc pour l'instant ce sera plutôt en dur en effet. (Surtout pour la machine qui est en Etch, le 2.6.24 n'est pas pour tout de suite.) Merci pour les infos en tout cas ! Manuel. -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Vous pouvez aussi ajouter le mot ``spam'' dans vos champs From et Reply-To: To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: IPv6 et DNS
Salut, D'abord merci pour ces précisions : ) Sinon je ne suis pas certain de bien comprendre tout ce dont tu parles... Un DNS recursif, c'est un DNS avec une adresse au moins dans l'option forwarder ? En fait j'avais mon réseau se composait de mon desktop et d'un routeur sous GNU/Linux, ces deux machines ayant la double pile IPv4 et IPv6, le routeur avec bind9 était configuré pour renvoyer les requêtes qu'il ne pouvait résoudre chez les DNS Free, puisque c'est mon opérateur historique. Ceci dit, Free ne supporte pas l'IPv6, en tout cas sur ses réseaux, j'imagine que ses DNS ne sont pas configuré pour faire du forwarding de requêtes étant donné que ça n'a jamais marché, ou alors c'est qu'il aurait fallu que je mette autre chose que des IPv4 des l'option forwarder, ou que j'utilise une autre option. Je sais bien qu'on a largement le temps avant un vrai déploiement de l'IPv6, mais vu sa complexité et ses nombreux avantages, je suis d'avis à m'y mettre le plus tôt possible, afin d'avoir le temps d'y réfléchir :p Et bon, déjà l'IPv4 c'est pas drôle sans DNS? Mais sur 128 bits, c'est un cauchemar ^^ A+ Mathias -Original Message- From: Pascal Hambourg [mailto:[EMAIL PROTECTED] Sent: jeudi 17 janvier 2008 16:22 To: DUF Subject: Re: IPv6 et DNS Salut, DUFRESNE, Mathias (STERIA) a écrit : Salut, J'avais monté un petit tunnel avec sixxs pour l'IPv6 (pour apprendre seulement, pas par nécessité) mais j'avais bloqué sur la résolution DNS, je n'avais pas trouvé / compris quel serveur DNS il me fallait configurer dans les forwarder de bind (ou dans le resolv.conf, ça doit pas changer des masses). En clair : quels DNS pour l'IPv6 ? Ben... ceux du FAI/FSI, non ? N'importe quel DNS récursif bien constitué sait faire les résolutions de noms IPv6 (). Si le FAI ne fournit que des DNS accessibles en IPv4 et qu'il y a des postes en IPv6 seul, il faut installer un relais DNS en double pile IPv4+IPv6. BIND9 fait ça très bien. A noter qu'à partir du 4 février 2008, quatre enregistrements d'adresse IPv6 de serveurs DNS racines seront ajoutées à la zone racine, donc il devrait devenir possible pour un DNS récursif fonctionnant en IPv6 seulement de résoudre les noms de domaine dont chaque niveau est géré par au moins un serveur DNS accessible en IPv6. Mais il ne sera pas possible de résoudre tous les noms de domaine tant que tous les domaines ne seront pas gérés par au moins un serveur DNS accessible en IPv6, ce qui prendra beaucoup, beaucoup de temps. Ainsi l'adresse IPv6 d'un site dont le nom de domaine est géré par des serveurs accessibles uniquement en IPv4 restera inacessible. -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Vous pouvez aussi ajouter le mot ``spam'' dans vos champs From et Reply-To: To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] This mail has originated outside your organization, either from an external partner or the Global Internet. Keep this in mind if you answer this message. This e-mail is intended only for the above addressee. It may contain privileged information. If you are not the addressee you must not copy, distribute, disclose or use any of the information in it. If you have received it in error please delete it and immediately notify the sender. Security Notice: all e-mail, sent to or from this address, may be accessed by someone other than the recipient, for system management and security reasons. This access is controlled under Regulation of security reasons. This access is controlled under Regulation of Investigatory Powers Act 2000, Lawful Business Practises.
Re: IPv6 et DNS
DUFRESNE, Mathias (STERIA) wrote: Salut, D'abord merci pour ces précisions : ) Sinon je ne suis pas certain de bien comprendre tout ce dont tu parles... Un DNS recursif, c'est un DNS avec une adresse au moins dans l'option forwarder ? En fait j'avais mon réseau se composait de mon desktop et d'un routeur sous GNU/Linux, ces deux machines ayant la double pile IPv4 et IPv6, le routeur avec bind9 était configuré pour renvoyer les requêtes qu'il ne pouvait résoudre chez les DNS Free, puisque c'est mon opérateur historique. Ceci dit, Free ne supporte pas l'IPv6, en tout cas sur ses réseaux, j'imagine que ses DNS ne sont pas configuré pour faire du forwarding de requêtes étant donné que ça n'a jamais marché, ou alors c'est qu'il aurait fallu que je mette autre chose que des IPv4 des l'option forwarder, ou que j'utilise une autre option. Essaye # host itojun.org si tu vois: ... itojun.org has IPv6 address 2001:2f0:0:8800::1:1 ... alors, c'est bon. PS. Itojun est mort le 29 Octobre 2007. Paix sur son âme. Je sais bien qu'on a largement le temps avant un vrai déploiement de l'IPv6, mais vu sa complexité et ses nombreux avantages, je suis d'avis à m'y mettre le plus tôt possible, afin d'avoir le temps d'y réfléchir :p Et bon, déjà l'IPv4 c'est pas drôle sans DNS? Mais sur 128 bits, c'est un cauchemar ^^ -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Vous pouvez aussi ajouter le mot ``spam'' dans vos champs From et Reply-To: To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 et DNS
mpg wrote: Le (on) vendredi 18 janvier 2008 21:10, Pascal Hambourg a écrit (wrote) : Tu retardes, Free fournit un /64 et une connectivité IPv6 sur les Freebox dégroupées depuis la fin de l'année dernière, avec deux DNS IPv6 en prime, pour les machines en IPv6 seul sans IPv4. Certains ont même réussi à faire fonctionner l'IPv6 en non dégroupé. Tiens, je ne savais pas pour les DNS IPv6 chez free. Ou peut-on trouver plus d'infos à ce sujet ? Gougueule ne m'a pas vraiment aidé sur ce point... tu parles du DNS ou de l'adressage? pour l'adressage, il faut aller sur la console d'admin, ... fonctionnalité routeur ... autre et activer IPv6. pour le DNS, il n'y a rien à faire. tu testes ta config en faisant # host itojun.org et dans la réponse il doit y avoir une IPv6. -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Vous pouvez aussi ajouter le mot ``spam'' dans vos champs From et Reply-To: To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 et DNS
Le (on) vendredi 18 janvier 2008 21:10, Pascal Hambourg a écrit (wrote) : Tu retardes, Free fournit un /64 et une connectivité IPv6 sur les Freebox dégroupées depuis la fin de l'année dernière, avec deux DNS IPv6 en prime, pour les machines en IPv6 seul sans IPv4. Certains ont même réussi à faire fonctionner l'IPv6 en non dégroupé. Tiens, je ne savais pas pour les DNS IPv6 chez free. Ou peut-on trouver plus d'infos à ce sujet ? Gougueule ne m'a pas vraiment aidé sur ce point... Manuel. -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Vous pouvez aussi ajouter le mot ``spam'' dans vos champs From et Reply-To: To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 et DNS
DUFRESNE, Mathias (STERIA) a écrit : Un DNS recursif, c'est un DNS avec une adresse au moins dans l'option forwarder ? Non, pas forcément. Ça peut être un DNS qui fait les résolutions lui-même récursivement en partant de la zone racine (comme ce que fait 'dig +trace'). En fait j'avais mon réseau se composait de mon desktop et d'un routeur sous GNU/Linux, ces deux machines ayant la double pile IPv4 et IPv6, le routeur avec bind9 était configuré pour renvoyer les requêtes qu'il ne pouvait résoudre chez les DNS Free, puisque c'est mon opérateur historique. C'est fou ce que ça ressemble au réseau chez moi, excepté le FAI. ;-) Ceci dit, Free ne supporte pas l'IPv6, en tout cas sur ses réseaux, Tu retardes, Free fournit un /64 et une connectivité IPv6 sur les Freebox dégroupées depuis la fin de l'année dernière, avec deux DNS IPv6 en prime, pour les machines en IPv6 seul sans IPv4. Certains ont même réussi à faire fonctionner l'IPv6 en non dégroupé. j'imagine que ses DNS ne sont pas configuré pour faire du forwarding de requêtes étant donné que ça n'a jamais marché, ou alors c'est qu'il aurait fallu que je mette autre chose que des IPv4 des l'option forwarder, ou que j'utilise une autre option. Pardon ? La version d'IP (v4 ou v6) utilisée pour communiquer avec un serveur DNS n'a rien à voir avec le type de requêtes (A ou par exemple). Les machines en double pile peuvent tout-à-fait utiliser un serveur DNS IPv4 pour les requêtes . -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Vous pouvez aussi ajouter le mot ``spam'' dans vos champs From et Reply-To: To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 et DNS
Salut, DUFRESNE, Mathias (STERIA) a écrit : Salut, J'avais monté un petit tunnel avec sixxs pour l'IPv6 (pour apprendre seulement, pas par nécessité) mais j'avais bloqué sur la résolution DNS, je n'avais pas trouvé / compris quel serveur DNS il me fallait configurer dans les forwarder de bind (ou dans le resolv.conf, ça doit pas changer des masses). En clair : quels DNS pour l'IPv6 ? Ben... ceux du FAI/FSI, non ? N'importe quel DNS récursif bien constitué sait faire les résolutions de noms IPv6 (). Si le FAI ne fournit que des DNS accessibles en IPv4 et qu'il y a des postes en IPv6 seul, il faut installer un relais DNS en double pile IPv4+IPv6. BIND9 fait ça très bien. A noter qu'à partir du 4 février 2008, quatre enregistrements d'adresse IPv6 de serveurs DNS racines seront ajoutées à la zone racine, donc il devrait devenir possible pour un DNS récursif fonctionnant en IPv6 seulement de résoudre les noms de domaine dont chaque niveau est géré par au moins un serveur DNS accessible en IPv6. Mais il ne sera pas possible de résoudre tous les noms de domaine tant que tous les domaines ne seront pas gérés par au moins un serveur DNS accessible en IPv6, ce qui prendra beaucoup, beaucoup de temps. Ainsi l'adresse IPv6 d'un site dont le nom de domaine est géré par des serveurs accessibles uniquement en IPv4 restera inacessible. -- Lisez la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Vous pouvez aussi ajouter le mot ``spam'' dans vos champs From et Reply-To: To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
