Feeds

Adventures in Tech: Dive on in, the IPv6 is lovely

Blub blub blub, no really it's great

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

What's in AAAA name?

The final step to your 128 bits of fame is to set up DNS records for the IPv6-enabled server. Initially I'm not going to bother with reverse-lookup (PTR) records, though I will do so eventually.

So all I need is the forward mapping from my example.com name to the IPv6 raw address. For an IPv4 address that's an 'A' record in DNS lingo. For an IPv6 address, with 4 times as many bits, it's an 'AAAA' record. Humour: we've heard of it.

That new record looks something like this:

ipv6.example.com. IN AAAA WWWW:XXXX:YYYY:ZZZZ::2

All my DNS stuff is built with scripts which build BIND9 config files from a hosts file, and I haven't yet adjusted them to recognise IPv6 addresses yet, so I had to slip the new record by pretending it was a mail record for now. Another rough-edge to clear up later!

But now with that AAAA record published and propagated I can put...

http://ipv6.example.com/

...in the browser on my MacBook and, ta-da, I'm in like Flynn!

After I'd tested that to my satisfaction I also added an AAAA record for example.com alongside the existing A records, so anyone enabled for IPv6, without any further effort and using the same search engine or URL, may silently get to use a IPv6 connection to the site instead.

And indeed, after a day or so to let the DNS records finish propagating, about 0.2 per cent of the traffic to my example.com site is over IPv6 with no other changes. I can see from the logs what appear to be fairly normal browsing patterns.

The site has risen without a trace!

Scouting for browsers

As described above there are various jobs to be done to make everything more robust, such as the reverse lookup (from IPv6 address to name) PTR records, the geo-location stuff, even putting IPv6 glue records in DNS ensuring that an IPv6-only client could get to the new server starting with the URL.

There are some more subtle tasks such as not handing out IPv4 addresses or IPv4-only URLs to clients that arrive over IPv6, in case they are not dual-stack, though that should be very rare for now.

But, all in all, the upgrade was a fairly painless journey and ensures that I'm well prepared as more traffic, eg, from mobile devices, is over IPv6.

Give it a whirl yourself, with a stealthy IPv6 launch. Get your pilot projects done sooner than later: be prepared, not panicked. ®

Bootnote

Combat fraud and increase customer satisfaction

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.