Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

387
active users

toad.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#ipv6

8 posts8 participants0 posts today
Replied to Ryan Peters
Public
Jens Link

@ryan

for the authoritative side:

When you put AAAA and A records into DNS, IPv6 enabled clients will try IPv6 first and then fall back to IPv4. So Configure and test your systems first, then configure the DNS records.

HTTP / HTTPS are an exception here, they are using something called HappyEyeballs.

datatracker.ietf.org/doc/html/

Logo of the IETF
IETF DatatrackerRFC 8305: Happy Eyeballs Version 2: Better Connectivity Using ConcurrencyMany communication protocols operating over the modern Internet use hostnames. These often resolve to multiple IP addresses, each of which may have different performance and connectivity characteristics. Since specific addresses or address families (IPv4 or IPv6) may be blocked, broken, or sub-optimal on a network, clients that attempt multiple connections in parallel have a chance of establishing a connection more quickly. This document specifies requirements for algorithms that reduce this user-visible delay and provides an example algorithm, referred to as "Happy Eyeballs". This document obsoletes the original algorithm description in RFC 6555.
#IPV6
Replied to Ryan Peters
Public *
Jens Link

@ryan

For the resolver side:

When you only have an IPv4 resolver configured, your clients will only use this one. When your clients get an IPv6 resolver, either via Router Advertisement or DHCPv6, they will try that one. They should fall back.

As with any service: Configure the service first, check the connection, then configure your clients to use the service.

#IPv6
Replied to Ryan Peters
Public
mkj

@ryan You pretty much can't use IPv6 without DNS. Sure, technically, you can just fine; but it's really rather impractical.

I would go with what's one of nuintari's rules of networking: start small. Get one small piece to run IPv6, then expand from there. If that means start out by setting up your local DNS resolver to accept queries over IPv6, sure, why not?

#IPv6
Replied to Ryan Peters
Public *
Jens Link

@ryan Yes, you should learn IPv6.

You can find a collection of training material here:

gitlab.com/jenslink/ipv6-resou

BTW, In many cases you don't need DHCPv6, you can just use router advertisements to configure your clients. And if you are running Android, DHCPv6 does not work at all.

I really should start working on the IPv6 tutorial YouTube videos...

GitLabresources.md · main · Jens Link / IPv6 Resources · GitLabGitLab.com
#IPv6
Public
Ryan Peters

For those that run a homelab with DNS and DHCP, are you using IPv6? I'm running BIND and debating if I need to configure IPv6 just to future-proof myself. I'm not seeing any issues, at least any that I notice.

Also, I know little about IPv6, so I admit I need to do some learning.

#homelab#dns#dhcp
Replied to Michael
Public
Nivex 🐧 📻

@michael I am not aware of any end-user ISP providing only #IPv6 connectivity. I do know of some VPS hosts providing only IPv6 to customer nodes. This has impacted folk wanting to write code that interact with other services (eg: Discord bots).

Replied in thread
Public
T_X

@freifunkMUC ansonsten fände ich es auch noch sehr spannend, wenn man als weiteren Service für VPN und die VMs auch #Multicast dann anbieten könnte. Auch per #IPv6 und #PIM / #pim6sd über das #IntercityVPN zwischen Communities dann irgendwann. Das gäbe es meines Wissens nach auch bei keinem kommerziellen Angebot bisher.
Aber dann müssten wir nochmal schauen, wie man das gerade mit euren #GluonParker Bestrebungen noch hinbekommen könnte.

Public
Michael

Question to the network people out there:

Are there any ISPs that are IPv6 only (without providing a NAT/whatever)?

Background: Having an argument with a provider that hasn't published any AAAA records, and whilst I think that's poor form, I'm wondering if this would actually negatively affect any actual users in practice?

#ip#ipv6#ipv4
Replied in thread
Public
Kevin Karhan :verified:

@DoctorBrodsky @woe2you @miah given #Quad9 bowed before the #Contentmafia and censored #DNS requests, I'll continue to recommend using #OpenNIC's Servers instead

94.103.153.176 & 2a02:990:219:1:ba:1337:cafe:3 as well as
144.76.103.143 & 2a01:4f8:192:43a5::2

  • If you only add a single #IPv4 address, no #IPv6 resolution will take place over said provider or worse even no IPv6 connectivity at all...

I merely retain quad9 on said list for archival purposes. I Yeeted #CloudFlare aka. #ClownFlare since they are a #RogueISP!

Public *
Erik Nygren :verified:

A long-standing Linux headache for large-scale #IPv6 deployments was that net.ipv6.route.max_size was set to 4096 and had to be raised manually.
It looks like recent kernels raised this in this commit (which also seems to be what is included in Ubuntu 24.04):

github.com/torvalds/linux/comm
[...]
- net->ipv6.sysctl.ip6_rt_max_size = 4096;
+ net->ipv6.sysctl.ip6_rt_max_size = INT_MAX;

If you are using IPv6 for large scale production services don't forget to either raise this sysctl manually or use a newer kernel that raises it.

In ip6_dst_gc() replace: if (entries > gc_thresh) With: if (entries > ops->gc_thresh) Sending Ipv6 packets in a loop via a raw socket triggers an issue where a route is cloned by i...
GitHubipv6: remove max_size check inline with ipv4 · torvalds/linux@af6d103In ip6_dst_gc() replace: if (entries > gc_thresh) With: if (entries > ops->gc_thresh) Sending Ipv6 packets in a loop via a raw socket triggers an issue where a route is cloned by i...
Replied in thread
Public
Kevin Karhan :verified:

@fusl @mnalis @0xF21D

I do that with #pfSense & #OPNsense (depending on the exact network in question) and have it merge multiple sources that get cached.

In total, I do may out the 30 DNS servers and whilst I have #IPv4only, I have everything ready for #DualStack (#IPv4 + #IPv6) once my ISP stops keeing it's thumbs um their ass...

GitHublists.d/dns.servers.list.tsv at main · greyhat-academy/lists.dList of useful things. Contribute to greyhat-academy/lists.d development by creating an account on GitHub.
#sarcasm
Public
lw

annoying freebsd ipv6 thing:

# ifconfig lo1 create inet6 auto_linklocal -ifdisabled 2001:db8:100::1/128 up

# ping 2001:db8:200::2
(ping uses 2001:db8:100::1 as source address)

# ifconfig lo2 create inet6 auto_linklocal -ifdisabled no_prefer_iface 2001:db8:200::1/128 up

# ping 2001:db8:200::2
(ping now uses 2001:db8:200:1 as source address)

my expectation was that no_prefer_iface would prevent it from choosing addresses on lo2 as source address automatically, but apparently this does not prevent choosing the longest match for the destination :-(

there's 'prefer_source', which seems to be an address-specific attribute, but i don't think i want that since i have both GUA and ULA addresses configured.

there's also 'anycast', but apparently if you configure an address as anycast, you can't bind to it, which seems a bit useless.

#freebsd#ipv6
Public
waldi

And I am again in need of an #IPv6 range for NAT66 use cases. It needs to be local routable, but without the special handling of fc00::/7.

In the past I used 200::/16, fe00::/16, all in unassigned space.

Yes, I don’t like NAT66 either.

ExploreLive feeds
About