Blog |Follow Nick on Mastodon| About
 

I've been testing the AAAA records for linickx.com, I'm supprised how easy it was!

The cloud servers over at rackspace (where this is hosted) come ipv6 ready - i.e. with a native ipv6 address attached to the internet. I'm using CentOS 6 so your experience may vary :)

ifconfig showed the IP address in my network stack, a good start! The first thing is that there are two iptables config files /etc/sysconfig/iptables & /etc/sysconfig/ip6tables, it should be obvious which is which! I'm not sure I agree with Redhat's decision to have two config files but they are configured the same it is only the IPs that need to be different, therefore I can have the same statement in each to open up access to apache:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

By default --dport 22 (SSH) is open on a RHEL/CentOS box, therefore I recommend you change that as appropriate - yes you need to think about ACLs on IPv6 as well as IPv4!

Since there are two config files for iptables there are also two services, you will need to restart the service to load up a new config:

[nick@toad ~]$sudo service ip6tables restart

The apache config file is /etc/httpd/conf/httpd.conf, by default there is a Listen 80 statement, assuming you haven't changed that apache should be already listening on ipv6 port 80!

[nick@toad ~]$ sudo netstat -nap --inet6 | grep 80
tcp        0      0 :::80                       :::*                        LISTEN      6878/httpd          
[nick@toad ~]$

What happens now when you hit up your server will happen depend now on your config, check you VirtualHost statement, if you have an IPv4 address you want to remove it, so you have something like:

<VirtualHost *:80>
  ServerName localhost
  ServerAdmin root@localhost
  DocumentRoot /var/www/html
</VirtualHost>

If you use a NameVirtualHost *:80 then your ServerName statements will start working when you published AAAA records.

To publish an AAAA record use whatever method you use for ipv4 A records, they're the same thing :) ... I used my rsdns util ... kick of a test and watch your access log, all things being equal you should see ipv6 source addresses!

...OK, I have assumed you have an ipv6 source to test with; the quickest method is http://ipv6-test.com/validate.php, the more involved method is to setup a 6in4 tunnel with tunnelbroker.net.

If it all works you can get yourself a cool badge like this one!

ipv6
ready

 

 
Nick Bettison ©