I've been testing the AAAA records for linickx.com, I'm supprised how easy it was!
The cloud servers over at rackspace (where this is hosted) come ipv6 ready - i.e. with a native ipv6 address attached to the internet. I'm using CentOS 6 so your experience may vary :)
ifconfig
showed the IP address in my network stack, a good start! The
first thing is that there are two iptables
config files
/etc/sysconfig/iptables
& /etc/sysconfig/ip6tables
, it should be
obvious which is which! I'm not sure I agree with Redhat's decision to
have two config files but they are configured the same it is only the
IPs that need to be different, therefore I can have the same statement
in each to open up access to apache:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
By default --dport 22
(SSH) is open on a RHEL/CentOS box, therefore
I recommend you change that as appropriate - yes you need to think about
ACLs on IPv6 as well as IPv4!
Since there are two config files for iptables there are also two services, you will need to restart the service to load up a new config:
[nick@toad ~]$sudo service ip6tables restart
The apache config file is /etc/httpd/conf/httpd.conf
, by default there
is a Listen 80
statement, assuming you haven't changed that apache
should be already listening on ipv6 port 80!
[nick@toad ~]$ sudo netstat -nap --inet6 | grep 80
tcp 0 0 :::80 :::* LISTEN 6878/httpd
[nick@toad ~]$
What happens now when you hit up your server will happen depend now on
your config, check you VirtualHost
statement, if you have an IPv4
address you want to remove it, so you have something like:
<VirtualHost *:80>
ServerName localhost
ServerAdmin root@localhost
DocumentRoot /var/www/html
</VirtualHost>
If you use a NameVirtualHost *:80
then your ServerName
statements
will start working when you published AAAA records.
To publish an AAAA record use whatever method you use for ipv4 A records, they're the same thing :) ... I used my rsdns util ... kick of a test and watch your access log, all things being equal you should see ipv6 source addresses!
...OK, I have assumed you have an ipv6 source to test with; the quickest method is http://ipv6-test.com/validate.php, the more involved method is to setup a 6in4 tunnel with tunnelbroker.net.
If it all works you can get yourself a cool badge like this one!