One year on
It has been almost a year since my last post here. The first World IPv6 Day has come and gone. There is now a little more awareness of IPv6 - which is definitely a good thing. But looking back on what I was blogging about a year ago and I realise that very little has actually changed.
I helped out with getting South Africa's biggest technical news and discussion site turned up for IPv6. MyBroadband got a AAAA record just in time for IPv6 Day and since then its been uneventful. More on that another day.
I was quite surprised when talking to a local cloud server provider that they were under the impression that World IPv6 Day was the first time that IPv6 had been used for real stuff. Paraphrasing their response slightly: "The first tests with IPv6 were only completed a few weeks ago. We don't think that there is any reason for us to be deploying such an immature technology"
Another person still stuck in the first phase of their mourning for the demise of IPv4 - DENIAL.
Can you afford to wait?
Many system administrators seem content that if their IPv4 is working then there is no reason to deploy IPv6. The thought is that "IPv4 is not going to die any time soon so why should I bother with IPv6?"
Some predictions for the African region suggest that AfriNIC will continue to have IPv4 addresses available until 2014. "We have plenty of IPv4 space. We won't run out soon. Whats the point of putting IPv6 on my network."
The point is that its not about Africa. IPv6 becomes a requirement as soon as the first service launches that is IPv6 only and your customer wants to access that service. It is somewhat pointless having large amounts of IPv4 address space when the content that people want is not on the IPv4 Internet.
While it is likely that there will be much bartering and redistribution of IPv4 address space when the exhaustion phase happens in the next 100 days. Despite that, we can expect to see some IPv6 only services within quite a short period after the start of the exhaustion.
exim over IPv6 on cPanel
Exim has a mature IPv6 implementation and it is likely to be the first thing to start using the IPv6 connection you setup on your cPanel server. Most other services will only be used when you add a AAAA record to the relevant DNS zone.
Since SMTP also makes outbound connections it will immediately attempt to use IPv6 when attempting to communicate with other IPv6 capable mail servers. For this reason care should be taken when enabling IPv6 as it can potentially cause mail delivery problems. Ensure that at the very least the rDNS entries for your server's IP are correctly configured.
My biggest concern with mail delivery over IPv6 is that many antispam solutions do not properly understand an IPv6 address. Depending on how well a particular server is setup it may accept IPv6 mail or potentially discard it randomly and unpredictably. It is important to be reviewing you logs to identify mails that are being delivered (or not) over IPv6.
Configuring inbound mail also requires some care to ensure that your spam filters do not reject IPv6 email. It is currently fairly safe to apply an accept all rule matching all IPv6 mail but this is not going to continue.
cPanel normally uses the same A record for your website and your mail. For this reason I suggest that you don't just add a AAAA to your sites main hostname since this will cause slowdowns on your website if your IPv6 setup is not perfect. The solution to this is to add a new A record for specifically for mail: mx.yourdomain.co.za. Then add an AAAA for the same hostname and adjust your MX records to point to your new hostname.
You then want to get someone to send you mail via IPv6. The easiest way to do this is to join a mailing list that runs on IPv6 enabled servers.
Time for some audience participation
I have added a new feature to the blog template. You'll notice a thin coloured bar right at the top of the page.
If you see a red bar then you are using a legacy IPv4 connection. If - however - you see a green at the top of the page then you are visiting this site over IPv6. If you're sure that you've setup IPv6 but you still see a red bar then your IPv6 is most likely broken.
Now I'm interested in getting some feedback from you. If you reach this site over IPv6 then please post a comment about the service provider that you are using or the tunnelling mechanism that you are using.
Looking forward to some feedback.
Email via IPv6 on cPanel
Both the Courier and Dovecot mailservers can be used with cPanel to provide users with POP3 or IMAP access to their mail.
Many older cPanel installations will be running Courier. Interestingly Courier's default config already has IPv6 enabled by default. IPv4 addresses in log files are written in IPv6 compatible format by prepeding them with "::ffff:".
In order to connect to your mail server via IPv6 you can open your favourite mail client (Thunderbird is known to work) and set the server name to your servers IPv6 address. View the log files at "/var/log/maillog" to see your client login via IPv6.
Next step would be to add a DNS entry for your mail server. If you are the only user on your mail domain then you can add the IPv6 address of your server as a AAAA record for mail.yourdomain.co.za. If you have many other users on your domain then you may want to rather add the AAAA for mail6.yourdomain.co.za. Users with broken IPv6 connectivity may experience higher latency or inability to connect if the AAAA is applied directly to the 'mail' hostname.
Dovecot requires one change to enable IPv6: the listen directive needs to be adjusted to include both IPv4 and IPv6. Access the dovecot config template and add the line "listen = *, [::]" and rebuild the config. This should make dovecot IPv6 capable but this has not been tested.
