I helped out with getting South Africa's biggest technical news and discussion site turned up for IPv6. MyBroadband got a AAAA record just in time for IPv6 Day and since then its been uneventful. More on that another day.

I was quite surprised when talking to a local cloud server provider that they were under the impression that World IPv6 Day was the first time that IPv6 had been used for real stuff. Paraphrasing their response slightly: "The first tests with IPv6 were only completed a few weeks ago. We don't think that there is any reason for us to be deploying such an immature technology"

Another person still stuck in the first phase of their mourning for the demise of IPv4 - DENIAL.

Some predictions for the African region suggest that AfriNIC will continue to have IPv4 addresses available until 2014. "We have plenty of IPv4 space. We won't run out soon. Whats the point of putting IPv6 on my network."

The point is that its not about Africa. IPv6 becomes a requirement as soon as the first service launches that is IPv6 only and your customer wants to access that service. It is somewhat pointless having large amounts of IPv4 address space when the content that people want is not on the IPv4 Internet.

While it is likely that there will be much bartering and redistribution of IPv4 address space when the exhaustion phase happens in the next 100 days. Despite that, we can expect to see some IPv6 only services within quite a short period after the start of the exhaustion.

Since SMTP also makes outbound connections it will immediately attempt to use IPv6 when attempting to communicate with other IPv6 capable mail servers. For this reason care should be taken when enabling IPv6 as it can potentially cause mail delivery problems. Ensure that at the very least the rDNS entries for your server's IP are correctly configured.

My biggest concern with mail delivery over IPv6 is that many antispam solutions do not properly understand an IPv6 address. Depending on how well a particular server is setup it may accept IPv6 mail or potentially discard it randomly and unpredictably. It is important to be reviewing you logs to identify mails that are being delivered (or not) over IPv6.

Configuring inbound mail also requires some care to ensure that your spam filters do not reject IPv6 email. It is currently fairly safe to apply an accept all rule matching all IPv6 mail but this is not going to continue.

cPanel normally uses the same A record for your website and your mail. For this reason I suggest that you don't just add a AAAA to your sites main hostname since this will cause slowdowns on your website if your IPv6 setup is not perfect. The solution to this is to add a new A record for specifically for mail: mx.yourdomain.co.za. Then add an AAAA for the same hostname and adjust your MX records to point to your new hostname.

You then want to get someone to send you mail via IPv6. The easiest way to do this is to join a mailing list that runs on IPv6 enabled servers.

If you see a red bar then you are using a legacy IPv4 connection. If - however - you see a green at the top of the page then you are visiting this site over IPv6. If you're sure that you've setup IPv6 but you still see a red bar then your IPv6 is most likely broken.

Now I'm interested in getting some feedback from you. If you reach this site over IPv6 then please post a comment about the service provider that you are using or the tunnelling mechanism that you are using.

Looking forward to some feedback.

Many older cPanel installations will be running Courier. Interestingly Courier's default config already has IPv6 enabled by default. IPv4 addresses in log files are written in IPv6 compatible format by prepeding them with "::ffff:".

In order to connect to your mail server via IPv6 you can open your favourite mail client (Thunderbird is known to work) and set the server name to your servers IPv6 address. View the log files at "/var/log/maillog" to see your client login via IPv6.

Next step would be to add a DNS entry for your mail server. If you are the only user on your mail domain then you can add the IPv6 address of your server as a AAAA record for mail.yourdomain.co.za. If you have many other users on your domain then you may want to rather add the AAAA for mail6.yourdomain.co.za. Users with broken IPv6 connectivity may experience higher latency or inability to connect if the AAAA is applied directly to the 'mail' hostname.

Dovecot requires one change to enable IPv6: the listen directive needs to be adjusted to include both IPv4 and IPv6. Access the dovecot config template and add the line "listen = *, [::]" and rebuild the config. This should make dovecot IPv6 capable but this has not been tested.

cPanel uses bind under the hood to provide DNS. Bind has mature IPv6 support and is the ideal candidate for getting going with a dual-stack cPanel environment.

cPanel is capable of loading AAAA DNS records into DNS zones. These AAAA records are the primary IPv6 DNS records for mapping a hostname to an IPv6 address. This can be done via the 'Edit DNS zone' feature that is available in the WebHost Manager but is not available on the simple DNS editor in the cPanel interface.

Serving AAAA responses is one thing but you also want your DNS server to communicate on IPv6. The first step is to make sure that your server has IPv6 connectivity. This can be checked by loging in via ssh and running the command 'ping6 ipv6.google.com'. Once you are happy that you have a working IPv6 connection you can proceed to the next step:

This step requires that you are the root user on the server. You need to open the file '/etc/named.conf' in your favourite terminal text editor. You then need to add the line

listen-on-v6 { any; };

after the line

options {

You can then save the file and restart the nameserver via the web interface. If all goes well your server will be answering IPv6 DNS queries.

You can test this firstly by doing a 'dig www.mydomain.com @::1' where ::1 is the IPv6 equivalent of localhost. If that works correctly then you want to test a DNS query from another IPv6 enabled host. You know have IPv6 capable DNS servers.

According to Geoff Huston's mathematical modeling we are now less than one year away from the final depletion of IANA's pool of free IPv4 netblocks.

The current estimate is that this will happen on 10th July 2011. What is going to happen you might ask...

An agreement was reached in the Internet community that as soon as the IANA has only 5 '/8' prefixes remaining in their pool they will all be handed out in one go. One prefix each to the 5 Regional Internet Registries (RIR). The registries are then responsible for distributing those addresses to users in their region.

Most RIRs have put in place policies that limit the maximum allocation size and rate of consumption of the final '/8'. This is intended to prevent a run-on-the-bank type situation and also try and ensure that small blocks of IPv4 addresses are available for critical systems such as DNS for a while.

The reality is that after July next year you are unlikely to be able to get an IPv4 allocation from your local RIR that will be big enough to build an ISP.

Are you ready for that?

There has thus far not been any noticeable email spam hitting my mail server on its IPv6 address. This is a relief since the availability of IPv6 RBLs and other spam fighting filters is currently limited.

I was however privileged to receive my first IPv6 comment spam on this blog recently. This means that one of the botnet herders has either included IPv6 support in their code or they are writing good enough code that it is IP version agnostic. Is this a good thing...?

I had hoped that the IPv6 Internet would be free of the evils of the IPv4 Internet. As long as it stays niche there will be no reason for the worst netizens to show their faces on this side of the great IP divide. Then of course we would not be achieving our end goal of moving everyone (including the spammers) to IPv6.

• 2001:0:* - This block of addresses is assigned to the Teredo protocol. This tunneling protocol is installed by default on Windows Vista and Windows7 operating systems. It is used by hosts behind NAT gateways to reach IPv6 hosts. Teredo is NOT preferred over IPv4 and will only generally be used when a suitable IPv4 connection can't be made. Teredo is quite popular with torrent clients to reach hosts behind a NAT.
• 2001:200-A000:* - The first global address allocations were made out of this range of prefixes. Typically these are early adopter networks and many of the major tunnel brokers have prefixes in this range.
  • 2001:470:* - This is the prefix used by the Hurricane Electric tunnel broker service.
• 2002:* - The 6to4 protocol was assigned this prefix. The 8 digits following the initial sequence are a hexadecimal representation of the public IPv4 address that defines the end of the tunnel. 6to4 thus only functions if the tunnel endpoint is a public IP. In the past 6to4 has been popular for providing IPv6 along side IPv4 on residential gateway/router devices.
• 240*: - Range that was issued to APNIC for users in the Asia and Pacific regions.
• 260*: - Range that was issued to ARIN for users in the North American region.
• 280*: - Range that was issued to LACNIC for user in the Latin American region.
• 2A0*: - Range that was issued to RIPE NCC for user in the European region.
• 2C0*: - Range that was issued to AfriNIC for user in the African region.

It is true that many network technicians and engineers make regular use of IPv4 literals in their daily lives. My view is that if you are typing the IP address then - YOU ARE DOING IT WRONG!

IPv6 may well be the push that is required to get many lazy networking professionals to implement proper DNS on their networks. A properly set up DNS infrastructure even on a home LAN can be a life saver and it save a lot of time in the long run.

DNS tips for IPv6 survival:

• DNS everything - choose an easy to remember hostname for every device on your network. Every PC, server, router, wifi AP and IP capable device should have a hostname that you can add to your zonefile.
• Choose your best IP for DNS. DNS should be the only thing that you ever have to manually configure on a device. Choose the shortest and easiest available IP address for your DNS server. If you are running a large network then choose 3 or 4 prefixes that you reserve for DNS anycast resolvers. That way you avoid confusion by using the same DNS server IP throughout the whole network.
• Keep it local. If you don't want to do full DNS infrastructure then add it to your local DNS resolver. Many home routers and gateways have a 'hosts' facility that allows you to add DNS entries that are visible only within your local network.

and finally

• Make proper use of 'search domains'. Most IP devices have a config option called a 'search domain' or sometimes just 'domain'. This is the home domain of the host and is appended to any DNS query when it is first looked up. This means that you can use the DNS name 'myserver' and it automatically gets expanded to 'myserver.example.com' for you. This is a huge time saver since your DNS name is now in fact shorter than even the IPv4 address of a host.