|
|
 IPv6 DNS – It works for me….. but it shouldn’t.
When in my IPv6 environment I perform a test ping to, say, Google, it seems to work great:
ping6 ipv6.google.com
PING ipv6.google.com(2a00:1450:8006::6a) 56 data bytes
64 bytes from 2a00:1450:8006::6a: icmp_seq=1 ttl=55 time=49.3 ms
64 bytes from 2a00:1450:8006::6a: icmp_seq=2 ttl=55 time=44.6 ms
.
.
.
Which is lovely. But I then ask myself how the ping6 command actually gets to know that name ipv6.google.com lives at IPv6 global address 2a00:1450:8006::6a. How is the domain name being resolved? And I find that I actually don’t know. I’m perfectly familiar with IPv4 DNS. So what’s going on here?
I’m cheating
I discover, upon investigation, that in fact I’m “cheating”. By that I mean that my attempt to set up a “pure” IPv6 environment (albeit in parallel with IPv4) that does not rely upon or touch IPv4 in any way has not been achieved – It turns out that my DNS is currently entirely dependent upon the existing IPv4 infrastructure! And before going ahead and trying to rectify that, it’s actually rather educational to understand how it is actually working at all.
Continue reading IPv6 and DNS
After three articles, where am I with my venture in to IPv6? What have we really achieved so far? Well, in functional terms, not so very much yet!!
To recap:
- Here I covered a lot of ground, getting basic IPv6 running on a Linux gateway box connected to an ISP providing native IPv6, while remembering stuff like the need to set up a firewall.
- Here I looked at the issue of IPv6 firewall logging
- And here I looked at the need to set up a default route out of the gateway device pointing back towards the internet.
And what can I now actually do? Well……. from the gateway box I can ping out successfully to any IPv6 device on the Internet. In other words, logged in to the device in green on this diagram, I can ping out of eth0 over the Internet. And from an IPv6 device on the Internet I can successfully ping towards my green box, using the address of eth0. So I can ping from the Internet to (these are of course made-up addresses!) 123::456.
Continue reading IPv6 – Proxy the neighbors (or come back ARP – we loved you really)
Following on from my first tutorial, we have a box set up which has basic IPv6 connectivity. There’s a firewall in place with a simple but sufficient configuration. And we can ping6 from this box to remote IPv6 destinations.
All of this has, so far, made use only of one network interface (in my case eth0) to set things up. However looking ahead to the next step I am aware that I will want devices inside my network (i.e. my workstations, etc.) to have IPv6 connectivity through this device I am setting up. In other words, this device must, as it does today for IPv4, act as a router.
With IPv4 this is, at a basic level (so forgetting about firewalling and so on) very easy: enable IPv4 forwarding and away you go.
For IPv6? A little more complicated…
Continue reading IPv6 and default routes
Now this need not be a “blocker” for everyone, but I take my firewall logging duties quite seriously…!
shorewall IPv4 logging
Currently I have IPv4 shorewall configured to log not using the standard syslog mechanism, but instead to use ulogd. This allows me to easily log firewall activity to an entirely separate set of log files very easily. It is absolutely not mandatory, but it’s neat and tidy. I then have fwlogwatch to nightly analyse the logs and automatically email the interesting bits to me for occasional checking.
To enable this I have appropriate pointers to use of ULOG in shorewall’s policy and rules files as follows:
With IPv6 slowly becoming more visible, it was time to get to grips with it. While absolutely not essential (yet!) it seemed like a fun idea: my ADSL provider offers native IPv6 in parallel with IPv4, and my hosting provider is running an IPv6 beta. So I can do native IPv6 end to end between my home and a remote host. “Home” in this case consists of a Linux firewall running iptables, fronted by shorewall. Two ethernet ports: one to the ADSL modem (my “external” interface) and one to the house infrastructure (“internal”)
The Ubuntu server distribution in use is, like most Linux distros, fully IPv6 ready. For example, do an ifconfig and we see
Link encap:Ethernet HWaddr 00:40:63:f5:f9:3c
inet addr:88.XXX.XX.XXX Bcast:88.XXX.XXX.255 Mask:255.255.255.0
inet6 addr: fe80::240:63ff:fef5:XXX/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14086899 errors:0 dropped:0 overruns:0 frame:0
TX packets:15607323 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1837525573 (1.8 GB) TX bytes:666354591 (666.3 MB)
Interrupt:16 Base address:0×8000
Now I may not know much about IPv6 on Linux yet, but I can see that I’ve got a line beginning “inet addr” which looks kinda IPv6-ish. Good start. Let’s go…
Continue reading IPv6 at home – a guide to getting started
 Several newspapers report today (e.g. here and here) that a British judge this week chose not to jail a violent criminal because he was religious.
The judge said “You are a religious man and you know this is not acceptable behaviour.”
The fact that the judge in question is Cherie Blair, wife of former-prime minister Tony Blair, just confirms that this couple appear able to justify almost anything in their own minds based upon their beliefs and superstitions.
Apparently the UK’s National Secular Society has complained about it, but in true British don’t-kick-up-a-fuss tradition not much more will happen.
So remember: before violently assaulting someone in Britain, say a prayer. No, not to ask for any sort of forgiveness for what you will do, just pray that you get this lunatic women as your judge afterwards.
 Pope Benedict XVI is apparently set to visit Britain soon. However he has also decided to attack the laws giving gay couples similar rights to married (heterosexual) couples, as a variation on the church’s more general disgust with anyone who does not share their own twisted sexual views
Aware that this is unpopular (the laws have widespread support) he has chosen a rather devious and obfuscated line of attack.
He singles out for criticism the UK’s Equality Bill, currently passing through Parliament. He tells us the effect of some of the legislation designed to achieve this goal has been to impose unjust limitations on the freedom of religious communities to act in accordance with their beliefs. Unjust. That’s the key word there. And then goes on:
“In some respects it actually violates the natural law upon which the equality of all human beings is grounded and by which it is guaranteed.”
Of course the concept of Natural Law is wonderfully vague. One assumes he is referring to some or other Aquinas-style philosophy of everything is OK, so long as it is OK with God too. However that aside, what is he really objecting to? Well, that is made fairly clear by further Church-comment on the matter. Firstly we are told that:
Religious leaders have voiced concern that the Equality Bill may force churches to employ sexually active gay people and transsexuals when hiring staff other than priests or ministers.
Continue reading Leave them kids alone
 I love the Internet. Not for the more typical use of finding what you need to know quickly and easily, but rather for the effortless ability to tell you what you did not need to know.
In the space of ten minutes or so today I moved from fruit juice to triclavianism, via the Cathars.
Started with a quick visit to Wikipedia to get some information on the chemical composition of passion-fruit juice. But then you just can’t resist haring off down those links that you find and end up in the most byzantine (tee hee) backwaters of medieval theology… Or at least I can’t.
So my dull juice enquiry ends up with me discovering that triclavianism was declared a sin by Pope Innocent III, much to the annoyance of the Albigenses and the Waldensians, who heretically insisted that only three nails were used to hang Jesus from the cross, and he got a spear in the left side. The Pope’s infallible word was that four nails were used and he got speared on the right side.
Which is wonderful enough. Until you cross-reference to The Catholic Encyclopedia (“Copyright © 2009 by Kevin Knight. Dedicated to the Immaculate Heart of Mary.”), subsection “Holy Nails”, where we discover that there are apparently still in existence up to 30 of the original nails used.
Who’d have thought it?
 More fine customer service from the French arm of a large company…
BMW France – you just lost my business. A few weeks ago my wife bought a new car. A BMW. Fine car. Superbly designed and tremendous quality. As a car, we are delighted with it.
Next year I’ll be replacing my car. I had my eye on a sparkling new BMW estate. But so long as I have to buy it from BMW France, it’s not going to happen. Shame, as I really do like the cars. I just can’t stand the company. In the short time we’ve had the new car I’ve had two major issues. Neither concern the quality of the car itself. Continue reading BMW France – To be avoided
 As detailed in previous posts, I have a server at home which I use to download and seed torrents (and, before you ask, yes most of the torrent are indeed legal!!) The torrent-side of this server needs to be remotely accessible and manageable to me from a number of places, so some sort of web-interface is required.
There are surprisingly few good web-based applications out there to do this. For a long time I’ve been using torrentflux-b4rt to provide a web-interface to BitTornado. It’s a great piece of software, but I’m now stopping using it. It’s always been a bit bloated and heavy, but once set up the way you want it, this has not mattered too much. Continue reading Bit torrent web clients
|
|
Recent Comments