After almost 3,500 days

I see that turning on IPv6 was a mistake. In the next couple of days I’ll turn off IPv6 and DNSSEC (another protocol nobody needs) for all services. IPv6 is to experimental an does not work!

Turn of IPv6 now!

 

IPv6 and OpenSource Projects Q1/2018

This message on twitter reminded me that I wanted to run this test I ran in November 2015 again for a long time. Now I’ll repeat this at the end of every quarter till it just works, or the Internet is replaced with something new. Whichever comes first.

So here is what I did:

Get the Linux from Scratch wget-list


wget http://www.linuxfromscratch.org/lfs/view/stable/wget-list
--2018-03-22 17:10:01-- http://www.linuxfromscratch.org/lfs/view/stable/wget-list
Resolving www.linuxfromscratch.org (www.linuxfromscratch.org)... 2600:3c01::f03c:91ff:fe70:25e8, 192.155.86.174
Connecting to www.linuxfromscratch.org (www.linuxfromscratch.org)|2600:3c01::f03c:91ff:fe70:25e8|:80... failed: Connection refused.
Connecting to www.linuxfromscratch.org (www.linuxfromscratch.org)|192.155.86.174|:80... failed: Network is unreachable.

This was from an IPv6 only host. As you can see the host has an IPv6 address but nobody is answering.

Please: If you put a AAAA record into your DNS configure your service accordingly! And if you run a service, monitor it! For all protocols you are using!

After copying the list from a host with IPv4 to my IPv6 only test host I cut out only the protocol and host part of the URLs and made a unique list with 32 entries.


> cut -d "/" -f 1-3 wget-list | sort -u > list
> wc -l list
32 list
> head -4 list
ftp://ftp.astron.com
ftp://ftp.vim.org
ftp://sourceware.org
http://anduin.linuxfromscratch.org

Then I used a small shell script to run curl -so /dev/null for each line in the file and sort out the host failing via IPv6 only.


> ./check-urls | tee out
ftp://ftp.astron.com
ftp://sourceware.org
http://anduin.linuxfromscratch.org
http://download.savannah.gnu.org
http://downloads.sourceforge.net
http://launchpad.net
http://prdownloads.sourceforge.net
https://downloads.sourceforge.net
https://github.com
http://sourceforge.net
https://sourceforge.net
https://sourceware.org
http://tukaani.org
http://www.greenwoodsoftware.com
http://www.infodrom.org
http://www.linuxfromscratch.org
http://www.mpfr.org
http://zlib.net
> wc -l out
18 out

So we have 18 out of 32 hosts not answering to IPv6. Welcome to 2018.

gitlab and IPv6

I’m working on setting up a new server running Debian GNU/Linux and libvirt/kvm. One of the first VMs I set up was a GITLAB server.

Two thinks to remeber:

1. You can’t install GITLAB from an IPv6 only server because their servers don’t have IPV6 (well it’s only 2017).

2. The gilab Debian package brings it’s own data base and and Webserver (ngnix). In the default setup ngnix will onyl listen to IPv4. You have to edit /opt/gitlab/etc/gitlab/gitlab.rb and edit the nginx['listen_addresses'] = line.

libvirt, virt-install and Arch Linux

For years I’m using a shell script wrapper around virt-install to setup VMs. Recently I was asked to setup several VMs on Arch Linux for a training. Whatever I did, I wasn’t able to install a VM. The Console was always showing that no boot device could be found. It took some time to find out that something from qemu-arch-extra was missing. After installing this package everything worked as expected.

Confidential

At DENOG8 I’ve seen several marketing only presentations marked CONFIDENTIAL.

From my point of view I think that this is only marketing: “You are our potential customers. Look how much we trust you already. We are sharing confidential marketing bullshit with you!”

v6 only

Some people may not be able to read this post because this blog as no A record anymore. I don’t care if you don’t have IPv6. It’s 2016.

For those of you who can read this: I’ll try to write some technical posts about Icinga2, libvirt/kvm and other stuff in the future.