Re: IPv6 "out of the box" support (netbase requirement?)

[Giacomo Mulas]

On Wed, 9 Jul 2003, Noah Meyerhans wrote:

> On Wed, Jul 09, 2003 at 05:54:58PM -0500, Drew Scott Daniels wrote:
> > > Fair enough, starting from the next release netbase will always add the
> > > IPv6 localhost addresses.
> >
> > I suspect if this is done there may be many complaints, grumbles and
> > maybe some screams, so perhaps an announcement/warning first?
>
> What would the complaints be?  It's not like these hosts entries are
> intrusive in any way.

Here is one: I have a carefully crafted firewalling script based on
iptables, and I believe I am relatively safe with respect to insecure
services; then you automagically add IPv6 support on my box and suddenly
my box is open to the world (iptables only filters IPv4). I think that you
are right in wanting IPv6 to be more or less automatically set up, to help
create a vast user base for it, but I second that a clear, loud warning
about it is a must. Then, at least for the problem I outlined, one is
advised to create also an iptables6 script to plug the IPv6 "hole". I wish
netfilter6 had connection tracking support...

Bye
Giacomo

-- 
_

Giacomo Mulas <[EMAIL PROTECTED]>
_

OSSERVATORIO ASTRONOMICO DI CAGLIARI
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)

Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222
Tel. (UNICA): +39 070 675 4916
_

"When the storms are raging around you, stay right where you are"
 (Freddy Mercury)
_

Re: IPv6 "out of the box" support (netbase requirement?)

[Giacomo Mulas]

On Thu, 10 Jul 2003, Ivo Timmermans wrote:

> Giacomo Mulas wrote:
> > On Wed, 9 Jul 2003, Noah Meyerhans wrote:
> > > What would the complaints be?  It's not like these hosts entries are
> > > intrusive in any way.
> >
> > Here is one: I have a carefully crafted firewalling script based on
> > iptables, and I believe I am relatively safe with respect to insecure
> > services; then you automagically add IPv6 support on my box and suddenly
> > my box is open to the world (iptables only filters IPv4).
>
> It's not about IPv6 support in the kernel, the matter at hand is if
> there should be IPv6 entries in /etc/hosts.

many, many people will have IPv6 support enabled in the kernel *as a
module*, and automatic module loading (look at stock kernels...). Putting
IPv6 entries in /etc/hosts will cause the module to be loaded, and then
you cannot even rmmod it... I think people should be advised to know that
if they really don't want IPv6 support to be enabled they must
uncomment/add the "alias net-pf-10 off" line in /etc/modutils/aliases.

just my 2¢..
bye

-- 
_

Giacomo Mulas <[EMAIL PROTECTED]>
_

OSSERVATORIO ASTRONOMICO DI CAGLIARI
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)

Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222
Tel. (UNICA): +39 070 675 4916
_

"When the storms are raging around you, stay right where you are"
 (Freddy Mercury)
_

Re: IPv6 "out of the box" support (netbase requirement?)

[Ivo Timmermans]

Giacomo Mulas wrote:
> On Wed, 9 Jul 2003, Noah Meyerhans wrote:
> > What would the complaints be?  It's not like these hosts entries are
> > intrusive in any way.
> 
> Here is one: I have a carefully crafted firewalling script based on
> iptables, and I believe I am relatively safe with respect to insecure
> services; then you automagically add IPv6 support on my box and suddenly
> my box is open to the world (iptables only filters IPv4).

It's not about IPv6 support in the kernel, the matter at hand is if
there should be IPv6 entries in /etc/hosts.

Anyway, if Debian starts to ship default kernels with IPv6 support, it
must be backed with a capable ipmasq, and a loud warning indeed.

The only way I see IPv6 on Debian breaking every now and then is broken
or braindead DNS-information.  For example: giving an  address for
www.domain.com, but null routing IPv6 traffic, which leads to annoying
delays.


Ivo

-- 
/* I can't stand it anymore!  Please can't we just write the
   whole Unix system in lisp or something? */
- bash-2.02/unwind_prot.c

Re: IPv6 "out of the box" support (netbase requirement?)

[Loïc Minier]

Drew Scott Daniels <[EMAIL PROTECTED]> - Wed, Jul 09, 2003:

> What is required for "out of the box" IPv6 support in Debian? When
> upgrading netbase it asked me if I wanted to include IPv6 addresses in my
> /etc/hosts. Why wouldn't I want to include IPv6? Do packages break (in an
> RC bug way) with IPv6 addresses in /etc/hosts? I'm guessing that there's
> just too many packages would break in non-RC bug ways, but I haven't tried
> any.

   Some packages do break when you change your /etc/hosts, for example
 host (I do not use this version myself and did not check the bug
 report):


   However, my experience in activating IPv6 support on the boxes was
 quite positive.

   But I won't use IPv6 for production websites because I had some
 complaints of users trying to access a www advertised in IPv6 and
 v4. Their browser was trying to access the site in v6 and somewhere
 inbetween, the packets were lost.
   I would blame the bad ISP or the bad browser, but the fact is it did
 not work with v6 addresses in the DNS. So I leave the site accessible
 in v6 through the use of another address (ww6. or www.ipv6.), but it's
 not really the 'slow switch to v6' I would like to see  :(


   The first step is clearly to ship all OS with IPv6 support activated
 by default, but it still requires some work.

   0.02 ¤,

-- 
Loïc Minier <[EMAIL PROTECTED]>

Re: IPv6 "out of the box" support (netbase requirement?)

[Thomas Seyrat]

On July 10, 10:42 (+0200), Loïc Minier wrote:
>Some packages do break when you change your /etc/hosts, for example
>  host (I do not use this version myself and did not check the bug
>  report):
> 

  This bug does not concern adding IPv6 entries to /etc/hosts, but in
  /etc/resolv.conf.
  
  Adding IPv6 entries to /etc/hosts does not break host. Indeed, host is
  not even supposed to query /etc/hosts - although it does in some case,
  but that's another bug ;-)

-- 
Thomas Seyrat

unsubscribe k.loeffen@canon.nl

[Loeffen Karin]

 
Kind regards, 
Karin Loeffen Business Analist CCI NL [EMAIL PROTECTED] tel:023-5670473 mobile: +31 6 
21510270 



This email and any attached files are confidential and may be legally privileged. If you are not the intended recipient, any disclosure, reproduction, copying, distribution, or other dissemination or use of this communication is strictly prohibited. If you have received this transmission in error please notify the sender immediately and then delete this email. Email transmission cannot be guaranteed to be secure or error free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore is in no way liable for any errors or omissions in the content of this message, which may arise as a result of email transmission. If verification is required, please request a hard copy. 



  


K. M. Loeffen (E-mail).vcf
Description: Binary data

Re: IPv6 "out of the box" support (netbase requirement?)

[Marco d'Itri]

On Jul 10, Giacomo Mulas <[EMAIL PROTECTED]> wrote:

 >many, many people will have IPv6 support enabled in the kernel *as a
 >module*, and automatic module loading (look at stock kernels...). Putting
 >IPv6 entries in /etc/hosts will cause the module to be loaded, and then
Please provide proof of your assertion.

-- 
ciao, |
Marco | [760 reylIvHhn6N.U]

Re: IPv6 "out of the box" support (netbase requirement?)

[Jeremy T. Bouse]

The only issue I've had with IPv6 entries in /etc/hosts has been more
so with user applications that try to parse the hosts file and don't yet know
how to handle the IPv6 entries and barf... I haven't ran across any
system applications/daemons/etc that have had a problem with them being
in the hosts file...

I currently run almost a dozen IPv6 enabled Debian servers with some
of them having both the IPv6 and IPv4 address in DNS for them...

Regards,
Jeremy

On Thu, Jul 10, 2003 at 11:19:39AM +0200, Thomas Seyrat wrote:
> On July 10, 10:42 (+0200), Lo?c Minier wrote:
> >Some packages do break when you change your /etc/hosts, for example
> >  host (I do not use this version myself and did not check the bug
> >  report):
> > 
> 
>   This bug does not concern adding IPv6 entries to /etc/hosts, but in
>   /etc/resolv.conf.
>   
>   Adding IPv6 entries to /etc/hosts does not break host. Indeed, host is
>   not even supposed to query /etc/hosts - although it does in some case,
>   but that's another bug ;-)
> 
> -- 
> Thomas Seyrat
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 

Re: IPv6 "out of the box" support (netbase requirement?)

[Peter Cordes]

On Wed, Jul 09, 2003 at 03:17:20PM -0500, Drew Scott Daniels wrote:
> What is required for "out of the box" IPv6 support in Debian? When
> upgrading netbase it asked me if I wanted to include IPv6 addresses in my
> /etc/hosts. Why wouldn't I want to include IPv6? Do packages break (in an
> RC bug way) with IPv6 addresses in /etc/hosts? I'm guessing that there's
> just too many packages would break in non-RC bug ways, but I haven't tried
> any.

 Until recently, I wasn't using v6, and had it disabled in my kernel.
However, I did let netbase put v6 addresses for ip6-localhost, etc. into my
/etc/hosts a long time ago (I knew v6 was the wave of the future...).  I saw
no breakage of anything because of the entries, even on a v4-only system.
Admittedly, I didn't set up a wide variety of daemons that might have tried
to do tricky things with the network, but I can attest that I didn't see any
problems with any desktop, home LAN, exim, or ssh stuff.

> When does it become time to do mass bug reports on packages that break
> with IPv6?

 There might be a packages with bugs, but I would be surprised at having to
do _mass_ bug reports.


-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X([EMAIL PROTECTED] , s.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BC