[BlueOnyx:11387] Re: 5108R IPv6 fun fact [dovecot issue solved]

Chris Gebhardt - VIRTBIZ Internet cobaltfacts at virtbiz.com
Mon Sep 24 22:34:09 -05 2012 

Michael Stauber wrote:
> Hi all,
> 
> Ok, this is indeed something funny and needs to be looked at.
> 
> I tried to make sense about the suggestions as to what needs fixed where
> to disable IPv6 entirely.

If it may please the court, may I submit we have IPv6 disabled by 
default, but not completely removed... just in case we might like to 
make some manual entries so that we could use IPv6 if desired?

We're actually doing this "on purpose" on a couple of boxes, and I have 
another couple of customers who are also experimenting.

> Can someone please summarize this again for me in one message? Thanks!

Sure thing.  One of my hosting boxes "magically" grabbed an IPv6 address 
using auto discover.  Sendmail attached to the IPv6 IP.  Our nameservers 
are all IPv6-enabled.  This hosting box happened to look up the 
mailserver for comcast.net:

mx1.comcast.net.        300     IN      A       68.87.26.147
mx1.comcast.net.        48      IN      AAAA    2001:558:fe14:70::22
mx2.comcast.net.        300     IN      A       76.96.40.147
mx2.comcast.net.        7200    IN      AAAA    2001:558:fe2d:70::22
dns101.comcast.net.     292     IN      A       68.87.29.164
dns101.comcast.net.     292     IN      AAAA    2001:558:1002:a:68:87:29:164
dns102.comcast.net.     3560    IN      A       68.87.85.132
dns102.comcast.net.     3560    IN      AAAA    2001:558:1004:7:68:87:85:132
dns103.comcast.net.     3560    IN      A       68.87.76.228
dns103.comcast.net.     3560    IN      AAAA    2001:558:1014:c:68:87:76:228
dns104.comcast.net.     3560    IN      A       68.87.68.244
dns104.comcast.net.     3560    IN      AAAA    2001:558:100a:5:68:87:68:244
dns105.comcast.net.     3560    IN      A       68.87.72.244
dns105.comcast.net.     3560    IN      AAAA    2001:558:100e:5:68:87:72:244


The box used one of the IPv6 records to connect to comcast.net.   The 
only problem here was that we did not have a proper PTR on the IPv6 
address.  We rectified that in all of about 2 minutes after noticing the 
issue, and mail went through just fine.

So I suppose the issue is that for most production cases, it would be 
best to have IPv6 disabled.

We happen to be making an aggressive IPv6 push, so I'm not going to be 
one of the folks who says just eliminate all IPv6.  But I do agree that 
in most cases it would be best if left disabled by default.

This should be as simple as adding this to ifcfg-eth0:
IPV6_AUTOCONF=no

-- 
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ

More information about the Blueonyx mailing list