I’m IPv6 ready

Why I've IPv6 enabled my server and how I did it

We hear the horror stories every now and then. We're running out of IPv4 space and soon the world as we know it is going to end. One day we'll run out of addresses and computers will have to live behind the evil jail of NAT.

There is another way, and that is of course IPv6. ISPs are mostly burying their heads in the sand, and won't implement it until there are more IPv6 enabled websites. Webmasters are waiting on IPv6 addresses to be handed dished out by hosting companies who are too lazy to do anything until ISPs dish out addresses to surfers. A vicious cycle indeed.

Luckily, we host with Bytemark, who dish out native IPv6 addresses so we don't have to rely on hackish Sixxs tunnels. I have a /56 on my VPS.

The first thing to do was to to bring up 2 addresses in /etc/network/interfaces. I tried putting a separate ipv6 stanza (the way you're supposed to do it), so I used post-up commands by placing this under iface ethe0 inet static

#Bring up additional ipv6 addresses on same if
up ip -6 addr add 2001:41c8:10a:200::1/56 dev eth0
up ip -6 ro add default via fe80::1 dev eth0
up ip -6 addr add 2001:41c8:10a:200::2/56 dev eth0

I saved myself a reboot by also running the up commands on the command line.
Just as I did for v4, I planned to use the first address for everything, except lighttpd, because Apache is already using port 80.

I added an extra Listen line to /etc/apache2/ports.conf

Listen [2001:41c8:10a:200::1]:80

All of my vhosts listen on *:80, so that's good.

Lighttpd's server.bind syntax only supports one bind address and port, but you can bind to multiple addresses like so:

server.use-ipv6 = "enable"
server.bind = "::ffff:212.110.165.233"
$SERVER["socket"] == "[2001:41c8:10a:200::2]:80" { }

Next I turned on ejabberd's IPv6 support by adding the inet6 keyword to thgis stanza in /etc/ejabberd/ejabberd.cfg:

{listen,
[
{5222, ejabberd_c2s, [inet6, {access, c2s}, {shaper, c2s_shaper}]},
...
]}

Next up wasmy IRC bouncer, ZNC. I'd told it to explicitly bind to a certain IP address so I could have a vanity address. That needed disabling so I can connect to IPv6-only IRC servers (which to be honest isn't going to happen anytime soon.)

Postfix has IPv6 support since 2.2, and i have 2.5.5 so that should just work, as it currently binds to all addresses. For good measure, i added inet_protocols=all to /etc/postfix/main.cf

For Dovecot, I added listen = [::] to /etc/dovecot/dovecot.conf. Note that listen = * refers to all IPv4 only.

Bytemark's hosted TinyDNS servers support IPv6 records (prefix 6 for automatic rDNS, prefix 3 otherwise), but I stupidly totally forgot about this and used this generator to cook up some AAAA records to match my A records.

A little testing with the SixXS IPv6-IPv4 and IPv4-IPv6 Website Gateway, which is basically an IPv6 -> IPv4 web proxy that refuses to retrieve anything hosted on IPv4, and I confirmed everything was good to.

Stop Press! Aren't we forgetting something?
In keeping with the tradition set by kame, and followed by Google and many others, I needed a bouncing logo thats only shown to surfers that connect via IPv4. Lucky I had an animated gif that I'd made earlier. In Django, you can do something like