Sunday, April 1, 2018

Ubuntu 12.04 services using ipv6




I currently manage two servers on Linode. The first "server-a" is running 12.04, the second "server-b" is a fresh install of 14.04.



A while ago I had some trouble with spf records on server-a and came to the realization that I needed to explicitly add (or create an A record for) the ipv6 address since the postfix service was using ipv6 to connect to gmail. This was surprising to me since I just assumed it would be using ipv4 by default. After a bit more followup I discovered that nearly all services were using ipv6 in some cases but not others.



For instance, if postfix delivers mail, or if I telnet or ssh to another host on Linode my ipv6 address shows up the log. On the other hand if I connect to my local server here at home or to one on Digital Ocean's network, ipv4 is used.



Can anyone explain when and how it is determined that ipv4 or ipv6 should be used when establishing a connection? Does it vary from service to service or is this part of a central configuration?


Answer



Services are usually accessed using a hostname, which usually means that DNS is used to look up the IP address(es) linked to that hostname. For IPv4 there will be A records, and for IPv6 there will be AAAA records. All those addresses are supposed to offer the same service, independent of the protocol used.




So if you send email to Gmail your mailserver will look up the MX (mail exchange) records for gmail.com. From my point of view those are:



gmail.com.  MX  5   gmail-smtp-in.l.google.com.
gmail.com.  MX  10  alt1.gmail-smtp-in.l.google.com.
gmail.com.  MX  20  alt2.gmail-smtp-in.l.google.com.
gmail.com.  MX  30  alt3.gmail-smtp-in.l.google.com.
gmail.com.  MX  40  alt4.gmail-smtp-in.l.google.com.



The highest priority MX is gmail-smtp-in.l.google.com, so let's look at its addresses:



gmail-smtp-in.l.google.com.  A     74.125.136.26
gmail-smtp-in.l.google.com.  A     74.125.136.27
gmail-smtp-in.l.google.com.  AAAA  2a00:1450:4013:c01::1b


So now your mailserver has three addresses it can use. DNS doesn't tell you which one is preferred. That choice is up to your local software. There is a whole RFC about the algorithm to use (RFC 6724) but it usually boils down to: use IPv6 when available, otherwise IPv4.



Postfix (≥ 2.9) will, unless explicitly configured otherwise, use both IPv4 and IPv6 when available. It will first try IPv6, and if it can't connect using IPv6 it will connect using IPv4.




Web browsers work in a different way these days since the invention of Happy Eyeballs / RFC 6555. Because connectivity problems on IPv6 would cause annoying or even unworkable timeouts a browser will try to use IPv6, but if it hasn't heard anything after ±200ms it will try to connect using IPv4 in parallel. The first connection to succeed will be used.



And of course: if the service you are using doesn't advertise any IPv6 addresses in DNS then only IPv4 will be used. And vice versa.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...