Ipv6 for the content provider

Owen DeLong owen at delong.com
Wed Jan 26 14:39:16 CST 2011

On Jan 26, 2011, at 11:17 AM, Antonio Querubin wrote:

> On Wed, 26 Jan 2011, Charles N Wyble wrote:
>> Do I just need to assign ip addresses to my servers, add AAAA records to
>> my DNS server and that's it? I'm running PowerDNS for DNS, Apache for
>> WWW. Postfix for SMTP.
> Best to remove IP version dependencies in your configs.
> If you are using name-based virtual hosting in Apache, convert:
>  Listen a.b.c.d:80         ->  Listen 80
>  <Virtualhost a.b.c.d:80>  ->  <Virtualhost *:80>
That only works if you have only one address on the machine and.

If you have addresses that aren't intended for name-based-site-A but
do terminate SSL connections to sites B, C, and D, then you probably
don't want to use * for site A.

> Use hard-coded IP addresses only where required for stuff like SSL-enabled webhosts.
Depends on the complexity of your environment. In a more complex configuration
you can actually save yourself a lot of trouble and confusion later by using a
construct like this:

Listen [2620:0:930::dead:beef:cafe]:80
Listen [2620:0:930::400:7]:80
<VirtualHost [2620:0:930::400:7]:80 [2620:0:930::dead:beef:cafe]
	ServerName www.delong.com

YMMV, but, that's working reliably in my environment for:

[root at owen conf]# host www.delong.com
www.delong.com has address
www.delong.com has IPv6 address 2620:0:930::400:7

(The dead:beef:cafe address isn't currently in the AAAAs that are publicly visible because
it's used for testing specialized testing from different DNS views.)

The machine in question has a number of IPv4 and IPv6 addresses many
of which terminate HTTP/HTTPs connections, some of which do not.


More information about the NANOG mailing list