Re: IPv6 in Debian

To: debian-release@lists.debian.org
Subject: Re: IPv6 in Debian
From: Stephen Gran <sgran@debian.org>
Date: Mon, 30 Jul 2007 21:23:29 +0100
Message-id: <[🔎] 20070730202329.GA20778@www.lobefin.net>
Mail-followup-to: debian-release@lists.debian.org
In-reply-to: <[🔎] 200707301126.21024.mgb-debian@yosemite.net> <[🔎] Pine.LNX.4.64.0707292317430.4558@localhost>
References: <Pine.LNX.4.64.0707292206060.4120@localhost> <20070729205221.GF16638@ftbfs.de> <[🔎] Pine.LNX.4.64.0707292317430.4558@localhost> <[🔎] 200707301126.21024.mgb-debian@yosemite.net> <Pine.LNX.4.64.0707292206060.4120@localhost> <20070729205221.GF16638@ftbfs.de> <[🔎] Pine.LNX.4.64.0707292317430.4558@localhost>

This one time, at band camp, Tomas Pospisek said:
> Hallo Release Team,
> 
> I've read in the release goals:
> 
> >RELEASE GOALS
> >=============
> >
> >* full IPv6 support
> > Advocate: Martin Zobel-Helas
> 
> and wrote to Martin Zobel-Helas who redirected me here.
> 
> My experience with IPv6 in Debian is foremost that it's a pita.
> 
> Debian enables IPv6 by default.
> 
> * AAAA before A DNS lookup

This is pretty standard behavior, really.  I haven't seen any real
problems because of it, but I can imagine it being an issue.  It is
easily solved by blacklisting, however.

> * Software that binds to the first socket found
> 
>   Then there's software that binds to the first port it gets and is
>   difficult to teach not to do so. [2]

All the hits on that page are for dccproc.  Are there others that are
that broken?  I don't see any bug reports from you about it, or actually
any bug reports about this issue.  Can you report it if it's a problem?

> * The cost of disabling IPv6
> 
>   Once the kernel has loaded the ipv6 module, one can not get it rmmod'ed
>   (or not easily - I have not figured out how to do this remotely on a
>   hosted server). Which means:

http://www.google.com/search?q=disabling+ipv6+linux

The first hit gives you explicit instructions on how to do it.

> * Limited usefulnes of IPv6

It is getting more and more common, and most of the world doesn't live
in an ipv4 saturated country like those in Anglo North America and Europe.

This one time, at band camp, Mike Bird said:
> I would add only one point to Tomas Pospisek's excellent
> analysis.  Without diligent precautions, IPv6 is horribly
> insecure.  You thought your firewall protected you, but
> now "apt-get dist-upgrade" will open your protected apps
> to the outside world.

Not particularly, unless you actually have an addressable machine.  And
if you have given a machine a public IP address, surely you've thought
about this and taken security precautions?
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: IPv6 in Debian
  - From: Mike Hommey <mh@glandium.org>

References:
- Re: IPv6 in Debian
  - From: Tomas Pospisek <tpo@sourcepole.ch>
- Re: IPv6 in Debian
  - From: Mike Bird <mgb-debian@yosemite.net>

Prev by Date: Re: Please ensure SVGATextMode < 1.9-18 does not enter the distro for amd64
Next by Date: Re: Bug#434950: FTBFS (hppa): /usr/bin/ld: cannot find -ljpeg
Previous by thread: Re: IPv6 in Debian
Next by thread: Re: IPv6 in Debian
Index(es):
- Date
- Thread