IPv6 support still lacking
I was playing HE.net’s IPv6 certification test last night. And I got stucked on last step, adding an AAAA tld glue record for my domain. Unfortuantely the domain registrar I am using, 1&1 AG, does not support AAAA record in their system.
Here is the email I got this afternoon,
Thank you for contacting us. Unfortunately, our system does not support AAAA record. Our system only supports modifying the DNS, A-record & Mx-Records as well as CNAME. If you have any further questions please do not hesitate to contact us.
– Sincerely,
xxxxxxx xxxxxxx
Technical Support
1&1 Internet
The test from he.net is not easy. Here is the list of softwares and services I used last night through trial and error.
- The first test is browsing an IPv6 website from he.net. I tried many methods. On my local Windows machine, I can ping -6 ipv6 address, I can copy and paste ipv6 into browser. But browser just refused to connect to remote host by ipv6 hostname. I tried to build ipv6 enabled Lynx on a linux machine, which also failed. Because none of above worked, I had to cheat on this step by using http://ipv6.he.net.ipv4.sixxs.org/.
- Run a webserver on IPv6 address. Very simple, I added an ipv6 address into my webserver, Cherokee, and everything worked as they should.
- Run a mail server on IPv6 address. Postfix, the mail server I am currently using, supports IPv6 natively. Simply add inet_protocols = all into main.cf, postfix will start listerning on IPv6 socket. First email unfortunately failed due to dkim-milter refused connection from ipv6 address. After disabling, 2nd email passed through.
- Have a RDNS record for my MX record. I am using ipv6 patched tinydns. NS and SOA record for my /48 prefix to tinydns are required to get response for PTR record. It took me a while to figure that out. Patched tinydns has a utility add-host6 to handle record for both forward and reverse dns but ns and soa need to be added manually.
- Run DNS server natively on IPv6. Even though tinydns is listerning on IPv6 address and my local dig show correct response. But he.net did not accept it for unknown reason. So I installed Bind9, and everything just worked in less than 5 minutes.
- Add an AAAA glue record to TLD nameserver. 1&1 AG does not support it as I said at beginning of the post. I am transferring my domain to GKG.net, hope they works, and I will update this post once I finish this step. Here is a list of domain registrars supporting ipv6 glue.
So here is my test result.
I am using dnsmadeeasy for my DNS, but they do not support IPv6 in any means. My VPS providor, Linode LLC, supports AAAA record in nameserver, but no ipv6 PTR record and no native IPv6 connection, no ipv6 dns servers.
Correct way to password protect Cherokee webserver
I have played Cherokee server on my personal blog a couple of days. I used it for some private file. Some directories need to be password protected. Initially I set it up in this way.
Then I tested against some static files, it obviously worked. However a couple days later, I realize the php script inside this directory was not protected at all including index.php. A rather easy fix, I added the same auth method to php handler as well. However as I add more stuff into my private directory, some of them require individual handler to work correct, so I added same http authentication method to all of them. It is really a pain to maintain such a long auth list, suddenly I realized I must have done this in a wrong way.
After digging into the cherokee document and cookbook, I find this simple solution to protect a whole directory.
- Add a directory rule which match the directory you want to protect.
- Set the handler to None in Handler tab
- Set authentication method in Security tab.
- Move this rule to the top and uncheck final.
That’s it.