Rémi Denis-Courmont wrote: > First my apologies for the initial remark. I did not realize that > getaddrinfo() actually stopped doing AAAA if ipv6 was not loaded even > if AI_ADDRCONFIG was not set. no problem :) > > Answers inline. > > Le lundi 2 avril 2007 06:53, Fabio Massimo Di Nitto a écrit : >> Remi, restoring IPv6 is a matter of adding/uncommenting a line in >> interfaces or removing the blacklist. I don't believe that it can be >> such big source of headackes. > > So, how do I deploy Ubuntu with IPv6 to a large number of PCs with > non-techies users? > > Even if I could modify the configuration manually, how do I cope with > configuration files updates from Ubuntu? dpkg will not deploy new > versions because the configuration files changed. /etc/network/interfaces is not considered a configuration file and no packages owns it. So you can modify it at will. > > At the very least, the ipv6 blacklist should be in a file of its own so > that it does not prevent upgrading the rest of the file for people > still using IPv6. It is on its own blacklist file alone. > > That's not only immensely impractical for "human beings", the current > solution provides no sane exit strategy and upgrade path, which is the > most basic question to answer when deploying this kind of kludge. Well here we need to balance what are the pros and cons. Pros are a lot given how many people are unfortunately hitted by broken hw and broken DNS implementations. Cons is only one.. to re-enable autoconf you need to either unblacklist ipv6 or add one line to /etc/network/interfaces. I think the overall price is worth the benefit. > On my system, the upgrade also had the very unkind effect of breaking > ip6tables completely, since IPv6 autoloading got disabled, and any sane > person will do firewall configuration before configuration the network > interfaces. I usually load a firewall on given protocol once lo is up on that protocol for 2 reasons: 1) i can make sure the protocol is loaded 2) it is always executed before any real interface is up. Another way to hook up a firewall script to a specific protocol is to use the /etc/modprobe.d/ to run a script as soon as a certain module is loaded. > >> What MacOS does is also not completely proper. > > The MacOS X solution is far from perfect, but it is surely much less > worse than permanently killing IPv6 because of a few broken DNS caches. s/caches/implementations and it's not just DNS here. As I said there is also broken hardware around. > >> I can have only >> link-local address and use them to connect from one machine to >> another with proper entries in the DNS. > > Any applications, with the possible exception of ping6, will > return "Invalid argument" error because the DNS resolver cannot > guess/set the scope ID in the IPv6 socket address structure. Futhermore > many applications cannot deal with link-local anyway because they do > not preserve the scope ID even if it's set. > > On top of that, putting link-local in the DNS is against documented > standard practices. It appears somebody is using it this way and it was brought up as use case. I will check this up again. Fabio PS I don't exclude that the use case was based on personally developed application that we cannot exclude to exist. -- I'm going to make him an offer he can't refuse.