I don't understand why a problem with a tunnel 'leaves a bad taste with IPv6'. Since when a badly configured DNS zone left people with a 'bad taste for DNS', or a badly configured switch left people with 'a bad taste for spanning tree' or 'a bad taste for vlan trunking' ? It seems to me that what are perceived as operational mistakes and/or plain lack of knowledge for some technologies is perceived as a fault of the protocol itself in the case of IPv6. People need to get their acts together. ~Carlos On 4/16/12 11:38 PM, Brandon Penglase wrote:
I know you mentioned RedHat, but not if it was the router or other servers. Were you playing with Microsoft's Direct Access and turn on the dns entry (isatap.domain.com) internally? At my current place of employment, we had a security student (at the direction of our security analyst) turn up a DA test server. When they enabled the DNS entry, just about every Windows 7 and 2008 server setup a v6 tunnel back to this little tiny VM. This also included the DNS entries in AD, so all of the sudden, servers have v6 addresses. Needless to say, everything was horribly slow, and some things even flat out broke. Sadly this event left a really sour taste for IPv6 with Networking department (whom I was occasionally bugging about v6).
If you weren't testing this, did you possibly setup something similar where it would automatically generate a tunnel?
Brandon Penglase
On Mon, 16 Apr 2012 23:39:46 +0530 Anurag Bhatia <me@anuragbhatia.com> wrote:
Hello everyone
Just got a awfully crazy issue. I heard from our support team about failure of whois during domain registration. Initially I thought of port 43 TCP block or something but found it was all ok. Later when ran whois manually on server via terminal it failed. Found problem that server was connecting to whois server - whois.verisign-grs.com. I was stunned! Server got IPv6 and not just that one - almost all. This was scary - partial IPv6 setup and it was breaking things.
In routing tables, routes were all going to a router which I recently setup for testing. That router and other servers are under same switch but by no means I ever configured that router as default gateway for IPv6. I found option of "broadcast" was enabled on router for local fe80... address and I guess router broadcasted IPv6 and somehow (??) all servers found that they have a IPv6 router on LAN and started using it - automated DHCP IPv6?
I wonder if anyone else also had similar issues? Also, if my guesses are correct then how can we disable Red Hat distro oriented servers from taking such automated configuration - simple DHCP in IPv6 disable?
Thanks
--
Anurag Bhatia anuragbhatia.com or simply - http://[2001:470:26:78f::5] if you are on IPv6 connected network!
Twitter: @anurag_bhatia <https://twitter.com/#!/anurag_bhatia> Linkedin: http://linkedin.anuragbhatia.com