[AusNOG] IPv6 reverse DNS and Mail ...

Tom Lanyon tom+ausnog at oneshoeco.com
Fri May 24 19:35:12 EST 2013


On 24/05/2013, at 8:18 AM, Paul Brooks <pbrooks-ausnog at layer10.com.au> wrote:
> On 23/05/2013 5:06 PM, Tom Lanyon wrote:
>> With my small sample size, of the last 3,438,429 messages we've successfully delivered, ~6.6% (227,490) left via IPv6 - so a bit better than 1%, but not really a significant portion.
> 
> Thanks Tom - thats the sort of real-world stats we need.
> Any chance you can look at incoming as well - Is it much the same proportion for
> messages incoming to you (assuming your MXs are advertised as IPv6-reachable)?

We're only delivering on v6 at the moment.  Our receiving MXs are in our old data centres (for just a few more weeks!) without v6 connectivity.


On 24/05/2013, at 10:58 AM, Robert Mibus <mibus at mibus.org> wrote:
> For resolvers, I'm not suggesting to replace the client<->resolver link as part of the first run, rather resolver<-internet->nameserver side.
> 
> In my experience, retry/fallback mechanisms for DNS servers is more reliable than MTAs. Resolvers that have trouble with dual-stacked nameservers will have huge problems beyond your single site, since so many high-use NSes (roots etc) are already dual-stacked.
> 
> In any event; as more providers support IPv6 mail, more MTAs will get fixed - and so each day it gets easier for everyone else to assume it'll "just work".

We similarly found some non-ideal behaviour on our outbound mail relay hosts with the standard version of the Postfix MTA on RedHat/CentOS/Scientific Linux 6.x.  We built some custom Postfix 2.10 packages and have not encountered any IPv6 issues with these.

Conversely, the standard BIND/named version shipped with RHEL 6.x (and derivatives) worked flawlessly as our outbound resolvers.  We've since moved to a more distributed setup with local resolver caches on most end hosts forwarding to the shared outbound resolvers for cache misses, but nevertheless we basically haven't encountered any issues with outbound DNS resolution and IPv6.


In any case, these more fundamental services (DNS, mail, etc.) are the least of our worries in the context of IPv6.  Our attempt at an IPv6-only data centre (with NAT64 for reachability to external v4 hosts) found countless pieces of software that just simply will not work without local IPv4 connectivity on the host.

Tom




More information about the AusNOG mailing list