Re: The Reg does 240/4

[Stephen Satchell <list () satchell net>]

On 2/12/24 11:07 PM, Dave Taht wrote:
> if I could use the controversy to talk to why it has been so hard to
> deploy ipv6 to the edge and how to fix that problem instead rather
> than triggering people, it would be helpful.

1.  My provider, AT&T, keeps saying "we don't support IPv6."  I've 
written about my years-long effort to get my web server to speak IPv6 
over AT&T fiber.  I finally broke through when I was forced to upgrade 
to business service, and started receiving a better grade of technical 
support.

2.  I have a DNS AAAA record for my web server.  Looking at yesterday's 
access log for SSL, I've had exactly five (5) accesses from two IPv6 
addresses.  Earlier in the month, I found a couple of search engines 
found the IPv6 side of the web server.

3.  I cannot obtain a PTR record for IPv6, so the mail server is a no-go 
because I won't be able to accomplish the minimum effort required for 
major players to recognize my mail server as valid.  My mail server is, 
except for port 25, LAN only.  Haven't run into any IPv6-only mail 
servers, based on the logs.

4.  My new IPv6-aware edge router firewall is in development.  This 
firewall, using NFT, will still NAT uplink IPv4 connections. It will not 
forward new connections from WAN to LAN over a defined subnet of IPv6; 
equipment on the LAN will be assigned IPv6 addresses from that subnet. 
Frankly, I'm not fast-tracking this work because I don't feel blocked by 
not having IPv6 connectivity.

It feels like IPv6 has Second Product Syndrome, where everything but the 
kitchen sink was thrown into it.