Ubuntu 14.04 Server and IPv6 Temporary Addresses

So, as we all know Ubuntu 14.04 was released today.I downloaded the server ISO to test in VirtualBox.

Let us see what we have here:

ss@trusty-testing:~$ cat /etc/lsb-release

ss@trusty-testing:~$ ip -6 addr show dev eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
 inet6 2001:470:1d:96b:70bb:7393:2071:faa2/64 scope global temporary dynamic
 valid_lft 597675sec preferred_lft 78675sec

Wait what? Am I going blind or is that an IPv6 temporary address [0] on a supposedly server image?

Investigating further:

ss@trusty-testing:~$ sudo sysctl -a | grep tempaddr
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.eth0.use_tempaddr = 2
net.ipv6.conf.lo.use_tempaddr = 2

What the hell? Not only did they leave temporary addresses turned on, they set the sysctl value at 2 which means that the system will prefer temporary addresses over standard ones for making connections. [1]

I asked around and apparently this is the case on Ubuntu 12.04 server as well.

ss@ubuntu-testing:~$ cat /etc/lsb-release

ss@ubuntu-testing:~$ sudo sysctl -a | grep tempaddr
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.eth0.use_tempaddr = 2
net.ipv6.conf.lo.use_tempaddr = 2

So that is two LTS server releases with IPv6 temporary addresses turned on and set to 2.

Why are temporary addresses bad on a server?

Unpredictability – anything depending on source address validation. Even SLAAC addresses are more predictable because they can be calculated given the MAC address of the NIC.

Ideally, you should be configuring your server’s addresses statically. Leaving temporary addresses turned on on a server image is just a bad default.

[0] - https://tools.ietf.org/html/rfc4941
[1] - http://ipv6int.net/systems/linux-ipv6.html#privacy

Posted in IPv6, Rants | Tagged , | Comments Off

Rosedale Station : toronto

Rosedale Station by Night_Bus_Pirate

Rosedale Station : toronto by Night_Bus_Pirate.

As a person who has never been north of Bloor-Yonge station, an interesting glimpse of Toronto (and a nice picture too).

Posted in Cool stuff, Images | Tagged , , , | Comments Off

The Path to DNS Independence (Part 2)

To quote from Wikipedia:

An authoritative name server is a name server that gives answers that have been configured by an original source, for example, the domain administrator or by dynamic DNS methods, in contrast to answers that were obtained via a regular DNS query to another name server. An authoritative-only name server only returns answers to queries about domain names that have been specifically configured by the administrator.

Continuing on from my theme of DNS independence, I’d like to explore the advantages and disadvantages of hosting your own authoritative name servers.

Let us take a look at my own setup for authoritative name servers.

Continue reading

Posted in DNS, Networking | Tagged | Comments Off

The Path to DNS Independence (Part 1)

In this post I would like to explore the concept of DNS independence by looking at two types of DNS usage that are common in our daily highly connected lives.

The two types of DNS usage:

  • Recursive/Iterative DNS (first part)
  • Authoritative DNS (second part)

Continue reading

Posted in DNS, Networking | Tagged | Comments Off

Transitioning to a fully functional home IPv6 network

I recently obtained a new router, a Mikrotik RB751G-2HnD and wanted to test the IPv6 capabilities in their operating system. My previous router, a Linksys  Cisco WRT160N (revision 1) running DD-WRT had an issue where IPv6 connectivity would randomly die even though all routes and interface settings were correct.

Continue reading

Posted in IPv6, Networking | Comments Off

Link bots and stuff

People on IRC often mention the fact that I often appear to be a automated RSS feed bot. Sometimes you may stop being a troll and wonder where I get all these totally amazing (!) links from.

Continue reading

Posted in Misc | Comments Off

New Year, New Beginnings

Here we go again. I decided to archive the old AT and start over fresh. Yes, I went back to WordPress. Yes, I know how much it sucks, how much PHP sucks, etcetera. Few things I’m doing different from last time:

  • WordPress is installed and updated from SVN. I’m not letting it update itself.
  • No unnecessary plugins installed.
  • Comments are disabled. If you really really need to give me your opinion on a post, please hit me up on Twitter.
  • No multiuser usage this time. Thanks to everyone who wrote for the old AT but for now I have decided to keep this blog strictly me.

Here is to another eventful year, filled with posts about everything and nothing.

Posted in Uncategorized | Comments Off