Re: [Sks-devel] disunitedstates.com now available on IPv6

[David Benfell]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/10/2013 05:57 AM, Todd Lyons wrote:
> On Thu, Oct 10, 2013 at 02:38:55AM -0700, David Benfell wrote:
> 
>> For those who worry about such things, disunitedstates.com has
>> added IPv6 capability and should now be answering at 
>> 2a02:c200:0000:0010:0000:0000:0404:0201
> 
> When I specify the ipv6 directly, at least that works:
> 
> address@hidden ~]$ test_sks_keyserver.sh
> '[2a02:c200:0000:0010:0000:0000:0404:0201]' gpg: requesting key
> AE127015 from hkp server [2a02:c200:0000:0010:0000:0000:0404:0201] 
> gpg: key AE127015: "Todd A. Lyons (Cannonball) <address@hidden>"
> not changed gpg: Total number processed: 1 gpg:
> unchanged: 1
> 
> There is not a visible AAAA record for that ip:
> 
> disunitedstates.com.  86400   IN      NS munich.parts-unknown.org. 
> disunitedstates.com.  86400   IN      NS reykjavik.parts-unknown.org.

It appears to be working for me. Please let me know if you're still
seeing something different:

n4rky% dig AAAA disunitedstates.com @reykjavik.parts-unknown.org

; <<>> DiG 9.9.3-P2 <<>> AAAA disunitedstates.com
@reykjavik.parts-unknown.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56585
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;disunitedstates.com.           IN      AAAA

;; ANSWER SECTION:
disunitedstates.com.    86400   IN      AAAA    2a02:c200:0:10::404:201

;; AUTHORITY SECTION:
disunitedstates.com.    86400   IN      NS      munich.parts-unknown.org.
disunitedstates.com.    86400   IN      NS      reykjavik.parts-unknown.org.

;; Query time: 195 msec
;; SERVER: 93.95.227.19#53(93.95.227.19)
;; WHEN: Thu Oct 10 10:30:40 PDT 2013
;; MSG SIZE  rcvd: 138

n4rky% dig AAAA disunitedstates.com @munich.parts-unknown.org

; <<>> DiG 9.9.3-P2 <<>> AAAA disunitedstates.com
@munich.parts-unknown.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58387
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;disunitedstates.com.           IN      AAAA

;; ANSWER SECTION:
disunitedstates.com.    86400   IN      AAAA    2a02:c200:0:10::404:201

;; AUTHORITY SECTION:
disunitedstates.com.    86400   IN      NS      munich.parts-unknown.org.
disunitedstates.com.    86400   IN      NS      reykjavik.parts-unknown.org.

;; Query time: 178 msec
;; SERVER: 193.34.144.104#53(193.34.144.104)
;; WHEN: Thu Oct 10 10:30:56 PDT 2013
;; MSG SIZE  rcvd: 138

n4rky%

> 
> There is no rDNS for that ip:

Known. I have to put in a support request to set that up because
Contabo's web interface for dealing with PTR records only does IPv4. I
haven't gotten to it yet and there's one other issue (two if we count
the one below) I need to resolve first so I can bundle all of these
into a single request.

> 
> Set up those two things and you'll probably start getting traffic
> on the ipv6 interface.  Make sure to add pool.sks-keyservers.net
> and *.pool.sks-keyservers.net as ServerAliases (apache speak,
> varies if you're using a different rproxy mechanism).

I haven't even found a HOWTO on setting up the proxy that both
actually works and makes sense to me, so I've never done this. And
disunitedstates.com is in use for another application on ports 80/443
anyway. I *could*, however, add a subdomain and allocate one of my
spare IPv4 addresses to it and tell sks to listen to more addresses.

What would be nice, if I were to do this, is to have a really nice web
page to put in front. I know this was discussed before on this list,
but I haven't found it again, and I'd like to have permission before
just hauling off with somebody else's creative work. ;-)

- -- 
David Benfell
see https://parts-unknown.org/node/2 if you don't understand the
attachment
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSVubrAAoJEKrN0Ha7pkCOV3gQAJIAkHhvDtZDZSq0xm9fnKcy
ychVCcbpwj254k5iHhT+3IaHONlp026yMXfr0Rrmpw17/5IH+1Ea/iqZ90C60Fmm
L94YqSRsRoN2HE2d9piVYFKldW6UxOobhYBZ7qJipjOOFQbQHBorLI3uW5hzINiH
cmOuDHErTdMK+7UaMUyKP8BNRHMxXmopoCapPuKUPCGi/sPwW391CpEwlhQVxbcR
WyYJqh+Lp2xu1ONThfWxz0Ez9vgvQRgngd4Q7hexJJMNbDT1nmoP2dWTZxzaOcIU
fBLPfC0jZpIt4J3Zle+s+UheonpfbjendwW6kJKhJ49yjjKjSW9Xb3piRqSPEhu5
NwcRq8Qvks/xuOsqs3pBz6Izz/STY1YoY568AkM2hrEYddiOMMTuXKPLH96PBsYQ
8gxSe3hOQj5MmhDqWtFs5U3dEr/Psn4j2yGQC+zvoQWnImg49qU2wMaXdb2zWp34
EcHYZaPdvkAv/CRs/xqyUyxafViTTd8VcqVcgo7tpe7pPEl350ltyE7LL57JilU4
FAjaoWE+uWT2NCpt3yB27UnZIKtdh8pwqIXJt2khk9JtJHyjZs+XuqsGTwkoLXHi
w3K0dGQkXYXj+ub1uiSCdZYVXPKaifw24dcNjR6G5Nu7KQV9qPxBsNp1uOj3Gc33
NoNQJMMI1pqUxnrjYS6F
=Ac/P
-----END PGP SIGNATURE-----

benfell.vcf
Description: Vcard