Internet Protocol version 6 (IPv6) is the “new” Internet addressing protocol created by the Internet Engineering Task Force (IETF) to deal with the exhaustion of the current IPv4 address space. In Part One of this article I gave you some background in IPv6 and documented your path from IPv6 Certified Newb to Enthusiast. In Part Two we’ll finish the Hurricane Electric IPv6 Certification process and you’ll be end up being a Sage.
Administrator
The IPv6 Administrator not only runs a valid IPv6 addressed web site, but also a valid IPv6 addressed mail server. For this certification, you’re going to have to configure a mail server that resolves via IPv6 DNS, can be connected to over IPv6, and will properly receive email. Apple OS X 10.6 (Snow Leopard) includes a Postfix mail server, which I’ll walk you through configuring. This is not an extensive tutorial on configuring your Macintosh to run Postfix and be an Internet mail server. I’m only going to show you how to make it respond properly, receive email, start and stop it. You SHOULD NOT leave this up and running all of the time, in fact, I’m not even going to show you how to get it to auto-load at system startup (though you can). You should already have your Macintosh with a ping6-able IPv6 address and resolving via DNS.
Configure Postfix
Postfix is a SMTP Mail Transfer Agent (MTA) that attempts to be fast, easy to administer, and secure. Postfix is shipped in a configuration that does not allow it to talk on the public Internet, so the configuration will have to be adjusted. Additionally, we’ll have to enable Postfix to listen to your IPv6 address. To minimize the risks, I’m going to configure Postfix to only respond to its IPv6 address.
The Postfix configuration file is found at /etc/postfix/main.cf. You should be able to open this file with any Plain Text editor, TextWrangler is a good (and free) one. For this configuration example my IPv6 host is going to be ipv6.example.com, and therefore my domain is example.com.
Set your host name on the myhostname variable:
[bash gutter=”false”]
myhostname = virtual.domain.tld
myhostname = ipv6.example.com
[/bash]
Set your domain name:
[bash]
mydomain = domain.tld
mydomain = example.com
[/bash]
Set Postfix to listen on all interfaces:
[bash]
inet_interfaces = $myhostname, localhost
inet_interfaces = all
[/bash]
Enable only IPv6 as the Internet protocol in use with inet_protocols:
[bash]
inet_protocols = ipv6 # (enable IPv6 only)
inet_protocols = ipv6
[/bash]
Configure Postfix to recognize various forms of your server as local, using the mydestination variable:
[bash]
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
[/bash]
You should be able to leave everything else as the default, save the file.
Start Postfix (from Terminal):
[bash]
sudo postfix start
[/bash]
To stop Postfix use:
[bash]
sudo postfix stop
[/bash]
Test that your mail server is responding by using Terminal and issuing the command:
[bash]
telnet localhost 25
[/bash]
You should see output similar to (note the IPv6 use of ::1 for localhost):
[bash]
Walkabout:~ pickerin$ telnet localhost 25
Trying ::1…
Connected to localhost.
Escape character is ‘^]’.
220 ipv6.example.com ESMTP Postfix
[/bash]
Type quit to exit:
[bash]
quit
221 2.0.0 Bye
[/bash]
You now have a working SMTP mail server.
Configure a MX Record
In order to have a properly configured mail server, you should have a Mail Exchanger (MX) record defined for your domain. Hurricane Electric Free DNS to the rescue! Edit your domain and add a new MX record that points your domain to your host address.
You should be ready to complete this certification by filling in the Hurricane Electric test box with your email address. Oh wait! What is it?Your E-Mail Address
You have an account on your Macintosh and that account has a short name. The short name is rarely used, but to determine your email address you’re going to have to find it. The best instructions I’ve found are here. Once you have your short name, the rest is easy. Your email address is: shortname@example.com.
Now you can have Hurricane Electric’s Administrator test send you an email with a code in it. Your mail should deliver to the /var/mail/shortname file on your Macintosh. Read that file and your code should be in there. Congratulations, you’re now an IPv6 Administrator.
Make sure to take the Administrator Technical Test under Additional Tests in the left navigation. I’ll warn you now, the Administrator Technical Test is non-trivial for a beginner to IPv6. You get 11 questions and if you miss one, it will tell you which question you missed and allow you to take the test again (you won’t pass based on percentage). However, each version of the test scrambles up the questions and the data in the question, and all of the answers will be reset. So, pay attention. I was struggling with one of the answers (hint coming) and found I was missing questions I had already answered correctly once, just because I wasn’t paying attention to the answer I was selecting.
The one question I had difficulty with on the Administrator test was, “On Redhat, CentOS, and Fedora Core systems that don’t accept ::/0 as the IPv6 default route, which of the following should you use instead?” I finally found the answer in the Hurricane Electric forums here. The reason is that 2000::/3 is the Global Unicast address space, so 2000::/3 is basically (not exactly) the 0.0.0.0/0 space we use today in IPv4 default routes. Here’s hoping the RedHat variants fix this.
Professional
The IPv6 Professional certification completes the setup of your IPv6 network. You now have to ensure that your mail server has a valid rDNS (Reverse DNS or PTR record) that works in IPv6.
The first step is to add a Reverse Zone to your Free DNS account. The IP block you will be adding is the /64 you were assigned as part of your Tunnelbroker service.
Once the zone is added to your account, you should be able to add a new PTR record. The record you are adding should be the local IPv6 address of your Macintosh and the forward DNS [FQDN](http://en.wikipedia.org/wiki/FQDN) you assigned to that IP address.Have Hurricane Electric check it, congratulations you’re now an IPv6 Professional.
Make sure to take the Professional Technical Test under Additional Tests in the left navigation. This test is even harder, as expected, than the Administrator test. There are now 22 questions you’ll have to answer and they will stretch your knowledge of IPv6 even further.
Guru
The IPv6 Guru is all about cleaning up the DNS resolution of your IPv6 implementation, and making sure it supports native IPv6 users. To become a Guru you need to verify that the name servers for your domain have AAAA records and those name servers need to be able to respond to queries made via IPv6. If you’re running your own DNS servers, then you just need to make sure that your DNS implementation supports IPv6 queries, bind them to the appropriate IPv6 interface, and let it rip. Even better, if you’re hosting your DNS with Hurricane Electric’s Free DNS, then you’re done. The Guru certification tasks have already been accomplished for you. Just be sure to remove the host portion of the address that Hurricane Electric pre-fills on their form or the tests will fail (mine did). Congratulations, you’re now an IPv6 Guru!
Make sure to take the Guru Technical Test under Additional Tests in the left navigation. This exam is 20 questions long and I found this reference very helpful.
Sage
The IPv6 Sage is the highest certification level that Hurricane Electric is currently providing. To become a Sage you need to make sure that the IPv6 glue records for your domain are present at your Domain Name Registrar. This is probably the hardest task you’ll face, because you cannot run your own Domain Name Registrar. You will be at the mercy of whatever Registrar you currently have your domain name registered with, and obviously, if they do not support IPv6 Glue Records, then you’re out of luck without transferring your domain to someone who does (at a cost). SixXS provides a list of Domain Name Registrars who support IPv6 Glue Records and how to get them.
The good news is that if you’ve pointed your domain name to Hurricane Electric’s Free DNS, then they have already provide IPv6 Glue Records for most of their DNS servers. I say most because this test constantly failed for me, even though I was using HE’s DNS servers. I then remembered that when I set up my domain, they have one DNS server (ns1.he.net) that was in an IPv4 “compatibility mode”.
So, off to my Registrar and I removed ns1.he.net from the DNS servers that were authoritative for my domain. That did the trick and I was a **Sage**. Now you are too!Make sure to take the Sage Technical Test under Additional Tests in the left navigation. There are only 9 questions on this exam and they are very straight forward, you shouldn’t have an issue. Congratulations, you’ve now completed the Hurricane Electric IPv6 Certification Program and you are a Certified IPv6 Sage!
What’s Next?
After taking the Sage Technical Test you should have 900 points listed on your badge. You may also see that other people have 1,500. How’d they do that?
For starters you can get a Free T-Shirt! Hurricane Electric allows you to request an IPv6 Sage T-Shirt, if you validate your address and select a T-Shirt size. You’ll find this “test” by clicking the Update Info link under Account Menu. If you do so, you’ll net an additional 100 points!
There are also daily tests you can perform with your environment to earn the additional 500 points. The tests are all performed from your IPv6 connected host:
- Submit an IPv6 Traceroute – Use traceroute6 FQDN to an IPv6 host, copy and paste the results (1 point)
- Submit an IPv6 Dig AAA – Using dig AAAA FQDN, copy and paste the results (1 point)
- Submit an IPv6 Dig PTR – Using dig -x IPv6Addr, copy and paste the results (1 point)
- Submit an IPv6 Ping – Use ping6 to verify an IPv6 host is online, copy and paste the results (1 point)
- Submit an IPv6 Whois – Submit a whois -h whois.arin.net IPv6Addr for an IPv6 IP Address (or range), copy and paste the results (1 point)
So, 100 days of running the tests (we call these “Dailies” in WoW) will get you to the 1500 point cap. 100 days seems like a lot, but it only takes seconds to run the tests and you’ll have the 500 points in no time!
### More IPv6 PleaseA great primer for IPv6 can be found at SixXS.