Skip to content. | Skip to navigation

A Digital Expression of Life
Personal tools
Sections
You are here: Home Tech Hurricane Electric IPv6 Certification

Hurricane Electric IPv6 Certification

This page is dedicated to my pursuit of Hurricane Electric's IPv6 certification provided on their website. I will chronicle my activities, the different levels of testing I attempt and the outcome of each. Feel free to comment.

 

Newbie Status :: 29Nov2008

Today I completed the test allowing me to obtain the status of IPv6 Newbie.  This was a test challenging one to basic concepts and rules of IPv6.  The information provided for reading also allowed one to gain maybe a stronger interest in IPv6 if non-existent before.  I would certainly advise one to go at least this far and get a IPv6 tunnel broker account to have real IPv6 connectivity.  I personally use Hexago's go6.net GW6C client to do the job.

Exporer Status :: 29Nov2008

>This does seem rather quick but the test was to see if IPv6 Connectivity could be exstablished by your PC.  I was able to do this using the go6.net tunnel broker and my client IPv6 address was seen as 2001:5c0:914c::214:51ff:fe7a:4443.  Next we will see if I can present a web page via IPv6.

Enthusiast Status :: 29Nov2008

This step took a little more work but not much.  I already have this site setup and I thought it was IPv6 enable since I was running apache 2.2.  However my LISTEN statement in my httpd.conf had 0.0.0.0:80 instead of just 80.  A quick edit, issue apachectl restart and certification status was achieved. 

Administrator Status :: 30Nov2008

They threw a good twist to in obtaining this certification level.  It required they be able to send and email to your IPv6 enabled MTAa and you had to respond back with a code that was included in the email.  Since I had experience running my own MTA with Postfix and NetBSD defaults to Postfix I got it up and running with no problem.  Of course I had make sure I didn't start getting a ton of spam so I used to access(5) method with the following statement added to main.cf and contents added to the access file.

/etc/postfix/main.cf
postconf -e "smtpd_sender_restrictions = check_sender_access
regexp:/etc/postfix/access,reject_unlisted_sender"
/etc/postfix/access
/ipv6@he.net/ OK
  • /^.*$/ REJECT
  • postmap /etc/postfix/access

    • Then a simple postfix reload and things are all set to go.  I also went to the abuse.net relay test site to make sure I wasn't vulnerable to relaying attacks.

    Professional Status :: 01Dec2008

    Next up was proving you had a working forward and reverse DNS for your mail server.  Now this was not trivial and not an impossible task, but I was a little rusty with my DNS admin skills.  Nonetheless, I finally got it setup correctly one evening and successfully obtained the certification status.  Now accompanying this was a nice 22 question technical quiz that was very welcomed as it required a little research but I finally passed.

    Guru Status :: 06Dec2008

    I was able to complete this by ensuring I had a NS server with AAAA records and that this NS server responded to DNS queries directed to it's AAAA address.  This was completed along with a 20 question Guru technical test.  This test did require some research which was very welcomed and provided further knowledge about IPv6.

    Sage Status :: 09Dec2008

    This top level will require me to create IPv6 Glue records with my registrar for my domain.  I had no clue what this meant so I spent some time reading but after understanding it's purpose I made some change with my registrar (www.gkg.net) and I can successfully see that I have IPv6 Glue with the .com TLD.  However, now the opportunity to test for the glue through the certification process is no longer available.  I've submitted a question to the forum and will await a response.

    IPv6 Glue:

    [techniq@morpheus: ~] $ dig @a.gtld-servers.net fourings.com ns

; <<>> DiG 9.4.2-P2 <<>> @a.gtld-servers.net fourings.com ns
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15727
;; flags: qr rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 4
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;fourings.com.                  IN      NS

;; ANSWER SECTION:
fourings.com.           172800  IN      NS      ns.fourings.com.
fourings.com.           172800  IN      NS      ns3.gkg.net.
fourings.com.           172800  IN      NS      ns4.gkg.net.

;; ADDITIONAL SECTION:
ns.fourings.com.        172800  IN      A       76.182.124.207
ns.fourings.com.        172800  IN      AAAA    2001:470:e0bb:1::3
ns3.gkg.net.            172800  IN      A       208.180.24.30
ns4.gkg.net.            172800  IN      A       208.180.24.31

;; Query time: 151 msec
;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
;; WHEN: Mon Jul 13 12:28:59 2009
;; MSG SIZE  rcvd: 166

    This shows that I have IPv6 (AAAA) glue records at the TLD for .com.

      Document Actions

      Sage Status

      Posted by Chris Ruff at Jul 30, 2009 04:02 PM
      I forgot to mention that HE corrected the Sage test script only day or two later and I achieved the status at that time.
      Next: Internal/External DNS Right arrow  
      « March 2010 »
      March
      MoTuWeThFrSaSu
      1234567
      891011121314
      15161718192021
      22232425262728
      293031
      Tag Cloud
      OpenID Log in