The World IPv6 Day is scheduled on 8th of June. During 24 hours, big players on the Internet will make their content available via IPv6. Popular websites, like Google, Facebook and many more, will be available via IPv4 or IPv6 depending on your network configuration. This blog is already available via IPv6 for a few months and I would like to invite all website owners and network administrators to take part of this worldwide live test. Why? Not because it will be funny or interesting from a technical point of view. Because, while introducing IPv6, mis- or default- configurations will also introduce more issues on your infrastructure and it could have a negative impact on your business. Here follows a good example that I faced yesterday.
I’m running my own mail server based on a Postfix setup. My SMTP relay has a dual IP stack but is not (yet) connected to the world using IPv6. It means that applications IPv6 ready will detect the presence of an IPv6 stack. For an unknown reason (for sure, a mistake), I added the following directive in my Postfix config:
$ sudo postconf -e "inet_protocols = all"
It enables both IPv4 and IPv6. It also means that Postfix will perform AAAA DNS lookups. And here come the problems… I sent some e-mails to an organization fully IPv6 ready (yes, they are!) and those were rejected and blocked in the outgoing mail queue. Let’s have a look at this organization MX records:
$ dig company.com mx [...] ;; QUESTION SECTION: ;company.com. IN MX ;; ANSWER SECTION: company.com. 900 IN MX 10 mx3.company.com. company.com. 900 IN MX 10 mx2.company.com. company.com. 900 IN MX 10 mx1.company.com. company.com. 900 IN MX 10 mx4.company.com.
$ host mx1.company.com mx1.company.com has address 78.x.x.x mx1.company.com has IPv6 address 2a00:x::x:40 mx1.company.com has IPv6 address 2a00:x::x:38 mx1.company.com has IPv6 address 2a00:x::x:44 mx1.company.com has IPv6 address 2a00:x::x:30 [...]
The four MX records have both IPv4 and IPv6 addresses. This is why Postfix failed to deliver the emails. As described in the IPv6 Postfix support page, the order of IPv6/IPv4 outgoing connection attempts is not (yet?) configurable: IPv6 is always probed first.
As my Postfix detected a dual IP stack, it tried to deliver the e-mails over IPv6. This failed due to the lack of IPv6 connectivity! The problem was solved by forcing IPv4 only:
$ sudo postconf -e "inet_protocols = ipv4"
If you have your own SMTP relay and offer IPv6 connectivity, a good idea could be to define backup MX records with IPv4 supports. In case of problems related to IPv6, e-mails will be relayed via your backup servers! This example shows how implementing IPv6 could affect regular operations. That’s the purpose of the World IPv6 day. It’s not too late to prepare yourself…