If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck.

But it has to look, swim, and quack like a duck. If it only does one or two, it might be something else entirely.

Almost two years ago I opened a ticket on GitHub because I couldn’t (and still can’t) install packages via pip on an IPv6-only host with an IPv6-only resolver. Fastly is used as a CDN, and the authoritative DNS servers involved simply don’t have AAAA records. It’s just a matter of switching to a different set of DNS servers.

I recently looked at a curriculum for a basic level course of a well known vendor. What struck my eye was that IPv4 basics, including classes, was pretty high on the list of topics. Then I found stuff like RIP version 1 in the list of topics an IPv6 almost at the end of the list of topics.

My calendar says it’s the End of 2025 so IPv6 should be at least as important as IPv4. IPv4 classes should only be viewed in a historical context, same as RIPv1.

This is another post that started after several toots on mastodon. Most of the things presented here were already tooted by other people, but I think this is a good chance to write a mini tutorial about what to look at. We’ll use DNS, whois, BGP and your favourite search engine.

What is DNS4EU?

To quote the web page:

Supported by the European Union Agency for Cybersecurity (ENISA), the European Union’s DNS4EU secure-infrastructure project provides a protective, privacy-compliant, and resilient DNS service to strengthen digital sovereignty and security for EU citizens, governments, and critical infrastructure.

A short one, also via mastodon:

host deutschehochschule.de
deutschehochschule.de has address 162.159.134.42
deutschehochschule.de has IPv6 address ::ffff:162.159.134.42
deutschehochschule.de mail is handled by 0 deutschehochschule-de.mail.protection.outlook.com.

“Of course we have IPv6”. BTW: The IPv4 address is from Cloudflare. AFAIK: You have to actively do something not to do proper IPv6 using Cloudflare.

Just so I find it again when I run across the same problem in the future:

I wanted to log in to one of my servers and couldn’t access it, because I couldn’t resolve the name from one specific domain. All other domains worked fine.

So let’s head over to the DNS server and check what we can do. I’m running BIND, and it ships with two tools, named-checkconf and named-checkzone. As the name implies named-checkconf checks the overall configuration, named-checkzone single zone. There is also an option -z for named-checkconf that checks all the primary zones found in the configuration.