net-snmp and IPv6

When you search the internet on how to use net-snmp with IPv6 most of the examples you’ll find look like this:

snmpwalk -v2c -c lab udp6:[3fff:172:20:20::5]  | head -1
iso.3.6.1.2.1.1.1.0 = STRING: "Arista Networks EOS version 4.35.0F-44178984.4350F (engineering build) running on an Arista cEOSLab"

TIL: Apparently since version 5.7 you can just use

snmpwalk -v2c -c lab 3fff:172:20:20::5  | head -1
iso.3.6.1.2.1.1.1.0 = STRING: "Arista Networks EOS version 4.35.0F-44178984.4350F (engineering build) running on an Arista cEOSLab"
[]

What’s done wrong here?

What’s done wrong here?

$ curl foo.example.com
curl: (6) Could not resolve host: foo.example.com
$ host foo.example.com
Host foo.example.com not found: 3(NXDOMAIN)
$ ping foo.example.com
ping: foo.example.com: Name or service not known
$ traceroute foo.example.com
foo.example.com: Name or service not known

Another admin trying to be thorough when reporting an issus. They could have stopped after the first command. The curl error messages tells you everything you need to know. If curl can’t resolve the name, the other tools will very likely also not be able to resovle the name.

[]

If it walks like a duck…

If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck.

But it has to look, swim, and quack like a duck. If it only does one or two, it might be something else entirely.

Almost two years ago I opened a ticket on GitHub because I couldn’t (and still can’t) install packages via pip on an IPv6-only host with an IPv6-only resolver. Fastly is used as a CDN, and the authoritative DNS servers involved simply don’t have AAAA records. It’s just a matter of switching to a different set of DNS servers.

[]

IPv6 is not important

I recently looked at a curriculum for a basic level course of a well known vendor. What struck my eye was that IPv4 basics, including classes, was pretty high on the list of topics. Then I found stuff like RIP version 1 in the list of topics an IPv6 almost at the end of the list of topics.

My calendar says it’s the End of 2025 so IPv6 should be at least as important as IPv4. IPv4 classes should only be viewed in a historical context, same as RIPv1.

[]

How much EU is in DNS4EU?

This is another post that started after several toots on mastodon. Most of the things presented here were already tooted by other people, but I think this is a good chance to write a mini tutorial about what to look at. We’ll use DNS, whois, BGP and your favourite search engine.

What is DNS4EU?

To quote the web page:

Supported by the European Union Agency for Cybersecurity (ENISA), the European Union’s DNS4EU secure-infrastructure project provides a protective, privacy-compliant, and resilient DNS service to strengthen digital sovereignty and security for EU citizens, governments, and critical infrastructure.

[]