From 0339ad4763b2d71d22de4dcd387ca83b478aec0d Mon Sep 17 00:00:00 2001 From: pbldp <> Date: Sat, 13 Jul 2002 09:38:37 +0000 Subject: [PATCH] Modified Files: Linux+IPv6-HOWTO.lyx : add information about /proc-FS, security auditing and minor updates --- .../Peter-Bieringer/Linux+IPv6-HOWTO.lyx | 1149 ++++++++++++++++- 1 file changed, 1112 insertions(+), 37 deletions(-) diff --git a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.lyx b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.lyx index 69fe6952..5ae1efd3 100644 --- a/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.lyx +++ b/LDP/users/Peter-Bieringer/Linux+IPv6-HOWTO.lyx @@ -51,8 +51,8 @@ on> \layout SGML - Release 0.25.2 2002-07-11 PB See + Release 0.26 2002-07-13 PB See \begin_inset LatexCommand \ref[revision history]{revision-history} \end_inset @@ -3676,7 +3676,7 @@ One idea of IPv6 was a hierachical routing, therefore only less routing There are some issues in current Linux kernels: \layout Subsubsection -Clients +Clients (not routing any packet!) \layout Standard Client can setup a default route like prefix @@ -4000,7 +4000,7 @@ There are 3 possibilities to add or remove point-to-point tunnels. Add point-to-point tunnels \layout Subsubsection -Using "ip" and "route" +Using "ip" \layout Standard \align left Common method at the moment for a small amount of tunnels @@ -4025,10 +4025,10 @@ Usage (generic example for three tunnels): ¬ local \layout Code -# /sbin/ifconfig sit1 up +# /sbin/ip set dev sit1 up \layout Code -# /sbin/route -A inet6 add dev sit1 +# /sbin/ip -6 route add dev sit1 metric 1 \layout Code \layout Code @@ -4039,10 +4039,10 @@ Usage (generic example for three tunnels): ¬ local \layout Code -# /sbin/ifconfig sit2 up +# /sbin/ip set dev sit2 up \layout Code -# /sbin/route -A inet6 add dev sit2 +# /sbin/ip -6 route add dev sit2 metric 1 \layout Code \layout Code @@ -4053,10 +4053,10 @@ Usage (generic example for three tunnels): ¬ local \layout Code -# /sbin/ifconfig sit3 up +# /sbin/ip set dev sit3 up \layout Code -# /sbin/route -A inet6 add dev sit3 +# /sbin/ip -6 route add dev sit3 metric 1 \layout Subsubsection Using "ifconfig" and "route" (deprecated) @@ -4158,7 +4158,7 @@ Manually not so often needed, but used by scripts for clean shutdown or restart of IPv6 configuration. \layout Subsubsection -Using "ip" and "route" +Using "ip" \layout Standard Usage for removing a tunnel device: @@ -4170,10 +4170,10 @@ Usage for removing a tunnel device: Usage (generic example for three tunnels): \layout Code -# /sbin/route -A inet6 del dev sit1 +# /sbin/ip -6 route del dev sit1 \layout Code -# /sbin/ifconfig sit1 down +# /sbin/ip set sit1 down \layout Code # /sbin/ip tunnel del sit @@ -4183,10 +4183,10 @@ Usage (generic example for three tunnels): \layout Code -# /sbin/route -A inet6 del dev sit2 +# /sbin/ip -6 route del dev sit2 \layout Code -# /sbin/ifconfig sit2 down +# /sbin/ip set sit2 down \layout Code # /sbin/ip tunnel del sit2 @@ -4194,10 +4194,10 @@ Usage (generic example for three tunnels): \layout Code -# /sbin/route -A inet6 del dev sit3 +# /sbin/ip -6 route del dev sit3 \layout Code -# /sbin/ifconfig sit3 down +# /sbin/ip set sit3 down \layout Code # /sbin/ip tunnel del sit3 @@ -4511,37 +4511,994 @@ More information in the meantime: \end_inset -Kernel settings + +\begin_inset LatexCommand \label{proc-filesystem} + +\end_inset + +Kernel settings in /proc-filesystem \layout Standard -To be filled... +Note: the source of this section is mostly the file +\begin_inset Quotes sld +\end_inset + +ip-sysctl.txt +\begin_inset Quotes srd +\end_inset + + which is included in current kernel sources in directory +\begin_inset Quotes sld +\end_inset + +Documentation/networking +\begin_inset Quotes srd +\end_inset + +. + Credits to Pekka Savola for maintaining the IPv6-related part in this file. + Also some text is more or less copied & pasted into this document. \layout Section -/proc filesystem -\layout Standard - -To be filled with following content next: switches forwarding and autoconf - behavior, acceptance of router advertisements and more. +How to access the /proc-filesystem \layout Subsection -Entries in /proc/net/ +Using +\begin_inset Quotes sld +\end_inset + +cat +\begin_inset Quotes srd +\end_inset + + and +\begin_inset Quotes sld +\end_inset + +echo +\begin_inset Quotes srd +\end_inset + + \layout Standard -To be filled... +Using +\begin_inset Quotes sld +\end_inset + +cat +\begin_inset Quotes srd +\end_inset + + and +\begin_inset Quotes sld +\end_inset + +echo +\begin_inset Quotes srd +\end_inset + + is the simplest way to access the /proc filesystem, but two requirements + are needed for that +\layout Itemize + +The /proc-filesystem had to be enabled in kernel, means on compiling following + switch has to be set +\layout Code + +CONFIG_PROC_FS=y +\layout Itemize + +The /proc-filesystem was mounted before, which can be tested using +\layout Code + +# mount | grep "type proc" +\layout Code + +none on /proc type proc (rw) +\layout Itemize + +You need read and sometimes also write access (normally root only) to the + /proc-filesystem +\layout Standard + +Normally, only entries in /proc/sys/* are writable, the others are readonly + and for information retrieving only. +\layout Subsubsection + +Retrieving a value +\layout Standard + +The value of an entry can be retrieved using +\begin_inset Quotes sld +\end_inset + +cat +\begin_inset Quotes srd +\end_inset + +: +\layout Code + +# cat /proc/sys/net/ipv6/conf/all/forwarding +\layout Code + +0 +\layout Subsubsection + +Setting a value +\layout Standard + +A new value can be set (if entry is writable) using +\begin_inset Quotes sld +\end_inset + +echo +\begin_inset Quotes srd +\end_inset + +: +\layout Code + +# echo "1" >/proc/sys/net/ipv6/conf/all/forwarding \layout Subsection -Entries in /proc/sys/net/ +Using +\begin_inset Quotes sld +\end_inset + +sysctl +\begin_inset Quotes srd +\end_inset + + (recommended) \layout Standard -To be filled... +Using the +\begin_inset Quotes sld +\end_inset + +sysctl +\begin_inset Quotes srd +\end_inset + + program to access the kernel switches is a modern method today. + You can use it also, if the /proc-filesystem isn't mounted. + But you have only access to /proc/sys/*! +\layout Standard + +The program +\begin_inset Quotes sld +\end_inset + +sysctl +\begin_inset Quotes srd +\end_inset + + is included in package +\begin_inset Quotes sld +\end_inset + +procps +\begin_inset Quotes srd +\end_inset + + (on Red Hat Linux systems). +\layout Itemize + +The sysctl-interface had to be enabled in kernel, means on compiling following + switch has to be set +\layout Code + +CONFIG_SYSCTL=y +\layout Subsubsection + +Retrieving a value +\layout Standard + +The value of an entry can be retrieved now: +\layout Code + +# sysctl net.ipv6.conf.all.forwarding +\layout Code + +net.ipv6.conf.all.forwarding = 0 +\layout Subsubsection + +Setting a value +\layout Standard + +A new value can be set (if entry is writable): +\layout Code + +# sysctl -w net.ipv6.conf.all.forwarding=1 +\layout Code + +net.ipv6.conf.all.forwarding = 1 +\layout Standard + +Note: Don't use spaces around the +\begin_inset Quotes sld +\end_inset + += +\begin_inset Quotes srd +\end_inset + + on writing. +\layout Subsubsection + +Additionals +\layout Standard + +Note: There are sysctl versions in the wild which displaying +\begin_inset Quotes sld +\end_inset + +/ +\begin_inset Quotes srd +\end_inset + + instead of the +\begin_inset Quotes sld +\end_inset + +. +\begin_inset Quotes srd +\end_inset + + +\layout Standard + +For more details take a look into sysctl's manpage. +\layout Standard + +Hint: for digging fast into the settings, use the option +\begin_inset Quotes sld +\end_inset + +-a +\begin_inset Quotes srd +\end_inset + + (display all entries) in conjunction with +\begin_inset Quotes sld +\end_inset + +grep +\begin_inset Quotes srd +\end_inset + + +\layout Subsection + +Values found in /proc-filesystems +\layout Standard + +There are several formats seen in /proc-filesystem: +\layout Itemize + +BOOLEAN: simple a +\begin_inset Quotes sld +\end_inset + +0 +\begin_inset Quotes srd +\end_inset + + (false) or a +\begin_inset Quotes sld +\end_inset + +1 +\begin_inset Quotes srd +\end_inset + + (true) +\layout Itemize + +INTEGER: an integer value, can be unsigned, too +\layout Itemize + +more sophisticated lines with several values: sometimes a header line is + displayed also, if not, have a look into the kernel source to retrieve + information about the meaning of each value... \layout Section +Entries in /proc/sys/net/ipv6/ +\layout Subsection + +conf/default/* +\layout Standard + +Change the interface-specific default settings. +\layout Subsection + +conf/all/* +\layout Standard + +Change all the interface-specific settings. +\layout Standard + +Exception: +\begin_inset Quotes sld +\end_inset + +conf/all/forwarding +\begin_inset Quotes srd +\end_inset + + has a different meaning here +\layout Subsubsection + +conf/all/forwarding +\layout Itemize + +Type: BOOLEAN +\layout Standard + +This enables global IPv6 forwarding between all interfaces. +\layout Standard + +In IPv6 you can't control forwarding per device, forwarding control has + to be done using IPv6-netfilter (controlled with ip6tables) rulesets and + specify input and output devices (see +\begin_inset LatexCommand \ref{firewalling-netfilter6} + +\end_inset + + for more). + This is different to IPv4, where you are able to control forwarding per + device (decission is made on interface where packet came in). +\layout Standard + +This also sets all interfaces' Host/Router setting 'forwarding' to the specified + value. + See below for details. + This referred to as global forwarding. +\layout Standard + +If this value is 0, no IPv6 forwarding is enabled, packets never leave another + interface, neither physical nor logical like e.g. + tunnels. +\layout Subsection + +conf/interface/* +\layout Standard + +Change special settings per interface. +\layout Standard + +The functional behaviour for certain settings is different depending on + whether local forwarding is enabled or not. +\layout Subsubsection + +accept_ra +\layout Itemize + +Type: BOOLEAN +\layout Itemize + +Functional default: enabled if local forwarding is disabled. + disabled if local forwarding is enabled. +\layout Standard + +Accept Router Advertisements, and autoconfigure this interface with received + data. +\layout Subsubsection + +accept_redirects +\layout Itemize + +Type: BOOLEAN +\layout Itemize + +Functional default: enabled if local forwarding is disabled. + disabled if local forwarding is enabled. +\layout Standard + +Accept Redirects sent by an IPv6 router. +\layout Subsubsection + +autoconf +\layout Itemize + +Type: BOOLEAN +\layout Itemize + +Default: TRUE +\layout Standard + +Configure link-local addresses (see also +\begin_inset LatexCommand \ref{chapter-addresstypes} + +\end_inset + +) using L2 hardware addresses. + E.g. + this generates automagically an address like +\begin_inset Quotes sld +\end_inset + +fe80::201:23ff:fe45:6789 +\begin_inset Quotes srd +\end_inset + + on an interface with a L2-MAC address. +\layout Subsubsection + +dad_transmits +\layout Itemize + +Type: INTEGER +\layout Itemize + +Default: 1 +\layout Standard + +The amount of Duplicate Address Detection probes to send. +\layout Subsubsection + +forwarding +\layout Itemize + +Type: BOOLEAN +\layout Itemize + +Default: FALSE if global forwarding is disabled (default), otherwise TRUE +\layout Standard + +Configure interface-specific Host/Router behaviour. +\layout Standard + +Note: It is recommended to have the same setting on all interfaces; mixed + router/host scenarios are rather uncommon. +\layout Itemize + +Value FALSE: By default, Host behaviour is assumed. + This means: +\layout Enumerate + +IsRouter flag is not set in Neighbour Advertisements. +\layout Enumerate + +Router Solicitations are being sent when necessary. +\layout Enumerate + +If accept_ra is TRUE (default), accept Router Advertisements (and do autoconfigu +ration). +\layout Enumerate + +If accept_redirects is TRUE (default), accept Redirects. +\layout Itemize + +Value TRUE: If local forwarding is enabled, Router behaviour is assumed. + This means exactly the reverse from the above: +\layout Enumerate + +IsRouter flag is set in Neighbour Advertisements. +\layout Enumerate + +Router Solicitations are not sent. +\layout Enumerate + +Router Advertisements are ignored. +\layout Enumerate + +Redirects are ignored. +\layout Subsubsection + +hop_limit +\layout Itemize + +Type: INTEGER +\layout Itemize + +Default: 64 +\layout Standard + +Default Hop Limit to set. +\layout Subsubsection + +mtu +\layout Itemize + +Type: INTEGER +\layout Itemize + +Default: 1280 (IPv6 required minimum) +\layout Standard + +Default Maximum Transfer Unit +\layout Subsubsection + +router_solicitation_delay +\layout Itemize + +Type: INTEGER +\layout Itemize + +Default: 1 +\layout Standard + +Number of seconds to wait after interface is brought up before sending Router + Solicitations. +\layout Subsubsection + +router_solicitation_interval +\layout Itemize + +Type: INTEGER +\layout Itemize + +Default: 4 +\layout Standard + +Number of seconds to wait between Router Solicitations. + +\layout Subsubsection + +router_solicitations +\layout Itemize + +Type: INTEGER +\layout Itemize + +Default: 3 +\layout Standard + +Number of Router Solicitations to send until assuming no routers are present. +\layout Subsection + +neigh/interface/* +\layout Standard + +Change special settings per interface for neighbor detection. +\layout Subsubsection + +anycast_delay +\layout Standard + +To be filled. +\layout Subsubsection + +gc_stale_time +\layout Standard + +To be filled. +\layout Subsubsection + +proxy_qlen +\layout Standard + +To be filled. +\layout Subsubsection + +app_solicit +\layout Standard + +To be filled. +\layout Subsubsection + +locktime +\layout Standard + +To be filled. +\layout Subsubsection + +retrans_time +\layout Standard + +To be filled. +\layout Subsubsection + +base_reachable_time +\layout Standard + +To be filled. +\layout Subsubsection + +mcast_solicit +\layout Standard + +To be filled. +\layout Subsubsection + +ucast_solicit +\layout Standard + +To be filled. +\layout Subsubsection + +delay_first_probe_time +\layout Standard + +To be filled. +\layout Subsubsection + +proxy_delay unres_qlen +\layout Standard + +To be filled. +\layout Subsection + +route/* +\layout Standard + +Change global settings for routing +\layout Subsubsection + +flush +\layout Standard + +To be filled. +\layout Subsubsection + +gc_interval +\layout Standard + +To be filled. +\layout Subsubsection + +gc_thresh max_size +\layout Standard + +To be filled. +\layout Subsubsection + +mtu_expires +\layout Standard + +To be filled. +\layout Subsubsection + +gc_elasticity +\layout Standard + +To be filled. +\layout Subsubsection + +gc_min_interval +\layout Standard + +To be filled. +\layout Subsubsection + +gc_timeout +\layout Standard + +To be filled. +\layout Subsubsection + +min_adv_mss +\layout Standard + +To be filled. +\layout Section + +IPv6-related entries in /proc/sys/net/ipv4/ +\layout Standard + +At the moment (and this will be until IPv4 is completly converted to an + independend kernel module) some switches are also used here for IPv6. +\layout Subsection + +ip_* +\layout Subsubsection + +ip_local_port_range +\layout Standard + +This control setting is used by IPv6 also. +\layout Subsection + +tcp_* +\layout Standard + +This control settings are used by IPv6 also. +\layout Subsection + +icmp_* +\layout Standard + +This control settings are not used by IPv6. +\layout Subsection + +others +\layout Standard + +Unknown, but probably not used by IPv6. +\layout Section + +IPv6-related entries in /proc/net/ +\layout Standard + +In /proc/net there are several read-only entries available. + You cannot retrieve information using +\begin_inset Quotes sld +\end_inset + +sysctl +\begin_inset Quotes srd +\end_inset + + here, so use e.g. + +\begin_inset Quotes sld +\end_inset + +cat +\begin_inset Quotes srd +\end_inset + +. +\layout Subsubsection + +if_inet6 +\layout Itemize + +Type: One line per addresss containing multiple values +\layout Standard + +Here all configured IPv6 addresses are shown in a special format. + The example displays for loopback interface only. + The meaning is shown below (see +\begin_inset Quotes sld +\end_inset + +net/ipv6/addrconf.c +\begin_inset Quotes srd +\end_inset + + for more) +\layout Code + +# cat /proc/net/if_inet6 +\layout Code + +00000000000000000000000000000001 01 80 10 80 lo +\layout Code + ++------------------------------+ ++ ++ ++ ++ ++ +\layout Code + +| | | | | | +\layout Code + +1 2 3 4 5 6 +\layout Enumerate + +IPv6 address displayed in 32 hexadecimal chars without colons as separator +\layout Enumerate + +Netlink device number (interface index) in hexadecimal (see +\begin_inset Quotes sld +\end_inset + +ip addr +\begin_inset Quotes srd +\end_inset + + , too) +\layout Enumerate + +Prefix length in hexadecimal +\layout Enumerate + +Scope value (see kernel source +\begin_inset Quotes sld +\end_inset + + include/net/ipv6.h +\begin_inset Quotes srd +\end_inset + + and +\begin_inset Quotes sld +\end_inset + +net/ipv6/addrconf.c +\begin_inset Quotes srd +\end_inset + + for more) +\layout Enumerate + +Interface flags (see +\begin_inset Quotes sld +\end_inset + +include/linux/rtnetlink.h +\begin_inset Quotes srd +\end_inset + + and +\begin_inset Quotes sld +\end_inset + +net/ipv6/addrconf.c +\begin_inset Quotes srd +\end_inset + + for more) +\layout Enumerate + +Device name +\layout Subsection + +ipv6_route +\layout Itemize + +Type: One line per route containing multiple values +\layout Standard + +Here all configured IPv6 routes are shown in a special format. + The example displays for loopback interface only. + The meaning is shown below (see +\begin_inset Quotes sld +\end_inset + +net/ipv6/route.c +\begin_inset Quotes srd +\end_inset + + for more) +\layout Code + +# cat /proc/net/ipv6_route +\layout Code + +00000000000000000000000000000000 00 00000000000000000000000000000000 00 +\layout Code + ++------------------------------+ ++ +------------------------------+ ++ +\layout Code + +| | | | +\layout Code + +1 2 3 4 +\layout Code + +\layout Code + +¬ 00000000000000000000000000000000 ffffffff 00000001 00000001 00200200 lo +\layout Code + + +------------------------------+ +------+ +------+ +------+ +------+ ++ +\layout Code + + | | | | | | +\layout Code + + 5 6 7 8 9 10 +\layout Enumerate + +IPv6 destination network displayed in 32 hexadecimal chars without colons + as separator +\layout Enumerate + +IPv6 destination prefix length in hexadecimal +\layout Enumerate + +IPv6 source network displayed in 32 hexadecimal chars without colons as + separator +\layout Enumerate + +IPv6 source prefix length in hexadecimal +\layout Enumerate + +IPv6 next hop displayed in 32 hexadecimal chars without colons as separator +\layout Enumerate + +Metric in hexadecimal +\layout Enumerate + +Reference counter +\layout Enumerate + +Use counter +\layout Enumerate + +Flags +\layout Enumerate + +Device name +\layout Subsection + +sockstat6 +\layout Itemize + +Type: One line per protocol with description and value +\layout Standard + +Statistics about used IPv6 sockets. + Example: +\layout Code + +# cat /proc/net/sockstat6 +\layout Code + +TCP6: inuse 7 +\layout Code + +UDP6: inuse 2 +\layout Code + +RAW6: inuse 1 +\layout Code + +FRAG6: inuse 0 memory 0 +\layout Subsection + +tcp6 +\layout Standard + +To be filled. +\layout Subsection + +udp6 +\layout Standard + +To be filled. +\layout Subsection + +igmp6 +\layout Standard + +To be filled. +\layout Subsection + +raw6 +\layout Standard + +To be filled. +\layout Subsection + +ip6_flowlabel +\layout Standard + +To be filled. +\layout Subsection + +rt6_stats +\layout Standard + +To be filled. +\layout Subsection + +snmp6 +\layout Itemize + +Type: One line per SNMP description and value +\layout Standard + +SNMP statistics, can be retrieved via SNMP server and related MIB table + by network management software. +\layout Subsection + +ip6_tables_names +\layout Standard + +Available netfilter6 tables +\layout Chapter + + +\begin_inset LatexCommand \label{netlink} + +\end_inset + Netlink \layout Standard To be filled... \layout Chapter + +\begin_inset LatexCommand \label{network-debugging} + +\end_inset + Network debugging \layout Section @@ -5360,6 +6317,14 @@ Native IPv6 firewalling is only supported in kernel versions 2.4+. Attention: no warranty that described rules or examples are really protect your system! +\layout Standard + +Audit your ruleset after installation, see +\begin_inset LatexCommand \ref{IPv6-security-auditing} + +\end_inset + + for more. \layout Subsubsection More information @@ -6241,6 +7206,107 @@ Many services uses the tcp_wrapper library for access control. \layout Standard More to be filled... +\layout Section + + +\begin_inset LatexCommand \label{IPv6-security-auditing} + +\end_inset + +IPv6 security auditing +\layout Standard + +Currently there are no comfortable tools out which can check a system over + network for IPv6 security issues. + Neither +\begin_inset LatexCommand \url[NMap]{http://www.insecure.org/nmap/} + +\end_inset + +, nor +\begin_inset LatexCommand \url[Nessus]{http://www.nessus.org/} + +\end_inset + + or any commercial security scanner is as far as I know able to scan IPv6 + addresses. +\layout Subsection + +Legal issues +\layout Standard + +ATTENTION: always take care that you only scan your own systems or after + receiving a written order, otherwise legal issues are able to come up to + you. +\newline +CHECK destination IPv6 addresses TWICE before starting a scan. +\layout Subsection + +Security auditing using IPv6-enabled netcat +\layout Standard + +With the IPv6-enabled netcat (see +\begin_inset LatexCommand \url[IPv6+Linux-status-apps/security-auditing]{http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#security-auditing} + +\end_inset + + for more) you can run a portscan by wrapping a script around and grab banners, + and so on. + Usage example: +\layout Code + +# nc6 ::1 daytime +\layout Code + +13 JUL 2002 11:22:22 CEST +\layout Subsection + +Security auditing using IPv6-enabled strobe +\layout Standard + +Strobe is a (compared to NMap) more a low budget portscanner, but there + is an IPv6-enabling patch available (see +\begin_inset LatexCommand \url[IPv6+Linux-status-apps/security-auditing]{http://www.bieringer.de/linux/IPv6/status/IPv6+Linux-status-apps.html#security-auditing} + +\end_inset + + for more). + Usage example: +\layout Code + +# ./strobe ::1 strobe 1.05 (c) 1995-1999 Julian Assange . +\layout Code + +::1 2401 unassigned unknown +\layout Code + +::1 22 ssh Secure Shell - RSA encrypted rsh +\layout Code + +::1 515 printer spooler (lpd) +\layout Code + +::1 6010 unassigned unknown +\layout Code + +::1 53 domain Domain Name Server +\layout Standard + +Note: strobe isn't really developed further on, the shown version number + isn't the right one. +\layout Subsection + +Audit results +\layout Standard + +If the result of an audit mismatch your IPv6 security policy, use IPv6 firewalli +ng to close the holes, e.g. + using netfilter6 (see +\begin_inset LatexCommand \ref{firewalling-netfilter6} + +\end_inset + + for more). \layout Chapter @@ -6576,7 +7642,7 @@ AAAA and reverse IP6.INT: specified in , usable since BIND version 4.9.6 \layout Itemize -A6, DNAME and reverse IP6.ARPA: specified in +A6, DNAME (DEPRICATED NOW!) and reverse IP6.ARPA: specified in \begin_inset LatexCommand \url[RFC 2874 / DNS Extensions to Support IPv6 Address Aggregation and Renumbering]{http://rfc.net/rfc2874.html} \end_inset @@ -6602,9 +7668,9 @@ AAAA and reverse IP6.INT: \layout Itemize -A6, DNAME and reverse IP6.ARPA: take a look into chapter 4 and 6 of the BIND - 9 Administrator Reference Manual (ARM) distributed which the bind-package - or get this here: +A6, DNAME (DEPRICATED NOW!) and reverse IP6.ARPA: take a look into chapter + 4 and 6 of the BIND 9 Administrator Reference Manual (ARM) distributed + which the bind-package or get this here: \begin_inset LatexCommand \url[BIND version 9 ARM (PDF)]{http://www.nominum.com/resources/documentation/Bv9ARM.pdf} \end_inset @@ -6627,18 +7693,15 @@ Forward lookup support: \layout Itemize AAAA -\layout Itemize - -A6 without chaining, means prefix length value set to 0 \layout Standard Reverse lookup support: \layout Itemize -Reverse nibble format for zone ip6.int +Reverse nibble format for zone ip6.int (FOR BACKWARD COMPATIBILITY) \layout Itemize -Reverse nibble format for zone ip6.arpa +Reverse nibble format for zone ip6.arpa (RECOMMENDED) \layout Subsection Checking IPv6-enabled connect @@ -9260,6 +10323,18 @@ Versions x.y.z are work-in-progress and only published as LyX file on CVS. Releases 0.x \layout Description +0.26 2002-07-13/PB: Fill /proc-filesystem chapter, update DNS information + about depricated A6/DNAME, change P-t-P tunnel setup to use of +\begin_inset Quotes sld +\end_inset + +ip +\begin_inset Quotes srd +\end_inset + + only +\layout Description + 0.25.2 2002-07-11/PB: Minor spelling fixes \layout Description