Delan Azabani

Adventures of comssa.org.au, part 1

ComSSA's public website has been left untouched for years, and lacked vital information for potential and current members. Nothing fancy, all we need is location, contact, membership and event information. I've been delegated the task of setting up a new website for the club, and I've discovered a fair bit on the first night.

Previously, we had used an ASP.NET shared hosting provider, which was definitely overkill. We've halved our ongoing costs by switching to DigitalOcean, gaining the flexibility of a Linux VPS with root in the process. My first impressions are positive; I especially like the ability to create, reimage and destroy droplets (their term for a VPS) in 60 seconds each.

At the moment, I'm using a hacky shell script on GitHub to consistently manage the server's initial configuration. This is a really bad idea, especially so given the existence of Puppet, Chef, etc. Have I learned nothing from #lca2014? This is all temporary, I promise. *

As DigitalOcean does not currently provide IPv6 connectivity, Hurricane Electric comes to the rescue with its Tunnelbroker service. To my surprise, you receive an allocation of not only a /64, but a /48 as well, all to yourself. Holy cavalier distribution of addresses, Batman! I'm not sure if I feel good or bad about this. I think it's both, like a guilty pleasure.

Configuration in /etc/network/interfaces was dead easy:

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
address 2001:470:7c85::1
netmask 48
endpoint 216.66.84.46
ttl 255
gateway 2001:470:1f14:116e::1

DigitalOcean's free DNS service is pretty but lacks the ability to even create AAAA records, which is annoying. Thankfully, Hurricane Electric also provides a free DNS service, which I've used in the past as a secondary nameserver network.

It appeared that reverse DNS to tunnel addresses only worked for the /48 but not the /64, but a few emails back and forth fixed the issue. Even though being forced to use the subnet that's 65536 times as large isn't really a big problem, I'm impressed at the support turnaround of under an hour.

One small problem I'm yet to work out is why lookout is returning the wrong FQDN, now that I've set up reverse DNS for both IPv4 and IPv6. Although that looks like the remedy here, I can't switch to using socket.gethostname() because on Windows, that yields the NetBIOS name, and socket.getfqdn() is the correct method to use.

ling% dig -x 146.185.129.226 | grep -A1 'ANSWER SECTION' | tail -1
226.129.185.146.in-addr.arpa. 12707 IN  PTR     ling.comssa.org.au.
ling% dig -x 2001:470:7c85::1 | grep -A1 'ANSWER SECTION' | tail -1
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.5.8.c.7.0.7.4.0.1.0.0.2.ip6.arpa.
    20015 IN PTR ling.comssa.org.au.
ling% python
>>> socket.getfqdn()
'comssa-1-pt.tunnel.tserv11.ams1.ipv6.he.net'
>>> socket.gethostname()
'ling.comssa.org.au'

The last seven hours have been an interesting ride. It's only now occurred to me that I haven't started working on the actual website itself. Not to worry, stay tuned and it will debut in the next few weeks. Hopefully.

* Promises to replace hacky shell scripts are almost always broken.