The Wombelix Post - Networkhttps://dominik.wombacher.cc/2022-01-15T00:00:00+01:00Hurricane Electric IPv6 Certification - Sage level reached2022-01-15T00:00:00+01:002022-01-15T00:00:00+01:00Dominik Wombachertag:dominik.wombacher.cc,2022-01-15:/posts/hurricane_electric_ipv6_certification_sage_level_reached.html<!-- SPDX-FileCopyrightText: 2023 Dominik Wombacher <dominik@wombacher.cc> -->
<!-- -->
<!-- SPDX-License-Identifier: CC-BY-SA-4.0 -->
<p>IPv6 connectivity is quite important for me, fortunately IPv6 is a first class citizen for my ISP
(Deutsche Glasfaser) and was also available with my previous one (1&1).
So ... <a class="read-more" href="/posts/hurricane_electric_ipv6_certification_sage_level_reached.html"> [read more]</a></p><!-- SPDX-FileCopyrightText: 2023 Dominik Wombacher <dominik@wombacher.cc> -->
<!-- -->
<!-- SPDX-License-Identifier: CC-BY-SA-4.0 -->
<p>IPv6 connectivity is quite important for me, fortunately IPv6 is a first class citizen for my ISP
(Deutsche Glasfaser) and was also available with my previous one (1&1).
So I didn't have to use a Tunnel Broker at home yet to get IPv6 up and running but if I had to,
I would go with Hurricane Eletric and their (free) <a class="reference external" href="https://www.tunnelbroker.net">Tunnelbroker</a> Service.</p>
<p>HE also offer a <a class="reference external" href="https://ipv6.he.net/certification/">IPv6 Certification</a>, to test your theoretical
as well as practical knowledge and verify that you are actually using IPv6 at home, your website, mail server and DNS.</p>
<p>There are seven Certification Level:</p>
<ul class="simple">
<li>NewB: Read the primer, be able to answer some quick and easy questions.</li>
<li>Explorer: Verify that you can access an IPv6 website (ours!)</li>
<li>Enthusiast: Verify that you have an IPv6 capable web server that we can connect to and fetch information from. This should be entered as a FQDN and not an IPv6 address.</li>
<li>Administrator: Verify that you have a working IPv6 capable MTA by sending you an email only over IPv6.</li>
<li>Professional: Verify that your MTA has working reverse DNS (ex: dig mx $domain +short ; dig aaaa $mx +short ; dig -x $mxAAAA +short)</li>
<li>Guru: Verify that the authoritative NS for your domain have AAAA records, and respond to queries for the domain (ex: step 1 is dig ns $domain ; dig aaaa $ns | step 2 is dig aaaa $domain @$nsAAAA)</li>
<li>Sage: Check to see if your domain's authoritative NS have IPv6 glue with their listed TLD servers. Meaning the TLD server can directly answer for the host record (ex: dig +trace ns $domain to get the TLD server list then dig aaaa $ns @TLD for the glue).</li>
</ul>
<p>Source: <a class="reference external" href="https://forums.he.net/index.php?topic=304.0">https://forums.he.net/index.php?topic=304.0</a></p>
<p>They provide a lot of additional <a class="reference external" href="https://ipv6.he.net/presentations.php">learning material</a>
and have a still quite active <a class="reference external" href="https://forums.he.net/index.php?board=11.0">community</a> as well.</p>
<p>Sages also get a <a class="reference external" href="https://forums.he.net/index.php?topic=922.0">Free IPv6 T-Shirt</a> upon request,
last batch run was <em>Fri Dec 10 2021</em>, so let's see when mine will arrive :)</p>
<p>Hint: Getting Sage Rank is a mandatory requirement to request HE to remove SMTP and IRC Port Filtering
when using their IPv6 Tunnel, to avoid abuse those are blocked by default, see <a class="reference external" href="https://ipv6.he.net/certification/faq.php">FAQ</a>.</p>
<p>It Was fun to work through the different level, test my knowledge and validate my IPv6 Setup.
Due to the fact that all my Server already using IPv6, whenever possible IPv6-only, a few in Dual-Stack Mode,
I was able to reach the Sage Level quite fast, no re-configuration of my Services was required to pass all checks.</p>
<p>Exception was enabling TLS v1.2 on my website, limit to v1.3 only was to strict for he.net
to reach my Server and validate my Domain. Also disabling greylisting for sender <a class="reference external" href="mailto:ipv6@he.net">ipv6@he.net</a>
was helpful to speed things up during verification of my mail setup.</p>
<img src="https://ipv6.he.net/certification/create_badge.php?pass_name=wombelix&badge=3" style="border: 0; width: 229px; height: 137px" alt="IPv6 Certification Badge for wombelix"></img><div class="section" id="certificate">
<h2>Certificate</h2>
<ul class="simple">
<li>Download<ul>
<li><a class="reference external" href="/certificates/he.net_ipv6_certification_sage_level_dominik_wombacher.pdf">Certificate</a> (PDF, 1.2M)</li>
</ul>
</li>
</ul>
</div>