IPv6 added for vulndetect.com (testing)
Today we've added support for IPv6 and we have moved from AWS Lightsail to AWS EC2 in Ireland.
We would greatly appreciate if you could test the IPv6 connectivity
We did do preliminary online tests such as:
Both tests show that the IPv6 connectivity is fine and I see it in the logs too, but I can't do real testing of this from my current Internet connection.
On SSL Labs you'll notice a small temporary regression regarding the HSTS policy, this will be fixed later today.
While troubleshooting my private IPv6 connectivity, I decided to enable an IPv6 and IPv4 specific access to the forum, so you and everybody else can test it:
https://vulndetect.org/ is naturally dual-stack and most of us need not worry, once you have IPv6, you will use it automatically (if your ISP set it up correctly).
It appears that my ISP currently has a routing issue, but then I could use my cellphone (just needed to enable dual-stack support in the APN under Mobile network).
We also expect to enable dual-stack access to the VulnDetect backend, at some point during the tech preview stage.
Just checking the logs, almost 10% of the unique visitor IPs are IPv6, the ratio remains the same on both IPv4 and IPv6 whether measured on IPs /32 and /128 or subnets /24 and /48 respectively.
This weekends upgrade from the old NodeBB to 1.8.1 broke the HSTS header, because NodeBB also defaults to sending one.
This is now fixed and we should once again be eligible for the https://hstspreload.org list. Basically this means that Chrome and certain other browsers already know that https://vulndetect.org (and any subdomain) always will serve a valid SSL certificate and that an expired or invalid certificate should result in a "hard" fail, that means it will prevent you from visiting a "fake" https://vulndetect.org site (and http://vulndetect.org without the magic s).
And now our https://ssllabs.com score is back to A+:
On another note, over the weekend we temporarily served content from both https://forum.vulndetect.org and https://vulndetect.org, this is now back to only using https://vulndetect.org we apologize for any inconvenience this may have caused.
To ensure that users who only have IPv6 also can do NS lookups, we have decided to move DNS services from Joker to AWS Route53 who provides dual stack DNS servers.
The request has been submitted, but it will take some time before the domain registry accepts and the change of authoritative DNS servers has propagated.
Already seeing the first real visitors using IPv6 - awesome!