search

internetstandards / Internet.nl

Internet standards compliance test suite
https://internet.nl
172 stars 35 forks source link

IPv4/IPv6 comparative test not performed when IPv4 is not configured #1261

Open simonbesters opened 7 months ago

simonbesters commented 7 months ago

The IPv4/IPv6 comparative test is depending a successful result in the resolving a website through IPv4 and IPv6. I think it is designed for situations that the 'Modern address (IPv6)' test fails in an earlier stage (nameservers or webserver connectivity).

For the following website we have the case that there is only an AAAA-record, so the previous test succeed:

https://sociaaldomein.breda.nl

I think the IPv4/IPv6 comparative test should fail if a website does not have an A-record.

bwbroersma commented 7 months ago

The subtest is for IPv6 is configured in DNS, but not in the webserver config (e.g. only the default webserver site is shown). Your proposal is to show more clearly that it is an IPv6-only website (e.g. https://internet.nl/site/sociaaldomein.breda.nl/2613067/). Of course sometimes it's intended, like on ipv6.internet.nl, but in this case I agree.

Both the comply or explain and adoption agreements mention both IPv4 and IPv6, I also do agree this is important for wide network accessible server deployments.

So you proposal is to:

The option is to ❌ error/fail, ⚠️ warn or ℹ️ info I agree at least an ℹ️ should be shown, but this is to be discussed.

simonbesters commented 7 months ago

So you proposal is to:

  • require IPv4 for nameservers
  • require IPv4 for webservers
  • require IPv4 for mailservers

Yes. If the standard mandates that both ipv4 and ipv6 must be accessible, merely providing an info or warning message is inadequate, and the test ought to fail.

In the instance of https://sociaaldomein.breda.nl/, I believe it was a careless cleanup effort.

bwbroersma commented 7 months ago

Discussed with multiple team members: Internet.nl tests for modern standards (although IPv6 is 25+ years old), it's for the stimulation and use of modern standards, therefore IPv4 is not required. The consensus in the team is that providing a ℹ️ informational would be preferred in these 3 cases.

Note that for a valid phasing out of the domain, the site should not pass the pre-check for website (of resolving to any IP-address). You can bypass some pre-checks if you scrape, so I'm not sure, see: https://github.com/internetstandards/Internet.nl/blob/86b39d62f89a916823792852d8040fb84f4c60a8/interface/views/domain.py#L43-L60 and the specific test for A|AAAA: https://github.com/internetstandards/Internet.nl/blob/86b39d62f89a916823792852d8040fb84f4c60a8/interface/views/shared.py#L310-L321