How to Earn IPv6 Certifications (on Windows, Part 1)

Source: This project was created by Dr. Sam Bowne at City College of San Francisco and is used with
his permission. You can find more of Sam’s class information at his website:
http://www.samsclass.info.

Why?
IPv6 is coming, whether we like it or not. We all need to learn it, and the sooner we do that, the
better. This page will guide you through getting the Hurricane Electric IPv6 Certifications,
which demonstrate that you have learned both the theory and practice of using IPv6 on each of
these systems:
• Web client
• Web server
• Email server
• DNS server

Each 10 Hurricane Electric points are worth one class project point. If you make it all the way to Guru,
you get 1000 points from Hurricane Electric, a total of 100 class project points.

These instructions take you to Administrator level which is worth 25 project points.

Windows Versions
It is recommend to use Windows XP, Vista or 7 Professional (not Home). Lower versions make
these projects more difficult.

Step 1. Registering at Hurricane Electric

1. Go to Hurricane Electric’s site

http://ipv6.he.net/certification
2. In the upper left, click the
"Register" button.
3. Fill in the form to create an
account.
4. Check your email to get your
login information, and log in at
http://ipv6.he.net/certification.
You should see a badge at the
right of the page with your user
name and the message "No
Cert Yet", as shown.
5. At the upper left of this page,
click "Update Info". Change
your password to something
you can remember.
Step 2. Start with the NeWb Test

1. In the NeWb! section, click the "IPv6 Primer" link and study the primer.
2. Then click the "questions" link and take the test.
3. When you return to the main page, you should see that your badge has
changed to Newbie, as shown to the right on this page. Click your badge to
see your score: you now have 25 Hurricane Electric points, which are
worth 2.5 points.

Step 3. Become an Explorer with a Gogo6 Tunnel

Since you probably only have IPv4 Internet service, the easiest way to get on IPv6 is to use a Tunnel
Broker -- a service that converts IPv4 traffic to IPv6. The easiest one is Gogo6. You could use
http://www.sixxs.net/ or http://www.tunnelbroker.net/, but they are harder to set up. In these
instructions, assume you are using Gogo6.

1. Go to http://gogo6.com/. At the upper right of the page, click "Freenet6".

2. On the next page, click Sign Up. Fill in the form to create an account. You will have to read
your email and click a link to verify your account, and also fill out a profile form.
3. Go to http://gogo6.com/ and, at the top of the page, click "Freenet6". Your name should appear
at the upper right of the page -- Freenet has recorded your ID with a cookie. In the "Freenet
Services" section, click the Download button.
4. The next page offers several versions to download. Download the "gogoCLIENT - Basic
version" and install it with the default options.
5. Now you need to create a Freenet6 Tunnel account. In your
browser, on the "Download" page, at the top, click the
"Freenet6" link. Scroll down to the "Freenet6" section and
click the "Learn more" link, as shown to the right.

6. On the next page, scroll down to the "Getting started" section, and click the "here" link, as
shown below. Fill out the form to get a Freenet6 account.
7. When the gogoCLIENT is installed and running, click the "Advanced" tab, and select a "Tunnel
Mode" of "IPv6-in-UDP-IPv4 Tunnel (NAT Traversal)" as shown below on this page. Click
"Apply". This is the best choice because it works almost everywhere--even at Starbuck's.

8. In the gogoCLIENT window, click the

"Basic" tab. Change the "Server Address" to
authenticated.freenet6.net .
9. In the middle of the window, click the
"Connect Using the Following
Credentals" button. Enter your Freenet6
username and password. Click the
"Connect" button. A box will pop up asking
"Save changes before connecting?". Click
Save.
10. Click the "Status" tab. When it connects, you
should see a long IPv6 "Local Endpoint
Address", as shown below on this page. If you
cannot connect, you may have to adjust your
router or firewall to allow UDP port 3653.

11. If it's not still open, go to http://ipv6.he.net/certification/ and log in.

12. In the Explorer section, click the link in the "When you are ready..." line. You should see a
message saying "Congratulations, you have IPv6 connectivity", as shown to the right on this
page. Click the "Here" link to continue.

Your badge should now show Explorer, as shown to the right on this
page. Click your badge to see your score: you now have 75 Hurricane
Electric points, which are worth 7.5 points.
Step 4. Next … Enthusiast with IIS Web Server

The next level requires you to have your own domain name and a working Web server.

1. Installing IIS (Internet Information Services … Microsoft's Web server). IIS is included in
Windows 7, which is why it’s the recommended OS for this part of the project.

a. On your Windows 7 desktop,

click Start, type in Prog, and
click "Programs and Features".
b. Click "Turn Windows features
on or off".
c. Click the "Internet Information
Services" box, as shown to the
right.
d. Click OK. Wait until IIS is
installed.

2. Open Firefox (or whatever web browser you wish to use) and type in the address http://127.0.0.1

You should see an IIS Welcome page, as shown above. This shows that IIS is listening on port
80 of IPv4.
3. Open a Command Prompt and type in the NETSTAT -AN command. Scroll back to see the TCP
Listening ports. You should see the IPv6 address [::] Listening, as shown below on this page.
This means that your Web server is serving pages over every IPv6 address.

4. Registering a Domain Name at GoDaddy

The best way to do this is to spend $2.17 of real money. Sam couldn't find a free service that
was good enough. Even most paid services aren't really good enough to get you all the way
to IPv6 “Sage” level, because they don't have full IPv6 functionality including glue records
(glue records will be explained later).

a. Go to http://www.godaddy.com. In the middle of the page, type your desired domain, and
choose a top-level domain. It’s recommend using .info because I know there are top-level
glue records for it. But as time passes, more and more top-level domains will have full IPv6
compatibility, so other choices will become OK. Click Go.

b. If the domain is available, buy it. You will need a credit card and $2.17 of real money to get
a .info domain for one year. You will have to enter your real email address, and GoDaddy
will offer you a lot of extra features like other domains, email accounts, Web hosting, etc.
For IPv6 certification you don't need any of that. You can say No to it all and only pay a
total of $2.17.

5. Entering your IPv6 Address at GoDaddy

a. In Firefox, go to http://www.godaddy.com.
b. On the top of the page, log in.
c. On the left side, hover the mouse over "Domain". Wait a second for more options to appear.
d. On the right side, in the "My Account" section, click "Domain Management".
e. On the left side, click "Domain Manager".
f. You should see a list of your domains, as
shown to the right.
g. On the row with the domain name you
registered earlier, click the round black button
with a yellow D on it.
 h. Click "More Settings". On the next page, in the center of this window, under the header
"DNS Manager", click "Launch".

Click Here

i. On the next page, scroll down to the AAAA Record section

j. Click the "Quick Add" button.
k. Enter the "Host Name" of @.
l. In the "Points to IPv6 Address" field, enter your Local Endpoint IPv6 address, as shown
below. I recommend using copy and paste from the Status tab of the gogoCLIENT utility.
m. Click the "Save Zone File" button. Click OK.

6. Testing your AAAA Record

a. Open a Command Prompt window. Type in these commands:
nslookup
set q=AAAA

b. Then type in your domain name

and press Enter. You should see
your IPv6 address, as shown to
the right. This shows that DNS
can now find your server.
7. Troubleshooting DNS
a. You may have to wait a few minutes for DNS to update. In principle, it could take up to 48
hours, but in practice 5 minutes is usually enough.

You can watch the process, however, by typing your domain name and then the address of
the DNS server to use. 8.8.8.8 is Google's DNS server and it usually updates quickly.

If you want to see GoDaddy's DNS record directly, use the DNS server GoDaddy assigned to
your account which is shown at the bottom of your DNS management page. It will be
something like ns57.domaincontrol.com.

The image below shows a series of tests, testing GoDaddy, then Google, then Hurricane
Electric, to see if they all can resolve my domain.
8. Completing the Hurricane Electric Enthusiast Test
a. In Firefox, go to http://ipv6.he.net/certification/ and log in.
b. In the Enthusiast section, type your domain name (the one you registered at GoDaddy) and
click the "Get a User Code" link.
c. Click the "here" link to continue with the test.
d. Click the "Create URL" button.

e. Now you should see a URL in line [3], something like this:
http://samdemo.info/Se35fg48.txt

f. You need to create a file with that name. The filename does not include http or your domain
name--in the example above, the correct filename is: Se35fg48.txt

g. You need to create that file in your Web server's home directory, which is:
C:\Inetpub\wwwroot.

To do that, you need to give yourself permission to write in that folder.

• Open Computer (file mananger)
• Open drive C:
• Open the Inetpub folder.
• Right-click the wwwroot folder and click Properties.
• On the Security tab, click Edit.
• Click the Add button and add your account.
• Give yourself Full Control permission.
• Click OK. Click OK.

h. Double-click the wwwroot folder to open it.

i. Right-click an empty portion of the folder's window and click New, Text document.
j. Enter the name specified in the Hurricane Electric URL line and press Enter.
 k. In the Hurricane Electric Web page, click the "Test It!" button.
a. If you pass the test, you will see the "Enthusiast Questionnaire", as shown below.
b. If you can't pass the test, try these debugging tips:

Turn off your firewall.

At a Command Prompt, type these commands:
NSLOOKUP
set q=AAAA
yourdomain.info 8.8.8.8
This fetches the AAAA record from Google's DNS server (8.8.8.8).

See if the AAAA record is correct. (It can take up to an hour or more for DNS to
update, so simply waiting a while might fix a DNS problem.)

Run Wireshark on your Web server, and try the Hurricane Electric test again. Look to
see if the HTTP GET ever reaches you, and what response the Web server gives.

Set up a different machine with a Gogo6 tunnel and try opening your web site with a
browser from there.

You could also open your Web site with a literal IPv6 address in the URL like this:
http://[2001:5c0:1000:b::6ac5]

Here's the Enthusiast questionnaire you need

to fill out.

When you complete the questionnaire, click

the "Here" link to return to the main page.

Your badge should now show Enthusiast, as shown to the right on this
page. Click your badge to see your score: you now have 150 Hurricane
Electric points, which are worth 15 points.
Step 5. Next onto Administrator by Setting up an IPv6 Email Server

Installing the Apache James SMTP Server

1. In Firefox, go to https://olex.openlogic.com/packages/apache-james.
2. On the left side, section, click 2.3.1.
3. In the "Apache-james 2.3.1 binary" line, click the "Download Now" button.
4. Save the file on your desktop.

5. On your desktop, right-click the openlogic-apache-james-2.3.1-all-bin-1.zip file and click

"Extract All".
6. Click Extract.
7. Double-click the openlogic-apache-james-2.3.1-all-bin-1 folder to open it.
8. Double-click the apache-james-2.3.1 folder to open it.
9. Double-click the bin folder to open it.
10. Double-click the run.bat file.
Note: If the window flashes briefly and vanishes, that usually means you don't have Java
installed. Open a browser, go to java.com, and install it.

11. A Command Prompt

window opens, and you
see some messages,
ending with the messages
shown to the right.

12. Open another Command Prompt window and type in the NETSTAT -AN command. Scroll back
to see the TCP Listening ports. You should see the IPv6 address [::] Listening on port TCP 25, as
shown below on this page. Your email server is ready!
13. Now you need to add a mail user account to James. To do that, in the Command Prompt window,
type this command, followed by the Enter key:
telnet localhost 4555

14. Note: if you get a message saying "'telnet' is not recognized as an internal or external command,
operable program or batch file.", that means Telnet is not installed.

15. To install Telnet, open Control Panel and click

"Programs and Features". Click "Turn Windows
features on or off". Check "Telnet Client", as
shown to the right. Click OK.

16. Log in with the use name root and a password of root.
17. When you see the ""Welcome root. HELP for a list of commands" message type this command
followed by the Enter key:
adduser admin password
18. This adds a user named admin with a password of password.
19. Type this command followed by the Enter key:
quit
20. Configuring James
a. In the Command Prompt window that is running James, press Ctrl+C. When you see the
message "Terminate batch job (Y/N)?", type Y and press Enter.
b. Navigate to:
openlogic-apache-james-2.3.1-all-bin-1\apache-james-
2.3.1\apps\james\SAR-INF
and open the config.xml file in Wordpad (not Notepad).
c. There are three changes you need to make in this file.

First, in the servernames section, you need to add a line with your domain name, as
shown below:

Second, in the InBoxRepository section, you need to add a line with a path to a folder
that exists, as shown below. (This step may not be necessary.)

Third, in the dnsserver section, you need to add a a real DNS server. I used Google's
free server at 8.8.8.8, as shown below on this page.

d. After making the changes, save the config.xml file and close Wordpad.
e. Then start James, as you did before: In the bin folder, double-click the run.bat file.
21. Adding an MX Record to your DNS Zone
a. In Firefox, go to http://godaddy.com.
b. Log in and launch Domain Manager for your domain, as you did previously.
c. Scroll to the bottom of the page.
d. In the "MX" section, there are two records GoDaddy put there, as shown below. Hover over a
record to make a red X appear on the right side, and click the X to delete the record.
e. Repeat the process to delete the other MX record. Click "Save Zone File". Click "OK".

f. In the MX section, click the "Quick Add" button.

g. Enter 10 in the leftmost field, which is Priority.
h. Enter @ in both the other fields, as shown below.
i. Click "Save Zone File". Click "OK".

22. Testing your MX Record

a. Open a Command Prompt window. Type in these commands:
nslookup
set q=MX
b. Then type in your domain name and press Enter.
c. The only "mail exchanger" should be your domain name, as shown below. That will tell
email servers to just send the mail to your computer at its known IPv6 address. If you see
other mail servers listed, like "mailstore1.secureserver.net", that means your DNS changes
were incorrect, or they have not yet been updated. Check your GoDaddy DNS settings.
23. Completing the Hurricane Electric Administrator Test
a. In Firefox, go to http://ipv6.he.net/certification and log in.
b. In the Administrator section, click the "Generate It!" link.
c. Enter the email address admin@yourdomain.info in the box below the "Generated" message,
as shown below on this page. Use your own domain name.
d. Click the "Send It!" button.

24. Installing the Thunderbird Email Client

a. In Firefox, go to http://www.mozillamessaging.com/en-US/thunderbird
b. Install Thunderbird with the default settings.
c. After inatallation, Thunderbird starts, as shown below.
d. Click "Create a New Account".
e. In the "Mail Account
Setup" box, enter your
name, the email address
and the password you
configured in James
earlier (which is probably
password).

f. Click the Continue

button.

g. Thunderbird attempts to connect to your mail server. It won't be able to figure it out, and
stops after a few seconds, as shown below. On the right side, click the Edit button.

h. In the Incoming line, type in

localhost as the server name,
as shown below on this page.
Select POP, 110, and None.
Leave the Outgoing settings
alone--you can't fix them
here and they don't matter
anyway for receiving mail.

i. On the right side, click the

"Re-test Configuration"
button.
j. Click the "Create Account" button. A warning box pops up saying "localhost does not use
encryption". Check the "I understand the risks" box.

k. Click the "Create Account" button.

l. In Thunderbird, in the left pane, expand your account name and click Inbox. Click the "Get
Mail" button. A message from ipv6.he.net should appear, as shown below. Find the code in
that email message.

m. Go to the http://ipv6.he.net/certification page, paste in the code from the email message.
Click the -> button.

n. The "Administrator
Questionnaire" opens,
as shown below on this
page. Fill it out.
 25. You should now be an Administrator, with a badge like the one shown below on this page. Click
the badge to see your score: it is now 245, worth 25 points.

Next: on to Guru!
 How to Earn IPv6 Certifications (on Windows, Part 2)

Source: This project was created by Dr. Sam Bowne at City College of San Francisco and is used with
his permission. You can find more of Sam’s class information at his website:
http://www.samsclass.info.

Do Part 1 First

In part 1, you got these services running:

• Web client
• Web server
• Email server

And you now have a Hurricane Electric IPv6 Certification level of Administrator.

Step 1. Becoming a Professional by Setting Up DNS

The rest of the process requires you to set up your DNS records correctly. You could set up your
own DNS server, but you can use public DNS services also, and that's how these instructions do it.

We used GoDaddy's DNS for Part 1, but you won’t be able to get the Reverse DNS to work using
GoDaddy's DNS service, so for the rest of the process you will be using Hurricane Electric's DNS
service.

1. Examining your DNS Records

a. Open a Command Prompt window. Type in these commands:
nslookup
set q=all
yourdomain.info

b. Replace yourdomain.info with your domain

name. You should see your DNS records, as
shown to the right.

c. You should see these items:

• AAAA record pointing to your Local
Endpoint IPv6 Address
• MX record pointing to your domain name
• nameserver records pointing to GoDaddy
servers, in the "domaincontrol.com"
domain

d. In the Command Prompt window, type:

exit

e. This exits from interactive nslookup and

returns you to a normal prompt.
 What is Reverse DNS?
Forward DNS lookups are the normal ones, that start with a domain name like samdemo.info
and look up an IPv6 address like 2001:5c0:1000:b::6ac5.

Reverse DNS starts with the IPv6 address and looks up the domain name. This is a common
test performed by email servers, to detect spammers. If a domain name doesn't resolve with
reverse DNS, that indicates that there is something suspicious about the mail server, and
some email servers will refuse to accept the mail.

2. Checking your Reverse DNS Resolution

a. Open the "gogoCLIENT Utility"

b. In the gogoCLIENT Utility, click the Status tab.
c. Highlight your "Local Endpoint Address", right-click the highlighted address, and click
Copy, as shown below.

d. Open a Command Prompt window. Type in this command, and then press the Enter key:
nslookup

e. On the next line of the Command

Prompt window, right-click and click
Paste. That should put your IPv6 address
in the Command Prompt window. Press
the Enter key. You should see your
Reverse DNS Resolution as shown to the
right.
f. This isn't good. Your MX server is yourdomain.info, but your reverse DNS resolves to
something ending in "broker.freenet6.net". That makes you look like a spammer to mail
servers.

g. So … You will need to adjust the gogoCLIENT Configuration

• There are two changes needed here: Reverse DNS Servers and Routing Advertisements.
• Reverse DNS Servers
• In the gogoCLIENT Utility, click the Advanced tab.
• In the "Reverse DNS Server(s) field, enter:
ns1.he.net:ns2.he.net

h. Routing Advertisements
• In the gogoCLIENT Utility, click the Advanced tab.
• At the bottom, check the "Enable Routing Advertisements" box.
• In the "Advertise on Interface" drop-down box, select "Local Area Connection" or
whatever interface you are using to connect to the Internet.
• This setting tells Freenet6 that you are not just a single computer, but a router for a
network. So Freenet gives you a dedicated IPv6 prefix. This is a real, publicly routed
Internet address block, with an incredible number of addresses for you to use--each
person who requests it gets more addresses than the entire IPv4 address space for their
own use.
 i. In the gogoCLIENT Utility, click the Basic tab. Click the Disconnect button. Click the
Connect button. In the "Save changes before connecting?" box, click Save.

j. In the gogoCLIENT Utility, click the Status tab. You should see your "Delegated Prefix", as
shown below.

3. Finding Your New IPv6 Address

a. On your Windows desktop, click Start.
b. In the Search box, type NETWORK CONNECTIONS
and click "View Network Connections" in the results
section.
c. Double-click "Local Area Connection".
d. In the "Local Area Connection Status" box, click the
Details button.
e. You should see your IPv6 address, which is your
assigned prefix followed by ::1, as shown to the right.
4. Configuring a DNS Zone at Hurricane Electric
a. In Firefox, go to http://dns.he.net
b. On the upper left, log in with the account you are using for the IPv6 Certification tests.
c. On the left, click "Add a new domain"
d. In the "Domain Name" box, type your domain name.
e. Click the "Add Domain! button.
f. Your domain appears in the "Active domains for this account" list, as shown below

5. Now you need to add some records to your zone. Click the little pencil-and-paper icon just to the
left of your domain name.
a. A page opens with a chart titled "Hurricane Electric Free DNS Management Managing
zone:", as shown below:

b. Click the "New AAAA" tab. In the box that appears, enter a Name of @ and an "IPv6
Address" of your interface's IPv6 address. Set the TTL to 30 minutes, as shown below:
c. Click the Submit button.
 d. Click the "New MX" tab. In the box that appears, in the top field, enter @
e. In the "Priority" field, enter 10
f. In the "Hostname" field, enter your domain name.
g. Set the TTL to 30 minutes, as shown below on this page. Click the Submit button.

6. Configuring a Reverse DNS Zone at Hurricane Electric

a. On the left side of the "Hurricane Electric Free DNS Management" page, click "Return to
main".

b. On the left, click "Add a new reverse"

In the "Prefix" box, type your IPv6
Prefix. You will have to add
:0000:0000:0000:0000 to the end of
your prefix, as shown to the right.
Click the "Add Prefix! button.

c. The prefix now appears in the

"Hurricane Electric Free DNS
Management" page, as shown below
on this page. Click the "Add Prefix!
button.
 d. Click the little pencil-and-paper icon just to the left of your prefix.

e. A page opens with a chart titled "Hurricane Electric Free DNS Management Managing
zone:", as shown below.

f. Enter a "Host Address" of :1 Type your domain name into the "Hostname" field. Click the
Submit! button.

g. A message appears saying "Successfully added...", as shown below on this page. The reverse
DNS record has a long name with your complete IPv6 address in it backwards.

7. Changing your DNS Servers at GoDaddy

a. In Firefox, go to http://www.godaddy.com and login to your account
b. On the left side, click "Domains".
c. Wait the gray "Manage" button to appear, and click it.
d. Go to the "Domain Manager".
e. You should see a list of your domains, as shown to the
right.
f. On the row with the domain name you registered earlier,
click the round button with a yellow D on it.
8. Click Nameservers.
a. On the next page, change the first two nameservers to NS1.HE.NET and NS2.HE.NET, as
shown below on this page.
b. Leave the others blank.
c. Click the OK button. A message appears saying "Your changes have been submitted...".
d. Click the OK button.

9. Testing Your Reverse DNS Configuration at Hurricane Electric

a. In Firefox, go to http://ipv6.he.net/certification and log in.
b. In the Professional section, in the "Check if your mail server has working rDNS" line, click
the -> button.
c. If you get a red "Your MX does not appear to have working RDNS" message, as shown
bwlow on this page, it probably means that your DNS records have not yet propagated to the
DNS server used by the test. You may have to wait a few hours. You can test your DNS to
see when it updates, as explained below.
10. Testing Forward DNS Records
a. Open a Command Prompt window. Type in these commands:
nslookup
set q=all
yourdomain.info

b. Replace yourdomain.info with your domain name.

c. When Sam tried it, the AAAA record was still pointing to an old address, as shown below.

11. Testing Reverse DNS Records

a. In a Command Prompt window. if nslookup is still running, type EXIT and press the Enter
key to stop it.
b. Type in these commands:
nslookup
xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
Replace the x’s with your IPv6 address.
c. If your reverse DNS is working correctly, you will see your domain name in the answer
section, as shown below.
 12. Passing the Reverse DNS Test
a. When you pass the test, the "Professional Questionnaire" appears. Fill it out.
b. You should now be a Professional, with a badge like the one shown below on this page.
Click the badge to see your score: it is now 390, worth 39 points.

Step 2. Next … Passing the Guru Test

1. The Hurricane Electric Certification test now shows the Guru test, as shown below on this page.
These tests determine if your namesevers are properly using IPv6, which they obviously are,
since you are using the Hurricane Electric nameservers. Just click the two "Test It!" buttons.
Then complete the questionnaire and you are a Guru.
Step 2. Finally … Passing the Sage Test

The Hurricane Electric Certification test now shows the Sage test, as shown below on this page. This
determines if your domain name registrar put an IPv6 glue record on the root domain servers. GoDaddy
does that for you. Just click the two "this link" link. On the next page, click the Submit button. On the
next page, scroll to the bottom and click the Submit button. A message says "Nothing to do here."

Viewing Your Score

1. On the top left, click the "Click for main page" button. Your badge now shows that you are a
Guru--Congratulations! Click your badge to show your score, as shown below.

2. You can also get the IPv6 Guru T-Shirt by filling out the request form at Hurricane Electric (and
isn’t that what’s really important).
3. Calculating Your Points
To determine your class points, divide the Hurricane Electric points by 10. If you have 560
points, as shown above on this page, you can get 56 points.

However, you can get a lot more points by taking the "Additional Tests" shown on the left side.
If you take them all, you can get up to 1000 Hurricane Electric points, as shown above on this
page, which is worth 100 points.