diff --git a/output/about-blog.html b/output/about-blog.html
index ff038d2..8e304ae 100644
--- a/output/about-blog.html
+++ b/output/about-blog.html
@@ -2,7 +2,7 @@
 <html>
 <head>
 	<meta charset=utf-8>
-	<meta name=generator content="Pelican 4.9.1">
+	<meta name=generator content="Pelican 4.8.0">
 	<meta name=author content="LEdoian">
 	<meta name=description content="My personal webpage">
 	<meta name=referrer content=no-referrer>
@@ -27,12 +27,15 @@
 <div>
 	<h2>Categories</h2>
 	<ul>
+	<li><a href="./category/networking.html">networking</a></li>
 	<li><a href="./category/talks.html">talks</a></li>
 	<li><a href="./category/technology.html">technology</a></li>
 	</ul>
 
 	<h2>Tags</h2>
 	<ul>
+	<li><a href="./tag/ipv6-only.html">ipv6-only</a></li>
+	<li><a href="./tag/dns.html">dns</a></li>
 	<li><a href="./tag/meta.html">meta</a></li>
 	<li><a href="./tag/infrastructure.html">infrastructure</a></li>
 	<li><a href="./tag/smrst.html">smršť</a></li>
@@ -306,7 +309,7 @@ context of my theme). So naturally, this is postponed to the future…</td></tr>
 
 <footer>
 <hr>
-Written using Pelican 4.9.1 by LEdoian.
+Written using Pelican 4.8.0 by LEdoian.
 </footer>
 
 </body>
diff --git a/output/archives.html b/output/archives.html
index f56e692..c96cca5 100644
--- a/output/archives.html
+++ b/output/archives.html
@@ -2,7 +2,7 @@
 <html>
 <head>
 	<meta charset=utf-8>
-	<meta name=generator content="Pelican 4.9.1">
+	<meta name=generator content="Pelican 4.8.0">
 	<meta name=author content="LEdoian">
 	<meta name=description content="My personal webpage">
 	<meta name=referrer content=no-referrer>
@@ -27,12 +27,15 @@
 <div>
 	<h2>Categories</h2>
 	<ul>
+	<li><a href="./category/networking.html">networking</a></li>
 	<li><a href="./category/talks.html">talks</a></li>
 	<li><a href="./category/technology.html">technology</a></li>
 	</ul>
 
 	<h2>Tags</h2>
 	<ul>
+	<li><a href="./tag/ipv6-only.html">ipv6-only</a></li>
+	<li><a href="./tag/dns.html">dns</a></li>
 	<li><a href="./tag/meta.html">meta</a></li>
 	<li><a href="./tag/infrastructure.html">infrastructure</a></li>
 	<li><a href="./tag/smrst.html">smršť</a></li>
@@ -51,7 +54,8 @@
 <main>
 	<div>
 <h1>Archive</h1>
-<ul> <li><a href="./about-blog.html">About this blog</a>
+<ul> <li><a href="./forgetting-dns6.html">Do not forget about IPv6 DNS</a>
+<li><a href="./about-blog.html">About this blog</a>
 <li><a href="./smrst2023-cs.html">Smršť 2023 (CZ)</a>
 </ul>
 	</div>
@@ -60,7 +64,7 @@
 
 <footer>
 <hr>
-Written using Pelican 4.9.1 by LEdoian.
+Written using Pelican 4.8.0 by LEdoian.
 </footer>
 
 </body>
diff --git a/output/categories.html b/output/categories.html
index 0ee6a42..7b20960 100644
--- a/output/categories.html
+++ b/output/categories.html
@@ -2,7 +2,7 @@
 <html>
 <head>
 	<meta charset=utf-8>
-	<meta name=generator content="Pelican 4.9.1">
+	<meta name=generator content="Pelican 4.8.0">
 	<meta name=author content="LEdoian">
 	<meta name=description content="My personal webpage">
 	<meta name=referrer content=no-referrer>
@@ -27,12 +27,15 @@
 <div>
 	<h2>Categories</h2>
 	<ul>
+	<li><a href="./category/networking.html">networking</a></li>
 	<li><a href="./category/talks.html">talks</a></li>
 	<li><a href="./category/technology.html">technology</a></li>
 	</ul>
 
 	<h2>Tags</h2>
 	<ul>
+	<li><a href="./tag/ipv6-only.html">ipv6-only</a></li>
+	<li><a href="./tag/dns.html">dns</a></li>
 	<li><a href="./tag/meta.html">meta</a></li>
 	<li><a href="./tag/infrastructure.html">infrastructure</a></li>
 	<li><a href="./tag/smrst.html">smršť</a></li>
@@ -56,7 +59,7 @@
 
 <footer>
 <hr>
-Written using Pelican 4.9.1 by LEdoian.
+Written using Pelican 4.8.0 by LEdoian.
 </footer>
 
 </body>
diff --git a/output/category/networking.html b/output/category/networking.html
new file mode 100644
index 0000000..2531f01
--- /dev/null
+++ b/output/category/networking.html
@@ -0,0 +1,69 @@
+<!doctype html>
+<html>
+<head>
+	<meta charset=utf-8>
+	<meta name=generator content="Pelican 4.8.0">
+	<meta name=author content="LEdoian">
+	<meta name=description content="My personal webpage">
+	<meta name=referrer content=no-referrer>
+
+
+	<link rel=stylesheet href="../theme/css/theme.css">
+
+	<title>Category: networking – LEdoian's Blog</title>
+</head>
+<body>
+
+<header>
+<h1>LEdoian's Blog</h1>
+</header>
+
+<div id=main>
+<nav>
+<div>
+	<!-- Main navigation -->
+	<!-- TODO! -->
+</div>
+<div>
+	<h2>Categories</h2>
+	<ul>
+	<li><a href="../category/networking.html">networking</a></li>
+	<li><a href="../category/talks.html">talks</a></li>
+	<li><a href="../category/technology.html">technology</a></li>
+	</ul>
+
+	<h2>Tags</h2>
+	<ul>
+	<li><a href="../tag/ipv6-only.html">ipv6-only</a></li>
+	<li><a href="../tag/dns.html">dns</a></li>
+	<li><a href="../tag/meta.html">meta</a></li>
+	<li><a href="../tag/infrastructure.html">infrastructure</a></li>
+	<li><a href="../tag/smrst.html">smršť</a></li>
+	<li><a href="../tag/trains.html">trains</a></li>
+	<li><a href="../tag/software-engineering.html">software-engineering</a></li>
+	</ul>
+</div>
+<div>
+	<h2>Stalk me also at</h2>
+	TODO!
+
+	<h2>I stalk</h2>
+	TODO!
+</nav>
+
+<main>
+	<div>
+<h1>Category: networking</h1>
+<ul> <li><a href="../forgetting-dns6.html">Do not forget about IPv6 DNS</a>
+</ul>
+	</div>
+</main>
+</div> <!-- #main -->
+
+<footer>
+<hr>
+Written using Pelican 4.8.0 by LEdoian.
+</footer>
+
+</body>
+</html>
diff --git a/output/category/talks.html b/output/category/talks.html
index d27ff03..91c8b63 100644
--- a/output/category/talks.html
+++ b/output/category/talks.html
@@ -2,7 +2,7 @@
 <html>
 <head>
 	<meta charset=utf-8>
-	<meta name=generator content="Pelican 4.9.1">
+	<meta name=generator content="Pelican 4.8.0">
 	<meta name=author content="LEdoian">
 	<meta name=description content="My personal webpage">
 	<meta name=referrer content=no-referrer>
@@ -27,12 +27,15 @@
 <div>
 	<h2>Categories</h2>
 	<ul>
+	<li><a href="../category/networking.html">networking</a></li>
 	<li><a href="../category/talks.html">talks</a></li>
 	<li><a href="../category/technology.html">technology</a></li>
 	</ul>
 
 	<h2>Tags</h2>
 	<ul>
+	<li><a href="../tag/ipv6-only.html">ipv6-only</a></li>
+	<li><a href="../tag/dns.html">dns</a></li>
 	<li><a href="../tag/meta.html">meta</a></li>
 	<li><a href="../tag/infrastructure.html">infrastructure</a></li>
 	<li><a href="../tag/smrst.html">smršť</a></li>
@@ -59,7 +62,7 @@
 
 <footer>
 <hr>
-Written using Pelican 4.9.1 by LEdoian.
+Written using Pelican 4.8.0 by LEdoian.
 </footer>
 
 </body>
diff --git a/output/category/technology.html b/output/category/technology.html
index 91265bd..8a2964f 100644
--- a/output/category/technology.html
+++ b/output/category/technology.html
@@ -2,7 +2,7 @@
 <html>
 <head>
 	<meta charset=utf-8>
-	<meta name=generator content="Pelican 4.9.1">
+	<meta name=generator content="Pelican 4.8.0">
 	<meta name=author content="LEdoian">
 	<meta name=description content="My personal webpage">
 	<meta name=referrer content=no-referrer>
@@ -27,12 +27,15 @@
 <div>
 	<h2>Categories</h2>
 	<ul>
+	<li><a href="../category/networking.html">networking</a></li>
 	<li><a href="../category/talks.html">talks</a></li>
 	<li><a href="../category/technology.html">technology</a></li>
 	</ul>
 
 	<h2>Tags</h2>
 	<ul>
+	<li><a href="../tag/ipv6-only.html">ipv6-only</a></li>
+	<li><a href="../tag/dns.html">dns</a></li>
 	<li><a href="../tag/meta.html">meta</a></li>
 	<li><a href="../tag/infrastructure.html">infrastructure</a></li>
 	<li><a href="../tag/smrst.html">smršť</a></li>
@@ -59,7 +62,7 @@
 
 <footer>
 <hr>
-Written using Pelican 4.9.1 by LEdoian.
+Written using Pelican 4.8.0 by LEdoian.
 </footer>
 
 </body>
diff --git a/output/drafts.html b/output/drafts.html
index 68c895a..d0bfe6d 100644
--- a/output/drafts.html
+++ b/output/drafts.html
@@ -2,7 +2,7 @@
 <html>
 <head>
 	<meta charset=utf-8>
-	<meta name=generator content="Pelican 4.9.1">
+	<meta name=generator content="Pelican 4.8.0">
 	<meta name=author content="LEdoian">
 	<meta name=description content="My personal webpage">
 	<meta name=referrer content=no-referrer>
@@ -27,12 +27,15 @@
 <div>
 	<h2>Categories</h2>
 	<ul>
+	<li><a href="./category/networking.html">networking</a></li>
 	<li><a href="./category/talks.html">talks</a></li>
 	<li><a href="./category/technology.html">technology</a></li>
 	</ul>
 
 	<h2>Tags</h2>
 	<ul>
+	<li><a href="./tag/ipv6-only.html">ipv6-only</a></li>
+	<li><a href="./tag/dns.html">dns</a></li>
 	<li><a href="./tag/meta.html">meta</a></li>
 	<li><a href="./tag/infrastructure.html">infrastructure</a></li>
 	<li><a href="./tag/smrst.html">smršť</a></li>
@@ -67,7 +70,6 @@ Here it is at one place and rendered, so it's maybe less pain to read.</p>
 
 <ul>
 	<li><a href="./drafts/ucw-keymap-on-wayland.html">UCW keyboard layout on XWayland</a>
-	<li><a href="./drafts/forgetting-dns6.html">Do not forget about IPv6 DNS</a>
 	<p>No draft pages currently.</p>
 	</div>
 </main>
@@ -75,7 +77,7 @@ Here it is at one place and rendered, so it's maybe less pain to read.</p>
 
 <footer>
 <hr>
-Written using Pelican 4.9.1 by LEdoian.
+Written using Pelican 4.8.0 by LEdoian.
 </footer>
 
 </body>
diff --git a/output/drafts/ucw-keymap-on-wayland.html b/output/drafts/ucw-keymap-on-wayland.html
index 3d7db8f..d9c73df 100644
--- a/output/drafts/ucw-keymap-on-wayland.html
+++ b/output/drafts/ucw-keymap-on-wayland.html
@@ -2,7 +2,7 @@
 <html>
 <head>
 	<meta charset=utf-8>
-	<meta name=generator content="Pelican 4.9.1">
+	<meta name=generator content="Pelican 4.8.0">
 	<meta name=author content="LEdoian">
 	<meta name=description content="My personal webpage">
 	<meta name=referrer content=no-referrer>
@@ -27,12 +27,15 @@
 <div>
 	<h2>Categories</h2>
 	<ul>
+	<li><a href="../category/networking.html">networking</a></li>
 	<li><a href="../category/talks.html">talks</a></li>
 	<li><a href="../category/technology.html">technology</a></li>
 	</ul>
 
 	<h2>Tags</h2>
 	<ul>
+	<li><a href="../tag/ipv6-only.html">ipv6-only</a></li>
+	<li><a href="../tag/dns.html">dns</a></li>
 	<li><a href="../tag/meta.html">meta</a></li>
 	<li><a href="../tag/infrastructure.html">infrastructure</a></li>
 	<li><a href="../tag/smrst.html">smršť</a></li>
@@ -295,7 +298,7 @@ future. However, this gets put on hold now.</td></tr>
 
 <footer>
 <hr>
-Written using Pelican 4.9.1 by LEdoian.
+Written using Pelican 4.8.0 by LEdoian.
 </footer>
 
 </body>
diff --git a/output/feeds/all.atom.xml b/output/feeds/all.atom.xml
index 651638e..5e93891 100644
--- a/output/feeds/all.atom.xml
+++ b/output/feeds/all.atom.xml
@@ -1,5 +1,304 @@
 <?xml version="1.0" encoding="utf-8"?>
-<feed xmlns="http://www.w3.org/2005/Atom"><title>LEdoian's Blog</title><link href="https://blog.ledoian.cz/" rel="alternate"></link><link href="https://blog.ledoian.cz/feeds/all.atom.xml" rel="self"></link><id>https://blog.ledoian.cz/</id><updated>2024-01-10T16:47:00+01:00</updated><entry><title>About this blog</title><link href="https://blog.ledoian.cz/about-blog.html" rel="alternate"></link><published>2024-01-10T16:47:00+01:00</published><updated>2024-01-10T16:47:00+01:00</updated><author><name>LEdoian</name></author><id>tag:blog.ledoian.cz,2024-01-10:/about-blog.html</id><summary type="html">&lt;p&gt;This is my blog and this article describes its setup and other details about my
+<feed xmlns="http://www.w3.org/2005/Atom"><title>LEdoian's Blog</title><link href="https://blog.ledoian.cz/" rel="alternate"></link><link href="https://blog.ledoian.cz/feeds/all.atom.xml" rel="self"></link><id>https://blog.ledoian.cz/</id><updated>2024-01-24T03:20:00+01:00</updated><entry><title>Do not forget about IPv6 DNS</title><link href="https://blog.ledoian.cz/forgetting-dns6.html" rel="alternate"></link><published>2024-01-24T03:20:00+01:00</published><updated>2024-01-24T03:20:00+01:00</updated><author><name>LEdoian</name></author><id>tag:blog.ledoian.cz,2024-01-24:/forgetting-dns6.html</id><summary type="html">&lt;p&gt;Do you think IPv6-only internet works OK? I am going to tell you that it does
+not, but it is not immediately visible. TL;DR: The internet can be broken also
+by forgetting to add AAAA records of the &lt;em&gt;nameservers&lt;/em&gt;. This creates IPv4
+requirement for the resolving even when the …&lt;/p&gt;</summary><content type="html">&lt;p&gt;Do you think IPv6-only internet works OK? I am going to tell you that it does
+not, but it is not immediately visible. TL;DR: The internet can be broken also
+by forgetting to add AAAA records of the &lt;em&gt;nameservers&lt;/em&gt;. This creates IPv4
+requirement for the resolving even when the target is reachable using IPv6.&lt;/p&gt;
+&lt;div class="section" id="quick-recap"&gt;
+&lt;h2&gt;Quick recap&lt;/h2&gt;
+&lt;p&gt;Connecting to a website is easy, right? You type in the name, you get the front page.&lt;/p&gt;
+&lt;div class="figure"&gt;
+&lt;object data="https://blog.ledoian.cz/images/forgetting-dns6/image1.svg" style="width: 50%;" type="image/svg+xml"&gt;&lt;/object&gt;
+&lt;p class="caption"&gt;This is a very naïve idea of connecting to a server.&lt;/p&gt;
+&lt;/div&gt;
+&lt;p&gt;OK, it is a bit harder: the computer needs an IP address, so we need to use
+this magic box called DNS. The flow looks something like this:&lt;/p&gt;
+&lt;div class="figure"&gt;
+&lt;object data="https://blog.ledoian.cz/images/forgetting-dns6/image2.svg" style="width: 50%;" type="image/svg+xml"&gt;&lt;/object&gt;
+&lt;p class="caption"&gt;Slightly better, now we at least know the machine-readable address.&lt;/p&gt;
+&lt;/div&gt;
+&lt;p&gt;And for IPv6-only everything on the picture has to have IPv6 connectivity and AAAA DNS records.&lt;/p&gt;
+&lt;div class="section" id="reaching-ipv4-land-from-ipv6-only"&gt;
+&lt;h3&gt;Reaching IPv4 land from IPv6-only&lt;/h3&gt;
+&lt;p&gt;There are few^H^H^Hmany sites that still only support IPv4. To reach them, we
+need someone who can reach both the IPv4- and IPv6-land to go there on our
+behalf – a proxy. This proxy can be ad-hoc (I often use &lt;tt class="docutils literal"&gt;ssh &lt;span class="pre"&gt;-D&lt;/span&gt;&lt;/tt&gt;) or there
+are well-known protocols like NAT64 with DNS64 to do that in a standard and
+lightweight manner. &lt;a class="footnote-reference" href="#nat44" id="footnote-reference-1"&gt;[1]&lt;/a&gt;
+In that case, the connection looks like this:&lt;/p&gt;
+&lt;div class="figure"&gt;
+&lt;object data="https://blog.ledoian.cz/images/forgetting-dns6/image3.svg" style="width: 100%;" type="image/svg+xml"&gt;&lt;/object&gt;
+&lt;p class="caption"&gt;And now we can reach the whole internet.&lt;/p&gt;
+&lt;/div&gt;
+&lt;p&gt;You might already know that you need some workaround like this to reach GitHub.
+What I think you might not know, you need similar workaround to reach the Wikipedia.&lt;/p&gt;
+&lt;p&gt;Disclaimer: I like Wikipedia and this is not meant to shame them, just use as
+an example. I am aware of several other sites suffering from the same problem,
+including at least one IPv6 test. &lt;a class="footnote-reference" href="#test-aaaa" id="footnote-reference-2"&gt;[2]&lt;/a&gt; (It would be nice if they added
+the missing piece in the puzzle, though.)&lt;/p&gt;
+&lt;/div&gt;
+&lt;/div&gt;
+&lt;div class="section" id="enter-dns"&gt;
+&lt;h2&gt;Enter DNS&lt;/h2&gt;
+&lt;p&gt;Our picture has one unexplored magic box: the DNS. As per the definition (which
+I just made up and was not bothered to even fully formulate):&lt;/p&gt;
+&lt;blockquote&gt;
+yada yada distributed database of records attached to the strings – domain
+names. The records hold various information about the domain depending on the type.&lt;/blockquote&gt;
+&lt;p&gt;There are three interesting types of records: A records give IPv4 addresses,
+AAAA give IPv6 addresses and NS give names of servers who know about the
+particular subtree of the database. And to actually resolve the final AAAA
+record the (recursive) resolver starts at the &lt;em&gt;root zone&lt;/em&gt; and tries to find
+the answer. &lt;a class="footnote-reference" href="#dns-simplification" id="footnote-reference-3"&gt;[3]&lt;/a&gt; The resolution algorithm can be visualised like this:&lt;/p&gt;
+&lt;div class="figure"&gt;
+&lt;object data="https://blog.ledoian.cz/images/forgetting-dns6/image4.svg" style="width: 100%;" type="image/svg+xml"&gt;&lt;/object&gt;
+&lt;p class="caption"&gt;Yeah, it's a mess.&lt;/p&gt;
+&lt;/div&gt;
+&lt;p&gt;There is one extra tricky bit: the NS records contain &lt;em&gt;names&lt;/em&gt;, not addresses,
+so when resolving we need &lt;em&gt;two&lt;/em&gt; queries for each layer (very simplified):
+first we ask for the final domain (&lt;tt class="docutils literal"&gt;blog.ledoian.cz&lt;/tt&gt;) and get a NS record
+(when the server does not have the answer) and then we need to ask for the A or
+AAAA record of the name from that record, so that we can connect to the server
+mentioned in the NS record. (This allows a nameserver to be made redundant
+and/or reside on other types of network.)&lt;/p&gt;
+&lt;p&gt;You might start to see the issue. When the DNS was just a black box, we could
+paint the whole picture green and call it a day. And from the regular user's
+point of view, that is the case, just use some public DNS like 1.1.1.1, 8.8.8.8
+or 9.9.9.9. Oh, right, I meant these easy-to-remember addresses:
+2606:4700:4700::1111, 2001:4860:4860::8888 and 2620:fe::fe, respectively. The
+point is, they will give you the answer because they are dual-stack, not IPv6-only.&lt;/p&gt;
+&lt;p&gt;In a way, those servers (or other dual-stack resolvers) act like another proxy,
+similar to the SSH, NAT64 and NAT44 ones mentioned earlier. This may not be
+much of a problem for many people. But if you have any reason to use your own
+recursive DNS server (privacy reasons, DNSSEC validation, ISP provides bad
+service, you are the ISP, …) &lt;em&gt;inside&lt;/em&gt; an IPv6-only network, you &lt;em&gt;will&lt;/em&gt; have
+issues. &lt;a class="footnote-reference" href="#dns-behind-nat64" id="footnote-reference-4"&gt;[4]&lt;/a&gt;&lt;/p&gt;
+&lt;/div&gt;
+&lt;div class="section" id="example-wikipedia"&gt;
+&lt;h2&gt;Example: Wikipedia&lt;/h2&gt;
+&lt;p&gt;Let's now see this in action. You know Wikipedia, right? And you can reach
+Wikipedia on IPv6, right? It has an AAAA record (don't mind the CNAME, that
+means that the server is really called some other way):&lt;/p&gt;
+&lt;pre class="literal-block"&gt;
+$ dig en.wikipedia.org AAAA
+[…]
+en.wikipedia.org.   18737   IN      CNAME   dyna.wikimedia.org.
+dyna.wikimedia.org. 323     IN      AAAA    2a02:ec80:600:ed1a::1
+&lt;/pre&gt;
+&lt;p&gt;And this record does work:&lt;/p&gt;
+&lt;pre class="literal-block"&gt;
+$ ncat --ssl 2a02:ec80:600:ed1a::1 443 &amp;lt;&amp;lt;GO
+GET /wiki/Main_Page HTTP/1.1
+Host: en.wikipedia.org
+
+GO
+HTTP/1.1 200 OK
+[…]
+content-language: en
+content-type: text/html; charset=UTF-8
+content-length: 98078
+
+&amp;lt;!DOCTYPE html&amp;gt;
+[…]
+&lt;/pre&gt;
+&lt;p&gt;But we can dig deeper: let's see what servers we are really asking:&lt;/p&gt;
+&lt;pre class="literal-block"&gt;
+$ dig en.wikipedia.org AAAA +trace
+
+; &amp;lt;&amp;lt;&amp;gt;&amp;gt; DiG … &amp;lt;&amp;lt;&amp;gt;&amp;gt; en.wikipedia.org AAAA +trace
+;; global options: +cmd
+.                   78918   IN      NS      e.root-servers.net.
+.                   78918   IN      NS      f.root-servers.net.
+.                   78918   IN      NS      g.root-servers.net.
+.                   78918   IN      NS      h.root-servers.net.
+.                   78918   IN      NS      i.root-servers.net.
+.                   78918   IN      NS      j.root-servers.net.
+.                   78918   IN      NS      k.root-servers.net.
+.                   78918   IN      NS      l.root-servers.net.
+.                   78918   IN      NS      m.root-servers.net.
+.                   78918   IN      NS      a.root-servers.net.
+.                   78918   IN      NS      b.root-servers.net.
+.                   78918   IN      NS      c.root-servers.net.
+.                   78918   IN      NS      d.root-servers.net.
+;; Received 525 bytes from … in 0 ms
+
+org.                        172800  IN      NS      c0.org.afilias-nst.info.
+org.                        172800  IN      NS      a2.org.afilias-nst.info.
+org.                        172800  IN      NS      a0.org.afilias-nst.info.
+org.                        172800  IN      NS      b0.org.afilias-nst.org.
+org.                        172800  IN      NS      b2.org.afilias-nst.org.
+org.                        172800  IN      NS      d0.org.afilias-nst.org.
+;; Received 788 bytes from 202.12.27.33#53(m.root-servers.net) in 24 ms
+
+wikipedia.org.              3600    IN      NS      ns0.wikimedia.org.
+wikipedia.org.              3600    IN      NS      ns1.wikimedia.org.
+wikipedia.org.              3600    IN      NS      ns2.wikimedia.org.
+;; Received 658 bytes from 2001:500:48::1#53(b2.org.afilias-nst.org) in 20 ms
+
+en.wikipedia.org.   86400   IN      CNAME   dyna.wikimedia.org.
+;; Received 94 bytes from 208.80.153.231#53(ns1.wikimedia.org) in 132 ms
+&lt;/pre&gt;
+&lt;p&gt;Hey, there are IPv4 addresses in there! I know, this is cheating, the output is
+from a dual-stack machine. But we can still simulate IPv6-only resolution
+by adding &lt;tt class="docutils literal"&gt;&lt;span class="pre"&gt;-6&lt;/span&gt;&lt;/tt&gt; flag:&lt;/p&gt;
+&lt;pre class="literal-block"&gt;
+$ dig en.wikipedia.org AAAA +trace -6
+
+; &amp;lt;&amp;lt;&amp;gt;&amp;gt; DiG … &amp;lt;&amp;lt;&amp;gt;&amp;gt; en.wikipedia.org AAAA +trace -6
+;; global options: +cmd
+.                   78915   IN      NS      d.root-servers.net.
+.                   78915   IN      NS      e.root-servers.net.
+.                   78915   IN      NS      f.root-servers.net.
+.                   78915   IN      NS      g.root-servers.net.
+.                   78915   IN      NS      h.root-servers.net.
+.                   78915   IN      NS      i.root-servers.net.
+.                   78915   IN      NS      j.root-servers.net.
+.                   78915   IN      NS      k.root-servers.net.
+.                   78915   IN      NS      l.root-servers.net.
+.                   78915   IN      NS      m.root-servers.net.
+.                   78915   IN      NS      a.root-servers.net.
+.                   78915   IN      NS      b.root-servers.net.
+.                   78915   IN      NS      c.root-servers.net.
+;; Received 525 bytes from … in 0 ms
+
+org.                        172800  IN      NS      d0.org.afilias-nst.org.
+org.                        172800  IN      NS      c0.org.afilias-nst.info.
+org.                        172800  IN      NS      b2.org.afilias-nst.org.
+org.                        172800  IN      NS      a0.org.afilias-nst.info.
+org.                        172800  IN      NS      b0.org.afilias-nst.org.
+org.                        172800  IN      NS      a2.org.afilias-nst.info.
+;; Received 816 bytes from 2001:500:2::c#53(c.root-servers.net) in 8 ms
+
+wikipedia.org.              3600    IN      NS      ns0.wikimedia.org.
+wikipedia.org.              3600    IN      NS      ns1.wikimedia.org.
+wikipedia.org.              3600    IN      NS      ns2.wikimedia.org.
+couldn't get address for 'ns0.wikimedia.org': not found
+couldn't get address for 'ns1.wikimedia.org': not found
+couldn't get address for 'ns2.wikimedia.org': not found
+dig: couldn't get address for 'ns0.wikimedia.org': no more
+&lt;/pre&gt;
+&lt;p&gt;Some of those IPv4 addresses were benign – the respective servers are reachable
+both using IPv4 and IPv6 address or there is an alternative server that is
+reachable using IPv6. That is the case for the root nameserver – in the second
+case, we used C, which has IPv6 address (2001:500:2::c). In fact, the M server
+also has IPv6 address, but dig chose the IPv4 one (it should not matter):&lt;/p&gt;
+&lt;pre class="literal-block"&gt;
+$ dig m.root-servers.net AAAA
+[…]
+m.root-servers.net. 77991   IN      AAAA    2001:dc3::35
+&lt;/pre&gt;
+&lt;p&gt;But the latter case is the bigger issue. For the domain &lt;tt class="docutils literal"&gt;wikipedia.org&lt;/tt&gt; there
+are three nameservers:&lt;/p&gt;
+&lt;pre class="literal-block"&gt;
+$ dig wikipedia.org NS -6
+[…]
+wikipedia.org.              86400   IN      NS      ns0.wikimedia.org.
+wikipedia.org.              86400   IN      NS      ns1.wikimedia.org.
+wikipedia.org.              86400   IN      NS      ns2.wikimedia.org.
+&lt;/pre&gt;
+&lt;p&gt;This is the last answer that we could get on an IPv6-only network, because none of
+these three servers has AAAA record (some of them may have IPv6 address unknown to us):&lt;/p&gt;
+&lt;pre class="literal-block"&gt;
+$ dig ns0.wikimedia.org AAAA
+[…]
+;; Got answer:
+;; -&amp;gt;&amp;gt;HEADER&amp;lt;&amp;lt;- opcode: QUERY, status: NOERROR, id: 59468
+;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
+&lt;/pre&gt;
+&lt;p&gt;The NOERROR status says the domain name exists, but we got zero answers for
+AAAA records. This is the case for all three nameservers. And here is the
+ultimate picture of what is happening and what goes wrong.&lt;/p&gt;
+&lt;div class="figure"&gt;
+&lt;object data="https://blog.ledoian.cz/images/forgetting-dns6/image5.svg" style="width: 100%;" type="image/svg+xml"&gt;&lt;/object&gt;
+&lt;p class="caption"&gt;The breakage in action&lt;/p&gt;
+&lt;/div&gt;
+&lt;p&gt;Also note that the connection from the laptop to the DNS resolver may in fact
+consist of a chain of several (caching, non-recursive) DNS resolvers, so that
+the final DNS resolver can have dual-stack connectivity.&lt;/p&gt;
+&lt;/div&gt;
+&lt;div class="section" id="the-problems-with-this-state"&gt;
+&lt;h2&gt;The problems with this state&lt;/h2&gt;
+&lt;p&gt;So, what is the deal. We &lt;em&gt;just&lt;/em&gt; need to have a dual-stack DNS resolver
+somewhere, and that's it, no? Well, yes but actually yes.&lt;/p&gt;
+&lt;p&gt;There are two problems with this: First, this means that any new ISP needs to
+have &lt;em&gt;at least some&lt;/em&gt; IPv4 address, even if they intend to just use IPv6
+services. IPv4 addresses are scarce, &lt;a class="reference external" href="https://blog.apnic.net/2021/12/16/opinion-ipv4-address-markets/"&gt;expensive&lt;/a&gt; and small
+blocks &lt;a class="reference external" href="https://labs.ripe.net/author/stephen_strowes/visibility-of-ipv4-and-ipv6-prefix-lengths-in-2019/"&gt;don't route well&lt;/a&gt;,
+which is not great both from the
+new ISP's and from overal routing's point of view. It also hinders IPv6
+deployment and postpones IPv4 abandonment, needlessly.&lt;/p&gt;
+&lt;p&gt;The second issue is that this is not very visible. We are building IPv6 world,
+but deep inside it still relies on IPv4, which might lead to great surprise
+when we start cutting off IPv4 internet. And it might lead to false sense of
+having IPv6 deployed, which is not true to the whole extent.&lt;/p&gt;
+&lt;p&gt;Insert &amp;quot;It was DNS&amp;quot; meme here.&lt;/p&gt;
+&lt;/div&gt;
+&lt;div class="section" id="solution"&gt;
+&lt;h2&gt;Solution&lt;/h2&gt;
+&lt;p&gt;The solution of this state is simple: get IPv6 connectivity to your
+authoritative DNS server (or use another) and do not forget to add an AAAA
+record for it in DNS. If the DNS server already has IPv6 it is probably just
+a matter of adding a single line to the zone file (and a second one for the DNSSEC
+signature), which should not be a big deal.&lt;/p&gt;
+&lt;p&gt;Unfortunately, this needs to be done for the whole DNS chain.
+Especially domain names at universities are infamous for very nested domains.
+A domain name may look like
+&lt;tt class="docutils literal"&gt;&lt;span class="pre"&gt;machine.department.location.faculty.university.some-common.suffix&lt;/span&gt;&lt;/tt&gt;. That
+tree is deep and so is the resolution of this problem.&lt;/p&gt;
+&lt;/div&gt;
+&lt;div class="section" id="amusing-bug-of-almost-good-deployment"&gt;
+&lt;h2&gt;Amusing bug of almost good deployment&lt;/h2&gt;
+&lt;p&gt;We have seen there may be multiple NS records for a domain and thus
+multiple nameservers. This is good for redundancy. But this does not mean that
+the servers will have the same records – they are only supposed to give
+equivalent answers (as far as I know).&lt;/p&gt;
+&lt;p&gt;I have come across a silly misconfiguration: a domain which has several
+nameservers, which serve a &lt;em&gt;slightly&lt;/em&gt; different set of NS records for its
+subdomain. Specifically, the servers which were only reachable using IPv4 were
+&lt;em&gt;exactly&lt;/em&gt; the servers that knew about one additional nameserver for the
+subdomain, which, incidentally, was the &lt;em&gt;only&lt;/em&gt; one that was IPv6-capable.&lt;/p&gt;
+&lt;p&gt;So, while all the correct records were present in DNS (somewhat/somewhere), this still
+meant that IPv6-only resolution was doomed to fail because the IPv6 nameserver
+chain was broken. (This has already been fixed.)&lt;/p&gt;
+&lt;hr class="docutils" /&gt;
+&lt;table class="docutils footnote" frame="void" id="nat44" rules="none"&gt;
+&lt;colgroup&gt;&lt;col class="label" /&gt;&lt;col /&gt;&lt;/colgroup&gt;
+&lt;tbody valign="top"&gt;
+&lt;tr&gt;&lt;td class="label"&gt;&lt;a class="fn-backref" href="#footnote-reference-1"&gt;[1]&lt;/a&gt;&lt;/td&gt;&lt;td&gt;This is very much the same as when you try to reach the
+IPv4-public-land from IPv4-private-land, that is, from a private range of IP
+addresses. This is called either just NAT, or NAT44 to denote IPv4-to-IPv4 NAT.&lt;/td&gt;&lt;/tr&gt;
+&lt;/tbody&gt;
+&lt;/table&gt;
+&lt;table class="docutils footnote" frame="void" id="test-aaaa" rules="none"&gt;
+&lt;colgroup&gt;&lt;col class="label" /&gt;&lt;col /&gt;&lt;/colgroup&gt;
+&lt;tbody valign="top"&gt;
+&lt;tr&gt;&lt;td class="label"&gt;&lt;a class="fn-backref" href="#footnote-reference-2"&gt;[2]&lt;/a&gt;&lt;/td&gt;&lt;td&gt;There are several more tests that do not even have the AAAA
+record, lol.&lt;/td&gt;&lt;/tr&gt;
+&lt;/tbody&gt;
+&lt;/table&gt;
+&lt;table class="docutils footnote" frame="void" id="dns-simplification" rules="none"&gt;
+&lt;colgroup&gt;&lt;col class="label" /&gt;&lt;col /&gt;&lt;/colgroup&gt;
+&lt;tbody valign="top"&gt;
+&lt;tr&gt;&lt;td class="label"&gt;&lt;a class="fn-backref" href="#footnote-reference-3"&gt;[3]&lt;/a&gt;&lt;/td&gt;&lt;td&gt;In my example, there is a single recursive DNS
+resolver external to my machine in order not to complicate it too much.
+The real deployment is often trickier.&lt;/td&gt;&lt;/tr&gt;
+&lt;/tbody&gt;
+&lt;/table&gt;
+&lt;table class="docutils footnote" frame="void" id="dns-behind-nat64" rules="none"&gt;
+&lt;colgroup&gt;&lt;col class="label" /&gt;&lt;col /&gt;&lt;/colgroup&gt;
+&lt;tbody valign="top"&gt;
+&lt;tr&gt;&lt;td class="label"&gt;&lt;a class="fn-backref" href="#footnote-reference-4"&gt;[4]&lt;/a&gt;&lt;/td&gt;&lt;td&gt;I have not yet tried to run a recursive DNS in a network
+with DNS64 and NAT64. Could be fun :-D My wild guess is that I would need
+CLAT (i.e. the full 464XLAT deployment) to make that work, since the
+resolver is connecting directly to IPv4 addresses and would need to learn to
+use NAT64 to resolve them. (The CLAT could be built right into the resolver,
+though).&lt;/td&gt;&lt;/tr&gt;
+&lt;/tbody&gt;
+&lt;/table&gt;
+&lt;/div&gt;
+</content><category term="networking"></category><category term="ipv6-only"></category><category term="dns"></category></entry><entry><title>About this blog</title><link href="https://blog.ledoian.cz/about-blog.html" rel="alternate"></link><published>2024-01-10T16:47:00+01:00</published><updated>2024-01-10T16:47:00+01:00</updated><author><name>LEdoian</name></author><id>tag:blog.ledoian.cz,2024-01-10:/about-blog.html</id><summary type="html">&lt;p&gt;This is my blog and this article describes its setup and other details about my
 intentions. The actual &lt;a class="reference internal" href="#the-setup"&gt;setup&lt;/a&gt; is probably the most
 interesting tech-wise.&lt;/p&gt;
 &lt;div class="section" id="what-is-this"&gt;
diff --git a/output/feeds/networking.atom.xml b/output/feeds/networking.atom.xml
new file mode 100644
index 0000000..0668370
--- /dev/null
+++ b/output/feeds/networking.atom.xml
@@ -0,0 +1,301 @@
+<?xml version="1.0" encoding="utf-8"?>
+<feed xmlns="http://www.w3.org/2005/Atom"><title>LEdoian's Blog - networking</title><link href="https://blog.ledoian.cz/" rel="alternate"></link><link href="https://blog.ledoian.cz/feeds/networking.atom.xml" rel="self"></link><id>https://blog.ledoian.cz/</id><updated>2024-01-24T03:20:00+01:00</updated><entry><title>Do not forget about IPv6 DNS</title><link href="https://blog.ledoian.cz/forgetting-dns6.html" rel="alternate"></link><published>2024-01-24T03:20:00+01:00</published><updated>2024-01-24T03:20:00+01:00</updated><author><name>LEdoian</name></author><id>tag:blog.ledoian.cz,2024-01-24:/forgetting-dns6.html</id><summary type="html">&lt;p&gt;Do you think IPv6-only internet works OK? I am going to tell you that it does
+not, but it is not immediately visible. TL;DR: The internet can be broken also
+by forgetting to add AAAA records of the &lt;em&gt;nameservers&lt;/em&gt;. This creates IPv4
+requirement for the resolving even when the …&lt;/p&gt;</summary><content type="html">&lt;p&gt;Do you think IPv6-only internet works OK? I am going to tell you that it does
+not, but it is not immediately visible. TL;DR: The internet can be broken also
+by forgetting to add AAAA records of the &lt;em&gt;nameservers&lt;/em&gt;. This creates IPv4
+requirement for the resolving even when the target is reachable using IPv6.&lt;/p&gt;
+&lt;div class="section" id="quick-recap"&gt;
+&lt;h2&gt;Quick recap&lt;/h2&gt;
+&lt;p&gt;Connecting to a website is easy, right? You type in the name, you get the front page.&lt;/p&gt;
+&lt;div class="figure"&gt;
+&lt;object data="https://blog.ledoian.cz/images/forgetting-dns6/image1.svg" style="width: 50%;" type="image/svg+xml"&gt;&lt;/object&gt;
+&lt;p class="caption"&gt;This is a very naïve idea of connecting to a server.&lt;/p&gt;
+&lt;/div&gt;
+&lt;p&gt;OK, it is a bit harder: the computer needs an IP address, so we need to use
+this magic box called DNS. The flow looks something like this:&lt;/p&gt;
+&lt;div class="figure"&gt;
+&lt;object data="https://blog.ledoian.cz/images/forgetting-dns6/image2.svg" style="width: 50%;" type="image/svg+xml"&gt;&lt;/object&gt;
+&lt;p class="caption"&gt;Slightly better, now we at least know the machine-readable address.&lt;/p&gt;
+&lt;/div&gt;
+&lt;p&gt;And for IPv6-only everything on the picture has to have IPv6 connectivity and AAAA DNS records.&lt;/p&gt;
+&lt;div class="section" id="reaching-ipv4-land-from-ipv6-only"&gt;
+&lt;h3&gt;Reaching IPv4 land from IPv6-only&lt;/h3&gt;
+&lt;p&gt;There are few^H^H^Hmany sites that still only support IPv4. To reach them, we
+need someone who can reach both the IPv4- and IPv6-land to go there on our
+behalf – a proxy. This proxy can be ad-hoc (I often use &lt;tt class="docutils literal"&gt;ssh &lt;span class="pre"&gt;-D&lt;/span&gt;&lt;/tt&gt;) or there
+are well-known protocols like NAT64 with DNS64 to do that in a standard and
+lightweight manner. &lt;a class="footnote-reference" href="#nat44" id="footnote-reference-1"&gt;[1]&lt;/a&gt;
+In that case, the connection looks like this:&lt;/p&gt;
+&lt;div class="figure"&gt;
+&lt;object data="https://blog.ledoian.cz/images/forgetting-dns6/image3.svg" style="width: 100%;" type="image/svg+xml"&gt;&lt;/object&gt;
+&lt;p class="caption"&gt;And now we can reach the whole internet.&lt;/p&gt;
+&lt;/div&gt;
+&lt;p&gt;You might already know that you need some workaround like this to reach GitHub.
+What I think you might not know, you need similar workaround to reach the Wikipedia.&lt;/p&gt;
+&lt;p&gt;Disclaimer: I like Wikipedia and this is not meant to shame them, just use as
+an example. I am aware of several other sites suffering from the same problem,
+including at least one IPv6 test. &lt;a class="footnote-reference" href="#test-aaaa" id="footnote-reference-2"&gt;[2]&lt;/a&gt; (It would be nice if they added
+the missing piece in the puzzle, though.)&lt;/p&gt;
+&lt;/div&gt;
+&lt;/div&gt;
+&lt;div class="section" id="enter-dns"&gt;
+&lt;h2&gt;Enter DNS&lt;/h2&gt;
+&lt;p&gt;Our picture has one unexplored magic box: the DNS. As per the definition (which
+I just made up and was not bothered to even fully formulate):&lt;/p&gt;
+&lt;blockquote&gt;
+yada yada distributed database of records attached to the strings – domain
+names. The records hold various information about the domain depending on the type.&lt;/blockquote&gt;
+&lt;p&gt;There are three interesting types of records: A records give IPv4 addresses,
+AAAA give IPv6 addresses and NS give names of servers who know about the
+particular subtree of the database. And to actually resolve the final AAAA
+record the (recursive) resolver starts at the &lt;em&gt;root zone&lt;/em&gt; and tries to find
+the answer. &lt;a class="footnote-reference" href="#dns-simplification" id="footnote-reference-3"&gt;[3]&lt;/a&gt; The resolution algorithm can be visualised like this:&lt;/p&gt;
+&lt;div class="figure"&gt;
+&lt;object data="https://blog.ledoian.cz/images/forgetting-dns6/image4.svg" style="width: 100%;" type="image/svg+xml"&gt;&lt;/object&gt;
+&lt;p class="caption"&gt;Yeah, it's a mess.&lt;/p&gt;
+&lt;/div&gt;
+&lt;p&gt;There is one extra tricky bit: the NS records contain &lt;em&gt;names&lt;/em&gt;, not addresses,
+so when resolving we need &lt;em&gt;two&lt;/em&gt; queries for each layer (very simplified):
+first we ask for the final domain (&lt;tt class="docutils literal"&gt;blog.ledoian.cz&lt;/tt&gt;) and get a NS record
+(when the server does not have the answer) and then we need to ask for the A or
+AAAA record of the name from that record, so that we can connect to the server
+mentioned in the NS record. (This allows a nameserver to be made redundant
+and/or reside on other types of network.)&lt;/p&gt;
+&lt;p&gt;You might start to see the issue. When the DNS was just a black box, we could
+paint the whole picture green and call it a day. And from the regular user's
+point of view, that is the case, just use some public DNS like 1.1.1.1, 8.8.8.8
+or 9.9.9.9. Oh, right, I meant these easy-to-remember addresses:
+2606:4700:4700::1111, 2001:4860:4860::8888 and 2620:fe::fe, respectively. The
+point is, they will give you the answer because they are dual-stack, not IPv6-only.&lt;/p&gt;
+&lt;p&gt;In a way, those servers (or other dual-stack resolvers) act like another proxy,
+similar to the SSH, NAT64 and NAT44 ones mentioned earlier. This may not be
+much of a problem for many people. But if you have any reason to use your own
+recursive DNS server (privacy reasons, DNSSEC validation, ISP provides bad
+service, you are the ISP, …) &lt;em&gt;inside&lt;/em&gt; an IPv6-only network, you &lt;em&gt;will&lt;/em&gt; have
+issues. &lt;a class="footnote-reference" href="#dns-behind-nat64" id="footnote-reference-4"&gt;[4]&lt;/a&gt;&lt;/p&gt;
+&lt;/div&gt;
+&lt;div class="section" id="example-wikipedia"&gt;
+&lt;h2&gt;Example: Wikipedia&lt;/h2&gt;
+&lt;p&gt;Let's now see this in action. You know Wikipedia, right? And you can reach
+Wikipedia on IPv6, right? It has an AAAA record (don't mind the CNAME, that
+means that the server is really called some other way):&lt;/p&gt;
+&lt;pre class="literal-block"&gt;
+$ dig en.wikipedia.org AAAA
+[…]
+en.wikipedia.org.   18737   IN      CNAME   dyna.wikimedia.org.
+dyna.wikimedia.org. 323     IN      AAAA    2a02:ec80:600:ed1a::1
+&lt;/pre&gt;
+&lt;p&gt;And this record does work:&lt;/p&gt;
+&lt;pre class="literal-block"&gt;
+$ ncat --ssl 2a02:ec80:600:ed1a::1 443 &amp;lt;&amp;lt;GO
+GET /wiki/Main_Page HTTP/1.1
+Host: en.wikipedia.org
+
+GO
+HTTP/1.1 200 OK
+[…]
+content-language: en
+content-type: text/html; charset=UTF-8
+content-length: 98078
+
+&amp;lt;!DOCTYPE html&amp;gt;
+[…]
+&lt;/pre&gt;
+&lt;p&gt;But we can dig deeper: let's see what servers we are really asking:&lt;/p&gt;
+&lt;pre class="literal-block"&gt;
+$ dig en.wikipedia.org AAAA +trace
+
+; &amp;lt;&amp;lt;&amp;gt;&amp;gt; DiG … &amp;lt;&amp;lt;&amp;gt;&amp;gt; en.wikipedia.org AAAA +trace
+;; global options: +cmd
+.                   78918   IN      NS      e.root-servers.net.
+.                   78918   IN      NS      f.root-servers.net.
+.                   78918   IN      NS      g.root-servers.net.
+.                   78918   IN      NS      h.root-servers.net.
+.                   78918   IN      NS      i.root-servers.net.
+.                   78918   IN      NS      j.root-servers.net.
+.                   78918   IN      NS      k.root-servers.net.
+.                   78918   IN      NS      l.root-servers.net.
+.                   78918   IN      NS      m.root-servers.net.
+.                   78918   IN      NS      a.root-servers.net.
+.                   78918   IN      NS      b.root-servers.net.
+.                   78918   IN      NS      c.root-servers.net.
+.                   78918   IN      NS      d.root-servers.net.
+;; Received 525 bytes from … in 0 ms
+
+org.                        172800  IN      NS      c0.org.afilias-nst.info.
+org.                        172800  IN      NS      a2.org.afilias-nst.info.
+org.                        172800  IN      NS      a0.org.afilias-nst.info.
+org.                        172800  IN      NS      b0.org.afilias-nst.org.
+org.                        172800  IN      NS      b2.org.afilias-nst.org.
+org.                        172800  IN      NS      d0.org.afilias-nst.org.
+;; Received 788 bytes from 202.12.27.33#53(m.root-servers.net) in 24 ms
+
+wikipedia.org.              3600    IN      NS      ns0.wikimedia.org.
+wikipedia.org.              3600    IN      NS      ns1.wikimedia.org.
+wikipedia.org.              3600    IN      NS      ns2.wikimedia.org.
+;; Received 658 bytes from 2001:500:48::1#53(b2.org.afilias-nst.org) in 20 ms
+
+en.wikipedia.org.   86400   IN      CNAME   dyna.wikimedia.org.
+;; Received 94 bytes from 208.80.153.231#53(ns1.wikimedia.org) in 132 ms
+&lt;/pre&gt;
+&lt;p&gt;Hey, there are IPv4 addresses in there! I know, this is cheating, the output is
+from a dual-stack machine. But we can still simulate IPv6-only resolution
+by adding &lt;tt class="docutils literal"&gt;&lt;span class="pre"&gt;-6&lt;/span&gt;&lt;/tt&gt; flag:&lt;/p&gt;
+&lt;pre class="literal-block"&gt;
+$ dig en.wikipedia.org AAAA +trace -6
+
+; &amp;lt;&amp;lt;&amp;gt;&amp;gt; DiG … &amp;lt;&amp;lt;&amp;gt;&amp;gt; en.wikipedia.org AAAA +trace -6
+;; global options: +cmd
+.                   78915   IN      NS      d.root-servers.net.
+.                   78915   IN      NS      e.root-servers.net.
+.                   78915   IN      NS      f.root-servers.net.
+.                   78915   IN      NS      g.root-servers.net.
+.                   78915   IN      NS      h.root-servers.net.
+.                   78915   IN      NS      i.root-servers.net.
+.                   78915   IN      NS      j.root-servers.net.
+.                   78915   IN      NS      k.root-servers.net.
+.                   78915   IN      NS      l.root-servers.net.
+.                   78915   IN      NS      m.root-servers.net.
+.                   78915   IN      NS      a.root-servers.net.
+.                   78915   IN      NS      b.root-servers.net.
+.                   78915   IN      NS      c.root-servers.net.
+;; Received 525 bytes from … in 0 ms
+
+org.                        172800  IN      NS      d0.org.afilias-nst.org.
+org.                        172800  IN      NS      c0.org.afilias-nst.info.
+org.                        172800  IN      NS      b2.org.afilias-nst.org.
+org.                        172800  IN      NS      a0.org.afilias-nst.info.
+org.                        172800  IN      NS      b0.org.afilias-nst.org.
+org.                        172800  IN      NS      a2.org.afilias-nst.info.
+;; Received 816 bytes from 2001:500:2::c#53(c.root-servers.net) in 8 ms
+
+wikipedia.org.              3600    IN      NS      ns0.wikimedia.org.
+wikipedia.org.              3600    IN      NS      ns1.wikimedia.org.
+wikipedia.org.              3600    IN      NS      ns2.wikimedia.org.
+couldn't get address for 'ns0.wikimedia.org': not found
+couldn't get address for 'ns1.wikimedia.org': not found
+couldn't get address for 'ns2.wikimedia.org': not found
+dig: couldn't get address for 'ns0.wikimedia.org': no more
+&lt;/pre&gt;
+&lt;p&gt;Some of those IPv4 addresses were benign – the respective servers are reachable
+both using IPv4 and IPv6 address or there is an alternative server that is
+reachable using IPv6. That is the case for the root nameserver – in the second
+case, we used C, which has IPv6 address (2001:500:2::c). In fact, the M server
+also has IPv6 address, but dig chose the IPv4 one (it should not matter):&lt;/p&gt;
+&lt;pre class="literal-block"&gt;
+$ dig m.root-servers.net AAAA
+[…]
+m.root-servers.net. 77991   IN      AAAA    2001:dc3::35
+&lt;/pre&gt;
+&lt;p&gt;But the latter case is the bigger issue. For the domain &lt;tt class="docutils literal"&gt;wikipedia.org&lt;/tt&gt; there
+are three nameservers:&lt;/p&gt;
+&lt;pre class="literal-block"&gt;
+$ dig wikipedia.org NS -6
+[…]
+wikipedia.org.              86400   IN      NS      ns0.wikimedia.org.
+wikipedia.org.              86400   IN      NS      ns1.wikimedia.org.
+wikipedia.org.              86400   IN      NS      ns2.wikimedia.org.
+&lt;/pre&gt;
+&lt;p&gt;This is the last answer that we could get on an IPv6-only network, because none of
+these three servers has AAAA record (some of them may have IPv6 address unknown to us):&lt;/p&gt;
+&lt;pre class="literal-block"&gt;
+$ dig ns0.wikimedia.org AAAA
+[…]
+;; Got answer:
+;; -&amp;gt;&amp;gt;HEADER&amp;lt;&amp;lt;- opcode: QUERY, status: NOERROR, id: 59468
+;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
+&lt;/pre&gt;
+&lt;p&gt;The NOERROR status says the domain name exists, but we got zero answers for
+AAAA records. This is the case for all three nameservers. And here is the
+ultimate picture of what is happening and what goes wrong.&lt;/p&gt;
+&lt;div class="figure"&gt;
+&lt;object data="https://blog.ledoian.cz/images/forgetting-dns6/image5.svg" style="width: 100%;" type="image/svg+xml"&gt;&lt;/object&gt;
+&lt;p class="caption"&gt;The breakage in action&lt;/p&gt;
+&lt;/div&gt;
+&lt;p&gt;Also note that the connection from the laptop to the DNS resolver may in fact
+consist of a chain of several (caching, non-recursive) DNS resolvers, so that
+the final DNS resolver can have dual-stack connectivity.&lt;/p&gt;
+&lt;/div&gt;
+&lt;div class="section" id="the-problems-with-this-state"&gt;
+&lt;h2&gt;The problems with this state&lt;/h2&gt;
+&lt;p&gt;So, what is the deal. We &lt;em&gt;just&lt;/em&gt; need to have a dual-stack DNS resolver
+somewhere, and that's it, no? Well, yes but actually yes.&lt;/p&gt;
+&lt;p&gt;There are two problems with this: First, this means that any new ISP needs to
+have &lt;em&gt;at least some&lt;/em&gt; IPv4 address, even if they intend to just use IPv6
+services. IPv4 addresses are scarce, &lt;a class="reference external" href="https://blog.apnic.net/2021/12/16/opinion-ipv4-address-markets/"&gt;expensive&lt;/a&gt; and small
+blocks &lt;a class="reference external" href="https://labs.ripe.net/author/stephen_strowes/visibility-of-ipv4-and-ipv6-prefix-lengths-in-2019/"&gt;don't route well&lt;/a&gt;,
+which is not great both from the
+new ISP's and from overal routing's point of view. It also hinders IPv6
+deployment and postpones IPv4 abandonment, needlessly.&lt;/p&gt;
+&lt;p&gt;The second issue is that this is not very visible. We are building IPv6 world,
+but deep inside it still relies on IPv4, which might lead to great surprise
+when we start cutting off IPv4 internet. And it might lead to false sense of
+having IPv6 deployed, which is not true to the whole extent.&lt;/p&gt;
+&lt;p&gt;Insert &amp;quot;It was DNS&amp;quot; meme here.&lt;/p&gt;
+&lt;/div&gt;
+&lt;div class="section" id="solution"&gt;
+&lt;h2&gt;Solution&lt;/h2&gt;
+&lt;p&gt;The solution of this state is simple: get IPv6 connectivity to your
+authoritative DNS server (or use another) and do not forget to add an AAAA
+record for it in DNS. If the DNS server already has IPv6 it is probably just
+a matter of adding a single line to the zone file (and a second one for the DNSSEC
+signature), which should not be a big deal.&lt;/p&gt;
+&lt;p&gt;Unfortunately, this needs to be done for the whole DNS chain.
+Especially domain names at universities are infamous for very nested domains.
+A domain name may look like
+&lt;tt class="docutils literal"&gt;&lt;span class="pre"&gt;machine.department.location.faculty.university.some-common.suffix&lt;/span&gt;&lt;/tt&gt;. That
+tree is deep and so is the resolution of this problem.&lt;/p&gt;
+&lt;/div&gt;
+&lt;div class="section" id="amusing-bug-of-almost-good-deployment"&gt;
+&lt;h2&gt;Amusing bug of almost good deployment&lt;/h2&gt;
+&lt;p&gt;We have seen there may be multiple NS records for a domain and thus
+multiple nameservers. This is good for redundancy. But this does not mean that
+the servers will have the same records – they are only supposed to give
+equivalent answers (as far as I know).&lt;/p&gt;
+&lt;p&gt;I have come across a silly misconfiguration: a domain which has several
+nameservers, which serve a &lt;em&gt;slightly&lt;/em&gt; different set of NS records for its
+subdomain. Specifically, the servers which were only reachable using IPv4 were
+&lt;em&gt;exactly&lt;/em&gt; the servers that knew about one additional nameserver for the
+subdomain, which, incidentally, was the &lt;em&gt;only&lt;/em&gt; one that was IPv6-capable.&lt;/p&gt;
+&lt;p&gt;So, while all the correct records were present in DNS (somewhat/somewhere), this still
+meant that IPv6-only resolution was doomed to fail because the IPv6 nameserver
+chain was broken. (This has already been fixed.)&lt;/p&gt;
+&lt;hr class="docutils" /&gt;
+&lt;table class="docutils footnote" frame="void" id="nat44" rules="none"&gt;
+&lt;colgroup&gt;&lt;col class="label" /&gt;&lt;col /&gt;&lt;/colgroup&gt;
+&lt;tbody valign="top"&gt;
+&lt;tr&gt;&lt;td class="label"&gt;&lt;a class="fn-backref" href="#footnote-reference-1"&gt;[1]&lt;/a&gt;&lt;/td&gt;&lt;td&gt;This is very much the same as when you try to reach the
+IPv4-public-land from IPv4-private-land, that is, from a private range of IP
+addresses. This is called either just NAT, or NAT44 to denote IPv4-to-IPv4 NAT.&lt;/td&gt;&lt;/tr&gt;
+&lt;/tbody&gt;
+&lt;/table&gt;
+&lt;table class="docutils footnote" frame="void" id="test-aaaa" rules="none"&gt;
+&lt;colgroup&gt;&lt;col class="label" /&gt;&lt;col /&gt;&lt;/colgroup&gt;
+&lt;tbody valign="top"&gt;
+&lt;tr&gt;&lt;td class="label"&gt;&lt;a class="fn-backref" href="#footnote-reference-2"&gt;[2]&lt;/a&gt;&lt;/td&gt;&lt;td&gt;There are several more tests that do not even have the AAAA
+record, lol.&lt;/td&gt;&lt;/tr&gt;
+&lt;/tbody&gt;
+&lt;/table&gt;
+&lt;table class="docutils footnote" frame="void" id="dns-simplification" rules="none"&gt;
+&lt;colgroup&gt;&lt;col class="label" /&gt;&lt;col /&gt;&lt;/colgroup&gt;
+&lt;tbody valign="top"&gt;
+&lt;tr&gt;&lt;td class="label"&gt;&lt;a class="fn-backref" href="#footnote-reference-3"&gt;[3]&lt;/a&gt;&lt;/td&gt;&lt;td&gt;In my example, there is a single recursive DNS
+resolver external to my machine in order not to complicate it too much.
+The real deployment is often trickier.&lt;/td&gt;&lt;/tr&gt;
+&lt;/tbody&gt;
+&lt;/table&gt;
+&lt;table class="docutils footnote" frame="void" id="dns-behind-nat64" rules="none"&gt;
+&lt;colgroup&gt;&lt;col class="label" /&gt;&lt;col /&gt;&lt;/colgroup&gt;
+&lt;tbody valign="top"&gt;
+&lt;tr&gt;&lt;td class="label"&gt;&lt;a class="fn-backref" href="#footnote-reference-4"&gt;[4]&lt;/a&gt;&lt;/td&gt;&lt;td&gt;I have not yet tried to run a recursive DNS in a network
+with DNS64 and NAT64. Could be fun :-D My wild guess is that I would need
+CLAT (i.e. the full 464XLAT deployment) to make that work, since the
+resolver is connecting directly to IPv4 addresses and would need to learn to
+use NAT64 to resolve them. (The CLAT could be built right into the resolver,
+though).&lt;/td&gt;&lt;/tr&gt;
+&lt;/tbody&gt;
+&lt;/table&gt;
+&lt;/div&gt;
+</content><category term="networking"></category><category term="ipv6-only"></category><category term="dns"></category></entry></feed>
\ No newline at end of file
diff --git a/output/drafts/forgetting-dns6.html b/output/forgetting-dns6.html
similarity index 91%
rename from output/drafts/forgetting-dns6.html
rename to output/forgetting-dns6.html
index 9093c8d..d23a318 100644
--- a/output/drafts/forgetting-dns6.html
+++ b/output/forgetting-dns6.html
@@ -2,13 +2,13 @@
 <html>
 <head>
 	<meta charset=utf-8>
-	<meta name=generator content="Pelican 4.9.1">
+	<meta name=generator content="Pelican 4.8.0">
 	<meta name=author content="LEdoian">
 	<meta name=description content="My personal webpage">
 	<meta name=referrer content=no-referrer>
 
 
-	<link rel=stylesheet href="../theme/css/theme.css">
+	<link rel=stylesheet href="./theme/css/theme.css">
 
 	<title>Do not forget about IPv6 DNS – LEdoian's Blog</title>
 </head>
@@ -27,17 +27,20 @@
 <div>
 	<h2>Categories</h2>
 	<ul>
-	<li><a href="../category/talks.html">talks</a></li>
-	<li><a href="../category/technology.html">technology</a></li>
+	<li><a href="./category/networking.html">networking</a></li>
+	<li><a href="./category/talks.html">talks</a></li>
+	<li><a href="./category/technology.html">technology</a></li>
 	</ul>
 
 	<h2>Tags</h2>
 	<ul>
-	<li><a href="../tag/meta.html">meta</a></li>
-	<li><a href="../tag/infrastructure.html">infrastructure</a></li>
-	<li><a href="../tag/smrst.html">smršť</a></li>
-	<li><a href="../tag/trains.html">trains</a></li>
-	<li><a href="../tag/software-engineering.html">software-engineering</a></li>
+	<li><a href="./tag/ipv6-only.html">ipv6-only</a></li>
+	<li><a href="./tag/dns.html">dns</a></li>
+	<li><a href="./tag/meta.html">meta</a></li>
+	<li><a href="./tag/infrastructure.html">infrastructure</a></li>
+	<li><a href="./tag/smrst.html">smršť</a></li>
+	<li><a href="./tag/trains.html">trains</a></li>
+	<li><a href="./tag/software-engineering.html">software-engineering</a></li>
 	</ul>
 </div>
 <div>
@@ -59,13 +62,13 @@ requirement for the resolving even when the target is reachable using IPv6.</p>
 <h2>Quick recap</h2>
 <p>Connecting to a website is easy, right? You type in the name, you get the front page.</p>
 <div class="figure">
-<object data="../images/forgetting-dns6/image1.svg" style="width: 50%;" type="image/svg+xml"></object>
+<object data="./images/forgetting-dns6/image1.svg" style="width: 50%;" type="image/svg+xml"></object>
 <p class="caption">This is a very naïve idea of connecting to a server.</p>
 </div>
 <p>OK, it is a bit harder: the computer needs an IP address, so we need to use
 this magic box called DNS. The flow looks something like this:</p>
 <div class="figure">
-<object data="../images/forgetting-dns6/image2.svg" style="width: 50%;" type="image/svg+xml"></object>
+<object data="./images/forgetting-dns6/image2.svg" style="width: 50%;" type="image/svg+xml"></object>
 <p class="caption">Slightly better, now we at least know the machine-readable address.</p>
 </div>
 <p>And for IPv6-only everything on the picture has to have IPv6 connectivity and AAAA DNS records.</p>
@@ -78,7 +81,7 @@ are well-known protocols like NAT64 with DNS64 to do that in a standard and
 lightweight manner. <a class="footnote-reference" href="#nat44" id="footnote-reference-1">[1]</a>
 In that case, the connection looks like this:</p>
 <div class="figure">
-<object data="../images/forgetting-dns6/image3.svg" style="width: 100%;" type="image/svg+xml"></object>
+<object data="./images/forgetting-dns6/image3.svg" style="width: 100%;" type="image/svg+xml"></object>
 <p class="caption">And now we can reach the whole internet.</p>
 </div>
 <p>You might already know that you need some workaround like this to reach GitHub.
@@ -93,15 +96,16 @@ the missing piece in the puzzle, though.)</p>
 <h2>Enter DNS</h2>
 <p>Our picture has one unexplored magic box: the DNS. As per the definition (which
 I just made up and was not bothered to even fully formulate):</p>
-<p>&gt; yada yada distributed database of records attached to the strings – domain
-names. The records hold various information about the domain depending on the type.</p>
+<blockquote>
+yada yada distributed database of records attached to the strings – domain
+names. The records hold various information about the domain depending on the type.</blockquote>
 <p>There are three interesting types of records: A records give IPv4 addresses,
 AAAA give IPv6 addresses and NS give names of servers who know about the
 particular subtree of the database. And to actually resolve the final AAAA
 record the (recursive) resolver starts at the <em>root zone</em> and tries to find
 the answer. <a class="footnote-reference" href="#dns-simplification" id="footnote-reference-3">[3]</a> The resolution algorithm can be visualised like this:</p>
 <div class="figure">
-<object data="../images/forgetting-dns6/image4.svg" style="width: 100%;" type="image/svg+xml"></object>
+<object data="./images/forgetting-dns6/image4.svg" style="width: 100%;" type="image/svg+xml"></object>
 <p class="caption">Yeah, it's a mess.</p>
 </div>
 <p>There is one extra tricky bit: the NS records contain <em>names</em>, not addresses,
@@ -109,7 +113,8 @@ so when resolving we need <em>two</em> queries for each layer (very simplified):
 first we ask for the final domain (<tt class="docutils literal">blog.ledoian.cz</tt>) and get a NS record
 (when the server does not have the answer) and then we need to ask for the A or
 AAAA record of the name from that record, so that we can connect to the server
-mentioned in the NS record.</p>
+mentioned in the NS record. (This allows a nameserver to be made redundant
+and/or reside on other types of network.)</p>
 <p>You might start to see the issue. When the DNS was just a black box, we could
 paint the whole picture green and call it a day. And from the regular user's
 point of view, that is the case, just use some public DNS like 1.1.1.1, 8.8.8.8
@@ -258,7 +263,7 @@ $ dig ns0.wikimedia.org AAAA
 AAAA records. This is the case for all three nameservers. And here is the
 ultimate picture of what is happening and what goes wrong.</p>
 <div class="figure">
-<object data="../images/forgetting-dns6/image5.svg" style="width: 100%;" type="image/svg+xml"></object>
+<object data="./images/forgetting-dns6/image5.svg" style="width: 100%;" type="image/svg+xml"></object>
 <p class="caption">The breakage in action</p>
 </div>
 <p>Also note that the connection from the laptop to the DNS resolver may in fact
@@ -300,7 +305,7 @@ tree is deep and so is the resolution of this problem.</p>
 <p>We have seen there may be multiple NS records for a domain and thus
 multiple nameservers. This is good for redundancy. But this does not mean that
 the servers will have the same records – they are only supposed to give
-equivalent answers.</p>
+equivalent answers (as far as I know).</p>
 <p>I have come across a silly misconfiguration: a domain which has several
 nameservers, which serve a <em>slightly</em> different set of NS records for its
 subdomain. Specifically, the servers which were only reachable using IPv4 were
@@ -308,7 +313,7 @@ subdomain. Specifically, the servers which were only reachable using IPv4 were
 subdomain, which, incidentally, was the <em>only</em> one that was IPv6-capable.</p>
 <p>So, while all the correct records were present in DNS (somewhat/somewhere), this still
 meant that IPv6-only resolution was doomed to fail because the IPv6 nameserver
-chain was broken.</p>
+chain was broken. (This has already been fixed.)</p>
 <hr class="docutils" />
 <table class="docutils footnote" frame="void" id="nat44" rules="none">
 <colgroup><col class="label" /><col /></colgroup>
@@ -352,7 +357,7 @@ though).</td></tr>
 
 <footer>
 <hr>
-Written using Pelican 4.9.1 by LEdoian.
+Written using Pelican 4.8.0 by LEdoian.
 </footer>
 
 </body>
diff --git a/output/images/forgetting-dns6/make.sh b/output/images/forgetting-dns6/make.sh
old mode 100644
new mode 100755
diff --git a/output/index.html b/output/index.html
index 9c3db32..fe01279 100644
--- a/output/index.html
+++ b/output/index.html
@@ -2,7 +2,7 @@
 <html>
 <head>
 	<meta charset=utf-8>
-	<meta name=generator content="Pelican 4.9.1">
+	<meta name=generator content="Pelican 4.8.0">
 	<meta name=author content="LEdoian">
 	<meta name=description content="My personal webpage">
 	<meta name=referrer content=no-referrer>
@@ -27,12 +27,15 @@
 <div>
 	<h2>Categories</h2>
 	<ul>
+	<li><a href="./category/networking.html">networking</a></li>
 	<li><a href="./category/talks.html">talks</a></li>
 	<li><a href="./category/technology.html">technology</a></li>
 	</ul>
 
 	<h2>Tags</h2>
 	<ul>
+	<li><a href="./tag/ipv6-only.html">ipv6-only</a></li>
+	<li><a href="./tag/dns.html">dns</a></li>
 	<li><a href="./tag/meta.html">meta</a></li>
 	<li><a href="./tag/infrastructure.html">infrastructure</a></li>
 	<li><a href="./tag/smrst.html">smršť</a></li>
@@ -59,7 +62,7 @@ now.</p>
 
 <footer>
 <hr>
-Written using Pelican 4.9.1 by LEdoian.
+Written using Pelican 4.8.0 by LEdoian.
 </footer>
 
 </body>
diff --git a/output/smrst2023-cs.html b/output/smrst2023-cs.html
index 9199de6..46e680d 100644
--- a/output/smrst2023-cs.html
+++ b/output/smrst2023-cs.html
@@ -2,7 +2,7 @@
 <html>
 <head>
 	<meta charset=utf-8>
-	<meta name=generator content="Pelican 4.9.1">
+	<meta name=generator content="Pelican 4.8.0">
 	<meta name=author content="LEdoian">
 	<meta name=description content="My personal webpage">
 	<meta name=referrer content=no-referrer>
@@ -27,12 +27,15 @@
 <div>
 	<h2>Categories</h2>
 	<ul>
+	<li><a href="./category/networking.html">networking</a></li>
 	<li><a href="./category/talks.html">talks</a></li>
 	<li><a href="./category/technology.html">technology</a></li>
 	</ul>
 
 	<h2>Tags</h2>
 	<ul>
+	<li><a href="./tag/ipv6-only.html">ipv6-only</a></li>
+	<li><a href="./tag/dns.html">dns</a></li>
 	<li><a href="./tag/meta.html">meta</a></li>
 	<li><a href="./tag/infrastructure.html">infrastructure</a></li>
 	<li><a href="./tag/smrst.html">smršť</a></li>
@@ -66,7 +69,7 @@
 
 <footer>
 <hr>
-Written using Pelican 4.9.1 by LEdoian.
+Written using Pelican 4.8.0 by LEdoian.
 </footer>
 
 </body>
diff --git a/output/tag/dns.html b/output/tag/dns.html
new file mode 100644
index 0000000..04dc5f5
--- /dev/null
+++ b/output/tag/dns.html
@@ -0,0 +1,69 @@
+<!doctype html>
+<html>
+<head>
+	<meta charset=utf-8>
+	<meta name=generator content="Pelican 4.8.0">
+	<meta name=author content="LEdoian">
+	<meta name=description content="My personal webpage">
+	<meta name=referrer content=no-referrer>
+
+
+	<link rel=stylesheet href="../theme/css/theme.css">
+
+	<title>Tag: dns – LEdoian's Blog</title>
+</head>
+<body>
+
+<header>
+<h1>LEdoian's Blog</h1>
+</header>
+
+<div id=main>
+<nav>
+<div>
+	<!-- Main navigation -->
+	<!-- TODO! -->
+</div>
+<div>
+	<h2>Categories</h2>
+	<ul>
+	<li><a href="../category/networking.html">networking</a></li>
+	<li><a href="../category/talks.html">talks</a></li>
+	<li><a href="../category/technology.html">technology</a></li>
+	</ul>
+
+	<h2>Tags</h2>
+	<ul>
+	<li><a href="../tag/ipv6-only.html">ipv6-only</a></li>
+	<li><a href="../tag/dns.html">dns</a></li>
+	<li><a href="../tag/meta.html">meta</a></li>
+	<li><a href="../tag/infrastructure.html">infrastructure</a></li>
+	<li><a href="../tag/smrst.html">smršť</a></li>
+	<li><a href="../tag/trains.html">trains</a></li>
+	<li><a href="../tag/software-engineering.html">software-engineering</a></li>
+	</ul>
+</div>
+<div>
+	<h2>Stalk me also at</h2>
+	TODO!
+
+	<h2>I stalk</h2>
+	TODO!
+</nav>
+
+<main>
+	<div>
+<h1>Articles tagged with dns</h1>
+<ul> <li><a href="../forgetting-dns6.html">Do not forget about IPv6 DNS</a>
+</ul>
+	</div>
+</main>
+</div> <!-- #main -->
+
+<footer>
+<hr>
+Written using Pelican 4.8.0 by LEdoian.
+</footer>
+
+</body>
+</html>
diff --git a/output/tag/infrastructure.html b/output/tag/infrastructure.html
index 2dcad8d..7af446e 100644
--- a/output/tag/infrastructure.html
+++ b/output/tag/infrastructure.html
@@ -2,7 +2,7 @@
 <html>
 <head>
 	<meta charset=utf-8>
-	<meta name=generator content="Pelican 4.9.1">
+	<meta name=generator content="Pelican 4.8.0">
 	<meta name=author content="LEdoian">
 	<meta name=description content="My personal webpage">
 	<meta name=referrer content=no-referrer>
@@ -27,12 +27,15 @@
 <div>
 	<h2>Categories</h2>
 	<ul>
+	<li><a href="../category/networking.html">networking</a></li>
 	<li><a href="../category/talks.html">talks</a></li>
 	<li><a href="../category/technology.html">technology</a></li>
 	</ul>
 
 	<h2>Tags</h2>
 	<ul>
+	<li><a href="../tag/ipv6-only.html">ipv6-only</a></li>
+	<li><a href="../tag/dns.html">dns</a></li>
 	<li><a href="../tag/meta.html">meta</a></li>
 	<li><a href="../tag/infrastructure.html">infrastructure</a></li>
 	<li><a href="../tag/smrst.html">smršť</a></li>
@@ -59,7 +62,7 @@
 
 <footer>
 <hr>
-Written using Pelican 4.9.1 by LEdoian.
+Written using Pelican 4.8.0 by LEdoian.
 </footer>
 
 </body>
diff --git a/output/tag/ipv6-only.html b/output/tag/ipv6-only.html
new file mode 100644
index 0000000..a06f9a4
--- /dev/null
+++ b/output/tag/ipv6-only.html
@@ -0,0 +1,69 @@
+<!doctype html>
+<html>
+<head>
+	<meta charset=utf-8>
+	<meta name=generator content="Pelican 4.8.0">
+	<meta name=author content="LEdoian">
+	<meta name=description content="My personal webpage">
+	<meta name=referrer content=no-referrer>
+
+
+	<link rel=stylesheet href="../theme/css/theme.css">
+
+	<title>Tag: ipv6-only – LEdoian's Blog</title>
+</head>
+<body>
+
+<header>
+<h1>LEdoian's Blog</h1>
+</header>
+
+<div id=main>
+<nav>
+<div>
+	<!-- Main navigation -->
+	<!-- TODO! -->
+</div>
+<div>
+	<h2>Categories</h2>
+	<ul>
+	<li><a href="../category/networking.html">networking</a></li>
+	<li><a href="../category/talks.html">talks</a></li>
+	<li><a href="../category/technology.html">technology</a></li>
+	</ul>
+
+	<h2>Tags</h2>
+	<ul>
+	<li><a href="../tag/ipv6-only.html">ipv6-only</a></li>
+	<li><a href="../tag/dns.html">dns</a></li>
+	<li><a href="../tag/meta.html">meta</a></li>
+	<li><a href="../tag/infrastructure.html">infrastructure</a></li>
+	<li><a href="../tag/smrst.html">smršť</a></li>
+	<li><a href="../tag/trains.html">trains</a></li>
+	<li><a href="../tag/software-engineering.html">software-engineering</a></li>
+	</ul>
+</div>
+<div>
+	<h2>Stalk me also at</h2>
+	TODO!
+
+	<h2>I stalk</h2>
+	TODO!
+</nav>
+
+<main>
+	<div>
+<h1>Articles tagged with ipv6-only</h1>
+<ul> <li><a href="../forgetting-dns6.html">Do not forget about IPv6 DNS</a>
+</ul>
+	</div>
+</main>
+</div> <!-- #main -->
+
+<footer>
+<hr>
+Written using Pelican 4.8.0 by LEdoian.
+</footer>
+
+</body>
+</html>
diff --git a/output/tag/meta.html b/output/tag/meta.html
index ef2584b..02a6174 100644
--- a/output/tag/meta.html
+++ b/output/tag/meta.html
@@ -2,7 +2,7 @@
 <html>
 <head>
 	<meta charset=utf-8>
-	<meta name=generator content="Pelican 4.9.1">
+	<meta name=generator content="Pelican 4.8.0">
 	<meta name=author content="LEdoian">
 	<meta name=description content="My personal webpage">
 	<meta name=referrer content=no-referrer>
@@ -27,12 +27,15 @@
 <div>
 	<h2>Categories</h2>
 	<ul>
+	<li><a href="../category/networking.html">networking</a></li>
 	<li><a href="../category/talks.html">talks</a></li>
 	<li><a href="../category/technology.html">technology</a></li>
 	</ul>
 
 	<h2>Tags</h2>
 	<ul>
+	<li><a href="../tag/ipv6-only.html">ipv6-only</a></li>
+	<li><a href="../tag/dns.html">dns</a></li>
 	<li><a href="../tag/meta.html">meta</a></li>
 	<li><a href="../tag/infrastructure.html">infrastructure</a></li>
 	<li><a href="../tag/smrst.html">smršť</a></li>
@@ -59,7 +62,7 @@
 
 <footer>
 <hr>
-Written using Pelican 4.9.1 by LEdoian.
+Written using Pelican 4.8.0 by LEdoian.
 </footer>
 
 </body>
diff --git a/output/tag/smrst.html b/output/tag/smrst.html
index 576483a..04d9b07 100644
--- a/output/tag/smrst.html
+++ b/output/tag/smrst.html
@@ -2,7 +2,7 @@
 <html>
 <head>
 	<meta charset=utf-8>
-	<meta name=generator content="Pelican 4.9.1">
+	<meta name=generator content="Pelican 4.8.0">
 	<meta name=author content="LEdoian">
 	<meta name=description content="My personal webpage">
 	<meta name=referrer content=no-referrer>
@@ -27,12 +27,15 @@
 <div>
 	<h2>Categories</h2>
 	<ul>
+	<li><a href="../category/networking.html">networking</a></li>
 	<li><a href="../category/talks.html">talks</a></li>
 	<li><a href="../category/technology.html">technology</a></li>
 	</ul>
 
 	<h2>Tags</h2>
 	<ul>
+	<li><a href="../tag/ipv6-only.html">ipv6-only</a></li>
+	<li><a href="../tag/dns.html">dns</a></li>
 	<li><a href="../tag/meta.html">meta</a></li>
 	<li><a href="../tag/infrastructure.html">infrastructure</a></li>
 	<li><a href="../tag/smrst.html">smršť</a></li>
@@ -59,7 +62,7 @@
 
 <footer>
 <hr>
-Written using Pelican 4.9.1 by LEdoian.
+Written using Pelican 4.8.0 by LEdoian.
 </footer>
 
 </body>
diff --git a/output/tag/software-engineering.html b/output/tag/software-engineering.html
index a1b0342..0023285 100644
--- a/output/tag/software-engineering.html
+++ b/output/tag/software-engineering.html
@@ -2,7 +2,7 @@
 <html>
 <head>
 	<meta charset=utf-8>
-	<meta name=generator content="Pelican 4.9.1">
+	<meta name=generator content="Pelican 4.8.0">
 	<meta name=author content="LEdoian">
 	<meta name=description content="My personal webpage">
 	<meta name=referrer content=no-referrer>
@@ -27,12 +27,15 @@
 <div>
 	<h2>Categories</h2>
 	<ul>
+	<li><a href="../category/networking.html">networking</a></li>
 	<li><a href="../category/talks.html">talks</a></li>
 	<li><a href="../category/technology.html">technology</a></li>
 	</ul>
 
 	<h2>Tags</h2>
 	<ul>
+	<li><a href="../tag/ipv6-only.html">ipv6-only</a></li>
+	<li><a href="../tag/dns.html">dns</a></li>
 	<li><a href="../tag/meta.html">meta</a></li>
 	<li><a href="../tag/infrastructure.html">infrastructure</a></li>
 	<li><a href="../tag/smrst.html">smršť</a></li>
@@ -59,7 +62,7 @@
 
 <footer>
 <hr>
-Written using Pelican 4.9.1 by LEdoian.
+Written using Pelican 4.8.0 by LEdoian.
 </footer>
 
 </body>
diff --git a/output/tag/trains.html b/output/tag/trains.html
index 78b104d..af80389 100644
--- a/output/tag/trains.html
+++ b/output/tag/trains.html
@@ -2,7 +2,7 @@
 <html>
 <head>
 	<meta charset=utf-8>
-	<meta name=generator content="Pelican 4.9.1">
+	<meta name=generator content="Pelican 4.8.0">
 	<meta name=author content="LEdoian">
 	<meta name=description content="My personal webpage">
 	<meta name=referrer content=no-referrer>
@@ -27,12 +27,15 @@
 <div>
 	<h2>Categories</h2>
 	<ul>
+	<li><a href="../category/networking.html">networking</a></li>
 	<li><a href="../category/talks.html">talks</a></li>
 	<li><a href="../category/technology.html">technology</a></li>
 	</ul>
 
 	<h2>Tags</h2>
 	<ul>
+	<li><a href="../tag/ipv6-only.html">ipv6-only</a></li>
+	<li><a href="../tag/dns.html">dns</a></li>
 	<li><a href="../tag/meta.html">meta</a></li>
 	<li><a href="../tag/infrastructure.html">infrastructure</a></li>
 	<li><a href="../tag/smrst.html">smršť</a></li>
@@ -59,7 +62,7 @@
 
 <footer>
 <hr>
-Written using Pelican 4.9.1 by LEdoian.
+Written using Pelican 4.8.0 by LEdoian.
 </footer>
 
 </body>
diff --git a/output/tags.html b/output/tags.html
index 0ee6a42..7b20960 100644
--- a/output/tags.html
+++ b/output/tags.html
@@ -2,7 +2,7 @@
 <html>
 <head>
 	<meta charset=utf-8>
-	<meta name=generator content="Pelican 4.9.1">
+	<meta name=generator content="Pelican 4.8.0">
 	<meta name=author content="LEdoian">
 	<meta name=description content="My personal webpage">
 	<meta name=referrer content=no-referrer>
@@ -27,12 +27,15 @@
 <div>
 	<h2>Categories</h2>
 	<ul>
+	<li><a href="./category/networking.html">networking</a></li>
 	<li><a href="./category/talks.html">talks</a></li>
 	<li><a href="./category/technology.html">technology</a></li>
 	</ul>
 
 	<h2>Tags</h2>
 	<ul>
+	<li><a href="./tag/ipv6-only.html">ipv6-only</a></li>
+	<li><a href="./tag/dns.html">dns</a></li>
 	<li><a href="./tag/meta.html">meta</a></li>
 	<li><a href="./tag/infrastructure.html">infrastructure</a></li>
 	<li><a href="./tag/smrst.html">smršť</a></li>
@@ -56,7 +59,7 @@
 
 <footer>
 <hr>
-Written using Pelican 4.9.1 by LEdoian.
+Written using Pelican 4.8.0 by LEdoian.
 </footer>
 
 </body>