Re: IPv6 and DNS
On Tue, Jul 12, 2011 at 04:09:27PM +0100, Scott Ferguson wrote:
> Why not just use a single host file on your firewall/router? DHCP
> always seems like overkill for equipment you own.
> eg. reserve static addresses 192.168.0.2-10 for your machines,
> 192.168.10-20 for people who regularly bring machines onto your network
> (LAN parties, your mums computer when it needs fixing etc) and use DHCP
> for 192.168.0.30-40 for irregularly connected machines.
>
> I'm simplifying - you probably have at least a Green zone, which would
> we setup up similar to the above example, and an Orange for webserver/s
> - where you definitely want static addresses eg 192.168.1.2-10, and a
> Blue zone for wireless devices eg 192.168.2.2-10, with maybe
> 192.168.2.11-20 as dynamic.
> Your router/firewall would then be 192.168.0.1 for the Green gateway,
> 192.168.1.1 for the Orange, and 192.168.2.1 for the Blue.
>
> Your name resolution would be fast, the load on your DHCP server
> minimal, and pinholes and portforwarding would be simple and easy to
> maintain.
>
That as may be, my current setup works very well for me and to date has been reliable. I addition I need forward and reverse host-name lookups to function correctly across a variety of platforms which is easily achieved by running my own internal DNS with little more effort than a static hosts file which I then have to copy around a dozen machines (and spend time wondering why stuff broke when I forget one!).
>
> >>
> >> I am curious, if I wanted to translate my IPv4
> >> configuration into an IPv6 world;
> >> � * I know there's a lot of talk about IPv6's
> >> wonderful auto-configuration eliminating the need for DHCP
> >> but how does this work with a static DNS setup?
>
> Pretty much the same as the example above - just substitute an IPv6
> address. Debian is just waiting for you to feed it IPv6, ditto for
> Windows 7, not so much for OSX, dunno about your embedded devices.
>
>From what I've read the auto-configured address is NOT guaranteed to be identical each time a machine is connected to the network (e.g. turned on after being powered off for a period of time), just unique to the network at the time it is configured. While in practice IF the mac address of the NIC is used to generate the IPv6 address it may be the same, the RFC[0] simply states it will be generated from an "interface identifier" and makes specific reference to instances where the identifier is not a "hardware address" which means that although current convention seems to be to use the MAC address this is not guaranteed. If the addresses are not guaranteed to be static between connections to the network then surely a local static DNS (or, indeed, hosts file) cannot guarantee to be reliable?
[0] http://tools.ietf.org/html/rfc4862
<snip />
> >> � * In the DHCP-less world, how would clients
> >> "discover" the local DNS suffix (e.g. (fictitous)
> >> "internal.home.my.tld")?
>
> It will depend on what methods your ISP provides
>
I'm talking about DNS which exists entirely within my private network and has nothing to do with my isp. Currently my DHCP server hands out my DNS server's details and the search domain (for the sake of argument 'internal.home.my.tld). The configured clients then use my DNS for all their DNS lookups - my server is configured to be authoritative for hosts on my network, within my subdomain ('internal.home.my.tld') and for reverse lookups on 192.168.0.0/24 addresses (and on it's other subnets, but let's not over-complicate here) and forwards any other request upstream to my ISPs DNS servers. It's the DNS bit contained in my network that I'm unclear on.
> But it's really too early to determine what can be done with what the
> ISPs will provide, until the ISPs provide it.
>
> For some current real world implementations try:-
> http://ipv6.internode.on.net/configuration/
> http://ipv6.internode.on.net/access/tunnel-broker/
>
> NOTE: your region and ISPs may offer different implementations, I don't
> know how relevant the examples of Internode are as I've only compared
> them to iiNet's offerings. As discussed in another thread the big ISPs
> in my country have no plans for IPv6 in the forseeable future. As in $43
> billion for a National Broadband network that doesn't support IPv6 :-(
>
<snip />
>
> Fortunately neither of you have got to worry about that for a while :-)
> When the majority of sites and ISPs move to IPv6 it'll be dual-stacks
> and tunnels for some time - maybe not out of respect for your investment
> in dial-up modems but there's a lot of big ticket telco equipment (and
> other gear) owned by influential companies that won't natively support IPv6.
> I'd hesitantly suggest not buying IPv6 equipment until it's absolutely
> necessary - both for price and feature reasons.
Indeed, I think a lot of this is still to be figured out (there maybe a spec but how the large corporations choose to "interpret" it may have knock on impact for the rest of us). I am more interested from an experimental point of view. I am only aware of using DHCP with DNS to achieve what I currently do wrt reliable, cross-device, forward and reverse host lookups but was wondering if there was a way to take advantage of IPv6's stateless configuration to get the same end. Looking at the research I've done so far it's not looking good since the stateless addresses are not guaranteed - I found one document referring to Windows specifically randomising IPv6 addresses rather than using the MAC (no idea if this is default or configurable).
>
> Cheers
>
Thanks
Laurence
Reply to: