From owner-freebsd-net@freebsd.org Fri Jun 2 08:56:47 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5AE1BBF2ED2 for ; Fri, 2 Jun 2017 08:56:47 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:c4ea:bd49:619b:6cb3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id E3F6B80300 for ; Fri, 2 Jun 2017 08:56:46 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from ox-dell39.ox.adestra.com (unknown [85.199.232.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 1057537F3 for ; Fri, 2 Jun 2017 08:56:44 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=FreeBSD.org Authentication-Results: smtp.infracaninophile.co.uk/1057537F3; dkim=none; dkim-atps=neutral Subject: Re: Ipv6 / DNS questions To: freebsd-net@freebsd.org References: <759e086e-e6c3-3b3a-1578-834af5adce0d@denninger.net> From: Matthew Seaman Message-ID: <7b0eda86-34d3-9bf7-df5f-45060a956942@freebsd.org> Date: Fri, 2 Jun 2017 09:56:28 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1 MIME-Version: 1.0 In-Reply-To: <759e086e-e6c3-3b3a-1578-834af5adce0d@denninger.net> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="BsQ36w94oJ5Rk4M9h2fA0ahX020KUwVAV" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Jun 2017 08:56:47 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --BsQ36w94oJ5Rk4M9h2fA0ahX020KUwVAV Content-Type: multipart/mixed; boundary="6JqjUNsLXjU8bKUtuiee5FOqbQ4E3acI0"; protected-headers="v1" From: Matthew Seaman To: freebsd-net@freebsd.org Message-ID: <7b0eda86-34d3-9bf7-df5f-45060a956942@freebsd.org> Subject: Re: Ipv6 / DNS questions References: <759e086e-e6c3-3b3a-1578-834af5adce0d@denninger.net> In-Reply-To: <759e086e-e6c3-3b3a-1578-834af5adce0d@denninger.net> --6JqjUNsLXjU8bKUtuiee5FOqbQ4E3acI0 Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: quoted-printable On 06/02/17 02:49, Karl Denninger wrote: > Is there a dynamic DNS update method associated with Ipv6's address > assignment system? Since the assignment is "stateless" it obviously > (and does, in my experience!) move. I can deal with it via a couple of= > shell scripts, and there are only a couple of hosts where it matters, > but this would dramatically simplify the IPv4 gameplaying that's > necessary to have something behind a gateway router while on a "globall= y > visible", but possibly changing "at whim", IpV6 address. Assuming that you always get the same /64 assigned to your gateway, then the address SLAAC assigns to your server will be constant so long as you're on the same hardware, since the SLAAC address is generated from the network prefix and the MAC address of the NIC. In that case, it often suffices to update the DNS manually. If that doesn't work for you, then while there isn't a DNS update mechanism built into SLAAC, there is one in DHCP6. That relies on the dhcp server being able to make dynamic DNS updates via nsupdate(1). Of course, if you have all the keys etc. set up to be able to use nsupdate(1) you could fairly easily add a 'dns-update' rc script on your host to push the hosts' IPv6 address into the DNS. The other fairly common approach would be to use a network configuration system like ansible or puppet that can gather facts about a machine (such as the IPv6 address) write them into a DNS zone file. Cheers, Matthew --6JqjUNsLXjU8bKUtuiee5FOqbQ4E3acI0-- --BsQ36w94oJ5Rk4M9h2fA0ahX020KUwVAV Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEGfFU7L8RLlBUTj8wAFE/EOCp5OcFAlkxKDwACgkQAFE/EOCp 5OfzMxAAmpU60yn3tJbwPCZURvAcf9G1DSFv82kpmfcRL11giFmlVXoeo8CrjPFY 6Mj3gt7f6iLsgK/egJUotxQjDMySbmmoPXN8uREgQAoXKLOY0eqCSmyiKiWBJBa2 i3yBG0vkCkmpTRlwdvvqqhIlnyD0kP32DC2Gn2G+XN14RcKeJD9Fl9A26yP6KOm5 78zFI1t10MZS+kPNh2AieCY4zytu0wLThC59Hi1r2KUdVPNB10CsY79g0BtBL7fY 5HlDfiSbtO+OT6hWVzSukFRawjoILWIeHyT6WjS4JK2bZ/g2ju6AvI8KlmDg3dS1 ERgU/dHJqPsU8iv+DzI3kfpvqShGSEj1PY8ppP7eFPujFsx00J5KOt3TR15Rn6lc VQjhpc9W9bfmaNqbMPvt6Qj6io1QsvSyx/+NmfVcpgwlPFdpaaZXQsujktfi0hs5 bjsHGoie+h6AlCeLWG1dg8fdnQGiAbv9t2omEpeNp946/qCbe/LOeVe+hmKs82uc D3Y2xBPhJLP8+fhls9rArDlIy3RCIajlSDsLf/yjdh+4rvoIRGY1fwTxVmcbqmga ARwBXItHt7qEXqnfWHfm1CGA3J3RN9OYyE8WxsDrZtKtO406BhdRjAf3S0PDtZtZ FwDyFWYE4/SwSyc8zqT3DgAkBf7KPhSubcuPfQdRxMF5cLpuB9Q= =WZH8 -----END PGP SIGNATURE----- --BsQ36w94oJ5Rk4M9h2fA0ahX020KUwVAV--