From owner-freebsd-net@freebsd.org Fri Jun 2 11:30:12 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 680E6BF5CDC for ; Fri, 2 Jun 2017 11:30:12 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from mail.in-addr.com (mail.in-addr.com [IPv6:2a01:4f8:191:61e8::2525:2525]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 359CA848F3; Fri, 2 Jun 2017 11:30:12 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from gjp by mail.in-addr.com with local (Exim 4.89 (FreeBSD)) (envelope-from ) id 1dGkmQ-0008p3-EH; Fri, 02 Jun 2017 12:30:10 +0100 Date: Fri, 2 Jun 2017 12:30:10 +0100 From: Gary Palmer To: Matthew Seaman Cc: freebsd-net@freebsd.org Subject: Re: Ipv6 / DNS questions Message-ID: <20170602113010.GA74033@in-addr.com> References: <759e086e-e6c3-3b3a-1578-834af5adce0d@denninger.net> <7b0eda86-34d3-9bf7-df5f-45060a956942@freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7b0eda86-34d3-9bf7-df5f-45060a956942@freebsd.org> X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: gpalmer@freebsd.org X-SA-Exim-Scanned: No (on mail.in-addr.com); SAEximRunCond expanded to false X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Jun 2017 11:30:12 -0000 On Fri, Jun 02, 2017 at 09:56:28AM +0100, Matthew Seaman wrote: > On 06/02/17 02:49, Karl Denninger wrote: > > Is there a dynamic DNS update method associated with Ipv6's address > > assignment system? Since the assignment is "stateless" it obviously > > (and does, in my experience!) move. I can deal with it via a couple of > > shell scripts, and there are only a couple of hosts where it matters, > > but this would dramatically simplify the IPv4 gameplaying that's > > necessary to have something behind a gateway router while on a "globally > > visible", but possibly changing "at whim", IpV6 address. > > Assuming that you always get the same /64 assigned to your gateway, then > the address SLAAC assigns to your server will be constant so long as > you're on the same hardware, since the SLAAC address is generated from > the network prefix and the MAC address of the NIC. In that case, it > often suffices to update the DNS manually. Only if ipv6_privacy="YES" is not set. Regards, Gary > > If that doesn't work for you, then while there isn't a DNS update > mechanism built into SLAAC, there is one in DHCP6. That relies on the > dhcp server being able to make dynamic DNS updates via nsupdate(1). Of > course, if you have all the keys etc. set up to be able to use > nsupdate(1) you could fairly easily add a 'dns-update' rc script on your > host to push the hosts' IPv6 address into the DNS. > > The other fairly common approach would be to use a network configuration > system like ansible or puppet that can gather facts about a machine > (such as the IPv6 address) write them into a DNS zone file. > > Cheers, > > Matthew >