From owner-freebsd-net@freebsd.org  Fri Jun  2 11:38:14 2017
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C234BF5F84
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Fri,  2 Jun 2017 11:38:14 +0000 (UTC)
 (envelope-from matthew@FreeBSD.org)
Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk
 [81.2.117.100])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "smtp.infracaninophile.co.uk",
 Issuer "infracaninophile.co.uk" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 857D884DD5;
 Fri,  2 Jun 2017 11:38:13 +0000 (UTC)
 (envelope-from matthew@FreeBSD.org)
Received: from host-4-75.office.adestra.com (unknown [85.199.232.226])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 (Authenticated sender: m.seaman@infracaninophile.co.uk)
 by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 6F0463823;
 Fri,  2 Jun 2017 11:38:11 +0000 (UTC)
Authentication-Results: smtp.infracaninophile.co.uk;
 dmarc=none header.from=FreeBSD.org
Authentication-Results: smtp.infracaninophile.co.uk/6F0463823; dkim=none;
 dkim-atps=neutral
Subject: Re: Ipv6 / DNS questions
To: Gary Palmer <gpalmer@freebsd.org>
References: <759e086e-e6c3-3b3a-1578-834af5adce0d@denninger.net>
 <7b0eda86-34d3-9bf7-df5f-45060a956942@freebsd.org>
 <20170602113010.GA74033@in-addr.com>
Cc: freebsd-net@freebsd.org
From: Matthew Seaman <matthew@FreeBSD.org>
Message-ID: <a82571bb-8027-8cb5-37d5-b82051b9b671@FreeBSD.org>
Date: Fri, 2 Jun 2017 12:38:04 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0)
 Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <20170602113010.GA74033@in-addr.com>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="cuxcoPCk6PCALLeMI2BmJgh3kaKup03aJ"
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jun 2017 11:38:14 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--cuxcoPCk6PCALLeMI2BmJgh3kaKup03aJ
Content-Type: multipart/mixed; boundary="JggAtEjsus8JWJJf5nwXIH8fmDxEaobOi";
 protected-headers="v1"
From: Matthew Seaman <matthew@FreeBSD.org>
To: Gary Palmer <gpalmer@freebsd.org>
Cc: freebsd-net@freebsd.org
Message-ID: <a82571bb-8027-8cb5-37d5-b82051b9b671@FreeBSD.org>
Subject: Re: Ipv6 / DNS questions
References: <759e086e-e6c3-3b3a-1578-834af5adce0d@denninger.net>
 <7b0eda86-34d3-9bf7-df5f-45060a956942@freebsd.org>
 <20170602113010.GA74033@in-addr.com>
In-Reply-To: <20170602113010.GA74033@in-addr.com>

--JggAtEjsus8JWJJf5nwXIH8fmDxEaobOi
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 2017/06/02 12:30, Gary Palmer wrote:
>> Assuming that you always get the same /64 assigned to your gateway, th=
en
>> the address SLAAC assigns to your server will be constant so long as
>> you're on the same hardware, since the SLAAC address is generated from=

>> the network prefix and the MAC address of the NIC.  In that case, it
>> often suffices to update the DNS manually.

> Only if
>=20
> ipv6_privacy=3D"YES"
>=20
> is not set.

Ah, but ipv6_privacy is intended for use on personal laptops and other
devices where you'ld prefer not to have your MAC address available as a
tracking cookie when acting as a web client.

It's not intended for use on a web server.  Even if you do turn it on
IIRC the effect is to add alias IPs on that network interface, alongside
the standard address that SLAAC would generate anyhow.

	Cheers,

	Matthew



--JggAtEjsus8JWJJf5nwXIH8fmDxEaobOi--

--cuxcoPCk6PCALLeMI2BmJgh3kaKup03aJ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQJ8BAEBCgBmBQJZMU4iXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw
MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnIBEP/3kxRmcVIdJu49YO49zXEcR5
KOnJT+8AV3XeAzEyUx+KaAd9PVNiQWaT1XOJZuD3Y/jU8Tsp/HZllfnScYEB4ko6
QlLiOYT23aO1oq00G0VEQA7lTsftbLdBzFgXin056VS56yMAwUiY4R35v/zo9t0S
bnjhmiP8P8trJgrsYOlSp7vgld+N6XL6zscj/MKI+4SYqNcb2Q1Y2tA/5IJrWYle
VI8VR3VK+Zt36yabWYnYz48dlH9hozCs3zIeLS0hw/KRyMXxoz5u9GCXOzlCxEBu
OlyGho27AuEBYa0zJKqGrgpPP6oFSSAVKjk35wb/AVpNiuk2bkQ9UITvvHXecoZW
bEZxDsoQUbaMQ4S3XzH1lwf2phheen7UOPKJh3gd69RsPK8fYSNiEB1ulnLh4KIK
YBc8hIP5YawW3OBPiCmFidjuhKXHFltceWKLPjg7pkRh/zRipCoII5G/GFbWCe2i
C2a3rECkOjS3ennL3HYlWgSTKY1W5i2roKnoXLojoILTZGOLSOAvb9wRNnbSW1GJ
kJcFX41ARF3qSsU5wkBSAFFd0GRsPZJGwRg2R6PbDeEMsm/p0ufDa08ii2wIq68N
bjSEtpQ+o0BwP9Mz0jYLHndvNx5D+OwCa23Q2jYhZeyYLH3mgHptTV0S8V8559qA
0+o11xv+ZIKN5u6jo9Ir
=Nq19
-----END PGP SIGNATURE-----

--cuxcoPCk6PCALLeMI2BmJgh3kaKup03aJ--