From owner-freebsd-net@freebsd.org Fri Jun 2 12:38:19 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 88F8CBF720C for ; Fri, 2 Jun 2017 12:38:19 +0000 (UTC) (envelope-from Mark.Martinec+freebsd@ijs.si) Received: from mail.ijs.si (mail.ijs.si [IPv6:2001:1470:ff80::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3E734C2B; Fri, 2 Jun 2017 12:38:19 +0000 (UTC) (envelope-from Mark.Martinec+freebsd@ijs.si) Received: from amavis-ori.ijs.si (localhost [IPv6:::1]) (using TLSv1.2 with cipher DHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.ijs.si (Postfix) with ESMTPS id 3wfNzX2NQBzSX; Fri, 2 Jun 2017 14:38:16 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ijs.si; h= user-agent:message-id:references:in-reply-to:organization :subject:subject:from:from:date:date:content-transfer-encoding :content-type:content-type:mime-version:received:received :received:received; s=jakla4; t=1496407091; x=1498999092; bh=TNQ /gA8L9LPETHyumHznd2geiyGMqe4VmgGjutAlTC4=; b=Wg0VahLWeb8+h37SQMa ySID2+qfwLBx2Bw5fct3RHTnJc5Ul4eKRZXJv1Qo0C7moa+qeGw+/0aQnVuYm+Ot XipqfqxssrqozeldiuTWA5daWy7Rona215Ltcpg7SECIYQd4DsUi4BdgA+TuT/g9 +G6X59Ew307wSGAHGEx66GXc= X-Virus-Scanned: amavisd-new at ijs.si Received: from mail.ijs.si ([IPv6:::1]) by amavis-ori.ijs.si (mail.ijs.si [IPv6:::1]) (amavisd-new, port 10026) with LMTP id XVTXAOYS0if8; Fri, 2 Jun 2017 14:38:11 +0200 (CEST) Received: from mildred.ijs.si (mailbox.ijs.si [IPv6:2001:1470:ff80::143:1]) by mail.ijs.si (Postfix) with ESMTP id 3wfNzR66Z0zSS; Fri, 2 Jun 2017 14:38:11 +0200 (CEST) Received: from nabiralnik.ijs.si (nabiralnik.ijs.si [IPv6:2001:1470:ff80::80:16]) by mildred.ijs.si (Postfix) with ESMTP id 3wfNzR5sVdz10l; Fri, 2 Jun 2017 14:38:11 +0200 (CEST) Received: from neli.ijs.si (2001:1470:ff80:88:21c:c0ff:feb1:8c91) by nabiralnik.ijs.si with HTTP (HTTP/1.1 POST); Fri, 02 Jun 2017 14:38:11 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Fri, 02 Jun 2017 14:38:11 +0200 From: Mark Martinec To: freebsd-net@freebsd.org Cc: Gary Palmer , Matthew Seaman Subject: Re: Ipv6 / DNS questions Organization: Jozef Stefan Institute In-Reply-To: References: <759e086e-e6c3-3b3a-1578-834af5adce0d@denninger.net> <7b0eda86-34d3-9bf7-df5f-45060a956942@freebsd.org> <20170602113010.GA74033@in-addr.com> Message-ID: <1c7e8836f1df2f95a8a7ce8a903ddfa5@ijs.si> X-Sender: Mark.Martinec+freebsd@ijs.si User-Agent: Roundcube Webmail/1.2.4 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Jun 2017 12:38:19 -0000 I wish FreeBSD would adopt the dhcpcd daemon from the NetBSD project (2-clause BSD license) as a standard DHCP client for IPv4 and IPv6, as some other OSes have done by now. It is currently available in FreeBSD ports as net/dhcpcd. Among other features it supports RFC 7217, i.e. stable privacy address, which should be as easy to configure in FreeBSD as is now the (mostly undesirable) ipv6_privacy="YES", but is currently much too complicated for an average user. Mark 2017-06-02 13:38, Matthew Seaman wrote: > On 2017/06/02 12:30, Gary Palmer wrote: >>> Assuming that you always get the same /64 assigned to your gateway, >>> then >>> the address SLAAC assigns to your server will be constant so long as >>> you're on the same hardware, since the SLAAC address is generated >>> from >>> the network prefix and the MAC address of the NIC. In that case, it >>> often suffices to update the DNS manually. > >> Only if >> ipv6_privacy="YES" >> is not set. > > Ah, but ipv6_privacy is intended for use on personal laptops and other > devices where you'ld prefer not to have your MAC address available as a > tracking cookie when acting as a web client. > > It's not intended for use on a web server. Even if you do turn it on > IIRC the effect is to add alias IPs on that network interface, > alongside > the standard address that SLAAC would generate anyhow. > Cheers, > Matthew