← Back to context

Comment by morshu9001

4 days ago

The IPv6 spec was being modified up through 2017. It has more kinds of addresses that behave in fancier ways, with one host having multiple. The very first thing you see with ipv6 is your nice memorable ipv4 addr replaced with a long hex string with some ::s thrown in. Local DNS is commonly recommended with ipv6 for that reason, which maybe is just some misguided advice because it sounds crazy. I guess you could assign and memorize ULAs?

NAT is technically complicated if you're looking inside it, but most people aren't, and for them it's really easier to think about. You've got a public and a private, and there's a very strong default that private isn't exposed. People screw up firewall rules all the time or routers have bad defaults, but it takes more deliberate action to publicly expose a port over NAT. Plus you don't need privacy addresses that way (introduced to ipv6 in 2007). I know "NAT isn't security" but for most people, it is.

Still not even sure what the accepted default firewall behavior is in ipv6, cause some people say "ipv6 lets any device do p2p by its own choice" and then when you ask about security, "your router firewall should always default-deny anyway," so which one is it?

> The presence of the IPv4 stack isn't what blocks the adoption of IPv6

It is. Like they say, most technical problems are really people problems, especially this one.

5 comments

morshu9001

Reply
simoncion  4 days ago

> Local DNS is commonly recommended with ipv6 for that reason, which maybe is just some misguided advice because it sounds crazy.

Many (most?) SOHO routers already run a combined DHCP and DNS server called 'dnsmasq', which supports DHCPv6. IIRC, dnsmasq automatically adds DNS records for hosts to which it gives out a lease. Android computers don't use DHCPv6, so this won't help you access them by name, but how often do you care to directly access an Android computer?

  • morshu9001  4 days ago

    I wasn't under the impression that SOHO routers normally have DHCPv6 enabled by default. At least checked mine now and it doesn't.

    • simoncion  4 days ago

      > I wasn't under the impression that SOHO routers normally have DHCPv6 enabled by default.

      The fellow I replied to indicated that running a local DNS server on one's LAN "sounds crazy".

      My commentary was intended to indicate that it's very common in SOHO networks to already be running a DNS server that automatically adds hostname->address mappings of DHCP clients on that network. It also mentioned that DHCPv6 support is supported by the combined DHCP+DNS daemon used by many (most?) SOHO routers.

      My commentary was not intended to indicate that DHCPv6 support is on by default on many or most SOHO routers, only that it's likely to be supported, and that -if supported- it is very, very likely to put hostname->AAAA mappings of DHCPv6 clients into its DNS server, just as it adds hostname->A mappings for DHCPv4 clients.

      2 replies →