Re: [Cerowrt-devel] dynamic dns and ipv6 and "preferred lifetime"

[Dave Taht <dave.taht@gmail.com>]

On Mon, Oct 8, 2018 at 10:57 AM Michael Richardson <mcr@sandelman.ca> wrote:
>
>
> Dave Taht <dave.taht@gmail.com> wrote:
>     > I have a machine whose ipv6 address I'd like to register in dns. I used
>     > to use the ddns tool in openwrt to do this, but I don't think it quite
>     > does what I want.
>
>     > the ip tool now has json capability, yea, but basically I have rotating
>     > addresses that expire.
>
> You don't want to register temporary addresses, you want to turn them off.
> Publishing your super-private address in DNS makes it not private, so don't
> do that.   You want stable private addresses.
>
> You either do this in NetworkManager, or net.ipv6.conf.all.use_tempaddr = 0
>
> https://major.io/2016/04/17/enable-ipv6-privacy-networkmanager/

In general I don't use network manager, just good ole fashioned
/etc/network/interfaces
where the equivalent is

iface enp7s0 inet6 dhcp

Also it is more complicated than this in that the core machines are
multihomed, and I
do want several ipv6 addresses...

lastly, this stuff is managed in linode which (turns out) has a
painful means of assigning
a permanent ID to an address record that you have to capture by
parsing json by eyeball.

openwrt has no support for linode ddns in the ddns scripts, but I can
write that.

I never thought I'd say this, but nsupdate was much easier. And
theoretically ceres.cerowrt.org is up
now in ipv6 dns but it's not showing up across the internet even an hour later.

login=whatver
pass=noneofyourbusiness
key=thisinsanely long stream
domain=bunchonumbers # cerowrt.org
resourceid=differentbunchonumbers # ceres
# resourceid=a second id for my other interface # ceres again
device=enp7s0 # I'll end up putting this into /etc/network/rc.post_up
and in cron
# this does the right thing mostly, perhaps can filter out other stuff
address=$(ip -6 addr list scope global $device | grep -v " fd" | sed
-n 's/.*inet6 \([0-9a-f:]\+\).*/\1/p' | head -n 1)

# nosql strikes again
# find the domain id
# curl https://api.linode.com/?api_key=$key&api_action=domain.list
# find the other id
# find the resource id
# curl "https://api.linode.com/?api_key=$key&api_action=domain.resource.list&domainid=$domain"

# scribble al that down

# 3 */30 * * * * /bin/echo `/bin/date`: `/usr/bin/wget -qO-
--no-check-certificate
https://api.linode.com/?api_key=your-api-key\&api_action=domain.resource.update\&domainid=your-domain-id\&resourceid=your-resource-id\&target=[remote_addr]`
>> /var/log/linode_dyndns.log

curl "https://api.linode.com/?api_key=$key&api_action=domain.resource.update&domainid=$domain&resourceid=$resourceid&target=$address"
> /dev/null

echo $address



>     > And other stuff that also expires but is mildly painful. I can do this
>     > to show the current primaries
>
>     > ip -c -6 addr show primary | grep -A 1 2603
>
>     > and the same, so I can delete secondaries
>
>     > So I can see having a nsupdate (or linode api) script that parses this
>     > all properly and sends it "up there", or roll my own, but I was hoping
>     > for a recommendation, that does it as addresses change...
>
>
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        | network architect  [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
>


-- 

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740