From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qt1-x834.google.com (mail-qt1-x834.google.com [IPv6:2607:f8b0:4864:20::834]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id B66A63BA8E for ; Mon, 8 Oct 2018 14:13:49 -0400 (EDT) Received: by mail-qt1-x834.google.com with SMTP id e10-v6so10848114qtq.12 for ; Mon, 08 Oct 2018 11:13:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=YMNjO/RPX6ZLapgmJdc0SEIruSp2ZF3DyS0s+7ccYTk=; b=Z9DD7/56CBpWox5EimgP1BmEelZ5kNhr0z+uQogSzG+LFdeHeKi8nhbXhtPltZPFzi TVu8TrDsI61vOKgP2V/UY+Mr5uT2HB7xvEFgKTvgPiDKaGEIr6Gasx9wf9dMNYA0VbA2 o+06w8QQS+qNJKuAH4ohw+PassudVM/AvQ0CIcXntlMdcso2z/O2qUXp8sJjZQKgQm70 dzPFgJpLEPunwBsTgS4p0+o11UYJlJs99wnfkXSRVSieyx8qgpcZxiwZKczc60vkQxGf YUVWfUbFkIXBNiJaIx2sqt5zW+a8jtWLb4jeWxj8XKxmbUC6vQM9rRAufOIlPWUs4rn3 nX8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=YMNjO/RPX6ZLapgmJdc0SEIruSp2ZF3DyS0s+7ccYTk=; b=apmc9Ma7kVGzx3NxHu8f759WnTSB9eUN8EpJGPNDRMC30pyQov0o7JXNHQgNTzbkk5 h+74U3etUaqgOiDE63HDllP9Fj0VXnfC1JR8+GQGAx22xva+cQYHBgBqr3AI6rHG5Ijq m2JtO84srvMZPXF46eelmSSqo8xGcNnKgu1IXXMDrv5a/W3JN6dY3hY2+GYReo6Bvql8 rj96/lzy85uwmAEjl+20VKhCxnTs4etXY1OATh+cQHemHRh+5kS076MfcfLtLvaC4evu BbuCpWeIGEMDxMKadEX00HyIn6gsfkCP7lHDLcKoFWVUBPxDZzXsKskr93rswHFRnsh9 aFbA== X-Gm-Message-State: ABuFfoj6yNoyPse7KXL+j16LJ0cSpu85O9S2+tNl+ER0loBCat7/t1AG 8qXqOJ2qSi7w3Ap9F3WAmbkNZj3Zix6n6dOz2540rZpV X-Google-Smtp-Source: ACcGV60phoSkz/qWpQkD8IzbuzTuPIYQYb/kF2dpaxfNIrZyuEz4wX7LF6kZVvMtefEFo8vGL539veY6iP1leVenbJs= X-Received: by 2002:a0c:c3c7:: with SMTP id p7-v6mr20201220qvi.94.1539022429215; Mon, 08 Oct 2018 11:13:49 -0700 (PDT) MIME-Version: 1.0 References: <12754.1539021436@localhost> In-Reply-To: <12754.1539021436@localhost> From: Dave Taht Date: Mon, 8 Oct 2018 11:13:36 -0700 Message-ID: To: Michael Richardson Cc: cerowrt-devel@lists.bufferbloat.net Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [Cerowrt-devel] dynamic dns and ipv6 and "preferred lifetime" X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Oct 2018 18:13:49 -0000 On Mon, Oct 8, 2018 at 10:57 AM Michael Richardson wrote= : > > > Dave Taht wrote: > > I have a machine whose ipv6 address I'd like to register in dns. I = used > > to use the ddns tool in openwrt to do this, but I don't think it qu= ite > > does what I want. > > > the ip tool now has json capability, yea, but basically I have rota= ting > > addresses that expire. > > You don't want to register temporary addresses, you want to turn them off= . > Publishing your super-private address in DNS makes it not private, so don= 't > do that. You want stable private addresses. > > You either do this in NetworkManager, or net.ipv6.conf.all.use_tempaddr = =3D 0 > > https://major.io/2016/04/17/enable-ipv6-privacy-networkmanager/ In general I don't use network manager, just good ole fashioned /etc/network/interfaces where the equivalent is iface enp7s0 inet6 dhcp Also it is more complicated than this in that the core machines are multihomed, and I do want several ipv6 addresses... lastly, this stuff is managed in linode which (turns out) has a painful means of assigning a permanent ID to an address record that you have to capture by parsing json by eyeball. openwrt has no support for linode ddns in the ddns scripts, but I can write that. I never thought I'd say this, but nsupdate was much easier. And theoretically ceres.cerowrt.org is up now in ipv6 dns but it's not showing up across the internet even an hour la= ter. login=3Dwhatver pass=3Dnoneofyourbusiness key=3Dthisinsanely long stream domain=3Dbunchonumbers # cerowrt.org resourceid=3Ddifferentbunchonumbers # ceres # resourceid=3Da second id for my other interface # ceres again device=3Denp7s0 # I'll end up putting this into /etc/network/rc.post_up and in cron # this does the right thing mostly, perhaps can filter out other stuff address=3D$(ip -6 addr list scope global $device | grep -v " fd" | sed -n 's/.*inet6 \([0-9a-f:]\+\).*/\1/p' | head -n 1) # nosql strikes again # find the domain id # curl https://api.linode.com/?api_key=3D$key&api_action=3Ddomain.list # find the other id # find the resource id # curl "https://api.linode.com/?api_key=3D$key&api_action=3Ddomain.resource= .list&domainid=3D$domain" # scribble al that down # 3 */30 * * * * /bin/echo `/bin/date`: `/usr/bin/wget -qO- --no-check-certificate https://api.linode.com/?api_key=3Dyour-api-key\&api_action=3Ddomain.resourc= e.update\&domainid=3Dyour-domain-id\&resourceid=3Dyour-resource-id\&target= =3D[remote_addr]` >> /var/log/linode_dyndns.log curl "https://api.linode.com/?api_key=3D$key&api_action=3Ddomain.resource.u= pdate&domainid=3D$domain&resourceid=3D$resourceid&target=3D$address" > /dev/null echo $address > > And other stuff that also expires but is mildly painful. I can do t= his > > to show the current primaries > > > ip -c -6 addr show primary | grep -A 1 2603 > > > and the same, so I can delete secondaries > > > So I can see having a nsupdate (or linode api) script that parses t= his > > all properly and sends it "up there", or roll my own, but I was hop= ing > > for a recommendation, that does it as addresses change... > > > -- > ] Never tell me the odds! | ipv6 mesh netwo= rks [ > ] Michael Richardson, Sandelman Software Works | network archite= ct [ > ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails= [ > --=20 Dave T=C3=A4ht CTO, TekLibre, LLC http://www.teklibre.com Tel: 1-831-205-9740