[Info-vax] Still no IPSEC for TCP/IP services?

glen herrmannsfeldt gah at ugcs.caltech.edu
Tue May 22 14:15:33 EDT 2012 

Dirk Munk <munk at home.nl> wrote:

(snip)
> Yes of course DNS for IPv6 exists, that's not the point. 
> And by the way I'm using it. But how do you want to populate 
> DNS with the equipment in your home? I suppose you have a 
> router at home. 

I have had DNS on my home net since it had about three hosts,
in about 1992. 

> Only the IP address of the WAN port of that router is known 
> to the internet and will have some cryptic DNS name from 
> your ISP. 

If you have an actual domain name, and a non-routed internal net,
it is usual to run split DNS. The DNS on the internal net knows
about internal names and addresses. For any name it doesn't know,
it will ask the next level (usually ISP) nameserver. Everything
works just fine. 

> You may have added a more understandable alias name like 
> johnny.dyndns.org , and your router will make sure that 
> this alias is always kept updated with the present IP address 
> of the router. But how and where do you want to add entries 
> for the devices on your home LAN? 

I have a name that outside only has an e-mail address, so I can
use as a domain name on the internal net without worry. 

If you choose a domain, and run in internal DNS with it, the
only possible loss is access to an actual outside site with
that name. (Do be sure that there are no leaks, though.)

The above is all for IPv4. 

> And which devices do you want to make public? And which IPv6 
> addresses do you want to use? It has been suggested that you use 
> Unique Local Addresses (fd00:) on your internal LAN (and DNS) and 
> Global addresses (2001: etc.) if the device has to be reached from 
> the internet. So a device can be reached with two addresses and 
> maybe DNS names at the same. And yes, I know a device can have 
> many IPv6 addresses.

If you already run a local IPv4 DNS, it isn't much more to do
it for IPv6. My local DNS now has about 16 entries for my home
net, plus dhcp??? entries for the dhcp assigned addresses.
(Not all such hosts are on all the time, though.)

-- glen

More information about the Info-vax mailing list