[Info-vax] implementing IPv6 on the internet
John E. Malmberg
wb8tyw at qsl.net_work
Tue Sep 20 08:45:35 EDT 2016
On 9/20/2016 4:47 AM, Dirk Munk wrote:
> This contribution is not about VMS, it is about IPv6 and the way it is
> introduced.
<snip>
> That IPv4 address usually will also have some cryptic DNS name attached
> to it, but since the address will be dynamic, the DNS name will also be
> dynamic. To overcome this problem, you may register your router with a
> DNS name of your liking at a dynamic DNS organisation like Dyndns. Your
> router will take care that its WAN address is kept up to date at that
> organization. However that DNS name is always an alias. Reversed name
> lookup (address > DNS name) will never show the DNS name you choose, it
> will always show the cryptic DNS name of your ISP. After all he DNS
> server of your ISP is the authoritative name server for that address
> space, not the name server of your dynamic DNS organization.
>
> If you want to reach a device on your LAN from the internet, you address
> a certain port number on the WAN address of your router, and by means of
> port forwarding it will be translated to an IP address and port number
> on your LAN. You will all be familiar with this concept.
And every residential ISP I have had in the last 20 years in the U.S.
has a Terms Of Service (TOS) absolutely prohibiting this type of access.
And of those residential ISPs that also offer commercial service, the
main difference in the TOS is that they allocate more e-mail addresses
for a higher fee. All public servers must either be rented from the ISP
or another external service.
Maybe it is different in your part of the world.
A lot of people in the U.S. ignore the TOS and use the dyndns servers,
which risks their ISP disconnecting them. And in many parts of the U.S.
there is only one broadband ISP available.
That is pretty much the case for anyone that is not in a major city.
> With IPv6 things are very different. First of all there are three kind
> of IPv6 addresses (actually there are more). The first is the Link Local
> address, it is present on very IPv6 enabled interface, whether or not
> there is an actual IPv6 network present. It starts with fe80:: , and
> these are non-routable addresses. Then we have the global IPv6 address,
> it often starts with something like 2001:: . And then we have the
> Unique Local Addresses (ULA), they can be seen as the IPv6 equivalent of
> IPv4 private addresses. They start with something like fd00:: .
>
> Every device on your LAN will get at least one global IPv6 address. That
> address will be used on the internet. If you want to reach that device
> from the internet, you will have to use that IPv6 address, not the IPv6
> address of the WAN port of your router. It should also have a DNS name.
> In fact it is good practice that every IP address on the internet has a
> DNS name. That means every global IPv6 address (all IPv6 capable devices
> on your LAN) should be registered with a DNS name at some DNS server.
>
> Which DNS server should that be? Very simple, the DNS server of your
> ISP. It is the authoritative name server for that address space. Every
> consumer should get his own (sub)domain there, and your router will be
> responsible for adding the addresses and DNS names, that is the general
> idea. You don’t want address spoofing etc, so it has to be done in a
> very secure way.
<snip>
Again, since most of the the U.S. residential ISPs do not want to allow
such access, it is unlikely that they are going to allow DNS
registration of my local IP addresses.
> The ideas are there, but nothing has been defined in RFC’s yet. You
> can not buy any router that can do this, no ISP is prepared for this
> massive task. And yet we are implementing IPv6 with consumers right
> now, wonderful isn’t it?
So for me and probably the majority of residential / small business
users in the U.S., this feature of IP V6 will never be able to be used
regardless of what ends up in the RFCs.
The U.S. ISPs are not only not preparing for this, they are opposed to
allowing that type of access, and they have put this in writing of the
ToS document that most people do not read.
These are the same ISPs that used to have a TOS that prohibited home
routers for a long time unless you rented it from them.
To change this would probably require either federal regulation or a
strong threat of federal regulation. And based on the past history of
that, it looks like the residential ISPs currently have the upper hand
in the lobbying, so even that is unlikely.
Current practice of the IofT is for the device to contact a server in
the cloud at a known name.
Regards,
-John
wb8tyw at qsl.net_work
More information about the Info-vax
mailing list