• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Forward thinking (working around isps with stupid ipv6 polecys)

Started by sttun, February 05, 2012, 09:18:49 AM

Previous topic - Next topic

sttun

I got good/bad (rely mixed) news from mu isp recently IPv6 will be rolled out next yeer and residential consumers will  get a /56 t(this was the good part)  but it will be dynamic and no deligation of rdns(the bad part). So that got me thinking : when people get stuck on dynamic ipv6 (and uncooperative isps and litle chamce of getting a pi allocation from a rir) There will be people (including me) that wold like to get static adresses (probably via a 6in6 tunnel)
So my question is : Will he be providing such a service (even a payed service) that wold provide  a routed /56 or /48?

Revisions
1: changed /54 to /56 (typo) 2012.02.03 20:49 CET

kasperd

I'm wondering if the ISPs really think it is easier to use dynamic addresses than static addresses. Won't they end up needing to keep track of which customer had which address at which point in time? If so, then it might be simpler to just keep the assignments static.

What do they intend to do with RDNS? Are they going to be synthesizing PTR records for every IPv6 address that is thrown at their DNS server? Or do they intend to have RDNS not resolve at all?

I was recently looking at some of the efforts in opportunistic encryption, and noticed that some of this relies on putting additional records in the RDNS zone. Does this mean that you will miss out on potential security improvements if you cannot control RDNS yourself?

sttun

According to the guy I talked to at my isp (I actually work there)  they have to manage static assignments manually but apparently the DHCOv6 prefix deligations does not need management ???? . Am I the only one that finds this strange, or is this simply a case of management frameworks and tools not being ready?

snarked

My local policy is to deny access to incoming connections to my colocated server that lack rDNS entries.  There is way too much abuse coming from such hosts, especially via IPv4.  I see no reason to relax that for IPv6 addresses, and as such, I refuse to provide information (primarily SMTP and HTTP) to such as well as IPv4 that lack proper configuration.

IPv6 reverse DNS could easily be handled by a wildcard record that stops short of all 32 IPv6 digits in combination with a forward lookup using an A6 prefix record.  This is why the A6 record type should not have been deprecated.  How this would be used is that one generic DNS label would cover a range (i.e. subnet) of IPv6 addresses unlike where a specific virtual generic name covers a single IPv4 address today.

cconn


kasperd

Quote from: cconn on February 06, 2012, 09:35:53 AM/54?  why would they do that.  Is that a typo?
That could very well be a typo. More likely it would be a /56 or a /64. It certainly does make a difference whether they are giving users a /56 or a /64.