• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

6in4 Tunnel from a Fritz!Box Router & kind of dynDNS

Started by trepex67, July 15, 2012, 04:20:07 AM

Previous topic - Next topic

trepex67

Hello,

I am using a Fritz!Box 3270 (from the German company AVM) to establish an IPv6 Tunnel with HE.
My IPv4 Internet connection uses dynamic IP addresses.
The Fritz!Box router can be configured to use "configurable" dynDNS services.
A URL "ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=<ipaddr>&pass=<pass>&user_id=<username>&tunnel_id=123456"
works just fine.
My IPv6 connectivity works just fine.

BUT: The router wants to be really too smart. The dynDNS config _requires_ a hostname to be configured.
The router checks (after some seconds ?) if that hostname has been updated with the new IP address.
As I am not really using a real dynDNS Service, I entered a hostname from a webserver (that has a static IP).

As a result the router logs errors like (sorry, German):

Dynamic DNS-Fehler: Die Dynamic DNS-Aktualisierung war erfolgreich, anschließend trat jedoch ein Fehler bei der DNS-Auflösung auf.
Dynamic DNS-Fehler: Der angegebene Domainname kann trotz erfolgreicher Aktualisierung nicht aufgelöst werden.

translated: DNS update did work, but an error was detected in the DNS name resolution.
translated: The provided domainname could not be resolved to the dynamic IP address.

Those logs would be OK, but as a result the router also _retries_ the dynDNS update every 4 (and some more) minutes.

I opened a ticket at AVM asking them to provide some kind of "advanced config option: don't check DNS A records".

But maybe HE could also extend their service by providing a hostname that will be updated with the dynamic IP of the
tunnel endpoint. There seems to be already an AAAA record for USERNAME-2-pt.tunnel.tserv26.ber1.ipv6.he.net for
example. Maybe there is this kind of hostname and I just didn't find it mentioned somewhere.

Ralf Moritz

kcochran

Assigning a second hostname with the IPv4 address had been brought up in the past, but the additional information disclosure is just too much data to put under the public view.

trepex67

Hi kcochran,

valid argument with the disclosure of too much data.
The guys from SIXXS do it indirectly via "whois".
And it's really not much additional information - you normally use IPv4 and IPv6 together. So with the
typical xDSL config and one IPv4 address, your IPv4 address is not really a big secret.

But of course the router manufacturer should provide a solution if they really want to claim
IPv6 tunnel support with HE.

Ralf

kasperd

Quote from: kcochran on July 15, 2012, 04:26:07 AMAssigning a second hostname with the IPv4 address had been brought up in the past, but the additional information disclosure is just too much data to put under the public view.
That's only a problem if the hostname is predictable. If the hostname is randomly generated when the tunnel is registered, and is not published anywhere except from on the tunnel setup page which the user can see when he is logged in, then I don't see much disclosure.

But perhaps the desired behaviour can already be achieved by combining the HE tunnel service with the HE DNS service. I was under the impression, that would be possible, but I haven't checked on it.

Quote from: trepex67 on July 15, 2012, 10:03:22 AMBut of course the router manufacturer should provide a solution if they really want to claim
IPv6 tunnel support with HE.
I suppose it would work if you had a static IP, so their claim doesn't sound incorrect. But of course that shouldn't stop you from pushing the vendor to improve the support.

kcochran

Quote from: kasperd on July 15, 2012, 10:26:53 AMBut perhaps the desired behaviour can already be achieved by combining the HE tunnel service with the HE DNS service. I was under the impression, that would be possible, but I haven't checked on it.

That's definitely an option.  If you have your own hostname with dns.he.net, and you want to update that A record at the same time as your tunnel, you can definitely do such.  We just leave that up to the user.

trepex67

Hello,

the problem with my router is, that it can only request ONE HTTP URL.
So no HTTPS and also not two requests. I thought about setting up a URL on one of my webservers that
would trigger two outgoing HTTP requests.
First one to configure the HE tunnel endpoint
second one to update any dynDNS server.

I will have a look at the DNS service from HE.

Ralf

kasperd

Quote from: trepex67 on July 16, 2012, 12:51:11 AMthe problem with my router is, that it can only request ONE HTTP URL.
So no HTTPS and also not two requests.
You only need a single URL: http://www.tunnelbroker.net/forums/index.php?topic=2431.0

trepex67

Thanks kasperd, I overlooked that "chaining IP updates" feature when I looked at the DNS services from HE.
From reading that thread it looks like this is the solution for my problem!
When it's working, I will give the people from AVM (the router manufacturer) a hint as well.

Ralf

trepex67

It is working  :)
Thanks for everyone involved.

The procedure of creating a (sub-)domain with NS records pointing to the ns*.he.net servers however is a little bit
oversized to what I had been looking for.
Of course, that dynDNS feature is just a small extra for the whole free DNS service provided by HE.

If it would be my "setup", I would provide a special zone (maybe "dynDNS.tunnelbroker.net") where users could
get their username (trepex67.dynDNS.tunnelbroker.net) or any unused hostname configured.

So people just needing that single dynDNS hostname would not have to setup a whole (sub-)domain.
Just an idea....

But even without, a great service from HE.

Ralf