• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

A static ip

Started by gabrix, April 28, 2009, 05:48:57 AM

Previous topic - Next topic

gabrix

Hi all!
I run a small debian lenny network . I recently set a usenet server and to make my life and those of my partner peers easier i was after a static ip for my network . Until now i had a dyndns.org domain name , a dynamic domain name , and for the moment i rather keep the domain names i had untill now . 
Am i in the right place ?
If so i carry on saying i managed to get the ipv6 certificate for newbyes (  ;D great satisfaction anyway !) but i got stucked making the tunnel . I live in italy and i chose Paris as nearest , than i gave the domain name of the dnses i use , opendns . Correct ?.
I haven't managed until now to reach the link that confirm i have ipv6 enabled on my machine , i will give it an another tray , and i have added to my iptables script those iproute roules , using my IANA ips , beacuse the servers are natted , do i have to change my public dynamic ip anytime it changes anyway ? . Can i have a little explanation ?  ???  I hope i was clear Thanks !


snarked

DNS:  Not the ones you use to resolve, but the ones you supply that will host your reverse zone.

Watch for a private e-mail that I'm also sending you.  (For everyone else, I sent him here).

HE has a script somewhere for changing the "Client IPv4 address" when it is a dynamic allocation.

broquea

Quote from: gabrix on April 28, 2009, 05:48:57 AM
Hi all!
I run a small debian lenny network . I recently set a usenet server and to make my life and those of my partner peers easier i was after a static ip for my network . Until now i had a dyndns.org domain name , a dynamic domain name , and for the moment i rather keep the domain names i had untill now . 
Am i in the right place ?
keep whatever domains you want, you'll want to add AAAA records for anything you put on IPv6.

QuoteIf so i carry on saying i managed to get the ipv6 certificate for newbyes (  ;D great satisfaction anyway !) but i got stucked making the tunnel . I live in italy and i chose Paris as nearest , than i gave the domain name of the dnses i use , opendns . Correct ?.
as snarked pointed out, those are for the nameservers you want us to delegate reverse dns to for your ROUTED IPv6 blocks, not the tunnel's point to point.

QuoteI haven't managed until now to reach the link that confirm i have ipv6 enabled on my machine , i will give it an another tray , and i have added to my iptables script those iproute roules , using my IANA ips , beacuse the servers are natted , do i have to change my public dynamic ip anytime it changes anyway ? . Can i have a little explanation ?  ???  I hope i was clear Thanks !
to update your tunnel with your new IPv4 endpoint, you can:
- use scripts that other users have written
- log into the site and update it manually
- use https://ipv4.tunnelbroker.net/ipv4_end.php and possibly write your own script to use it

stc

#3
Quote from: snarked on April 28, 2009, 01:40:49 PM
DNS:  Not the ones you use to resolve, but the ones you supply that will host your reverse zone.

Watch for a private e-mail that I'm also sending you.  (For everyone else, I sent him here).

HE has a script somewhere for changing the "Client IPv4 address" when it is a dynamic allocation.

Hello,

I hear you have some good working script for dynamic IPv4 adress.

Can you share with me/?

I really need this!

Thanks


//EDIT: TO ADMIN/MOD: Something is broken with PM I think... I dont see security image code that I most enter when want send...

kristiankrohn


gabrix

Do i need to use this script on all hosts in lan or just the gateway host ?
Where/How can i verify if my tunnel is working and if i can start advertising my new static ipv6 ?
Thanks !

snarked

As noted in private e-mail, your tunnel endpoint is pingable.  You're good to go.

gabrix

Great! :)
I'm at xname.org .
This is the configuration i made
$TTL 86400 ; Default TTL
gabrix.ath.cx.          IN      SOA     ns0.xname.org.  gabrix.gabrix.ath.cx. (
                                2009043001      ; serial
                                10800   ; Refresh period
                                3600    ; Retry interval
                                604800  ; Expire time
                                10800   ; Negative caching TTL
                        )

$ORIGIN gabrix.ath.cx.
                        IN              NS              ns0.xname.org.
                        IN              NS              ns1.xname.org.
                        IN              NS              resolver1.opendns.com.
                        IN              NS              resolver2.opendns.com.
                        IN              MX      10      mail.gabrix.ath.cx.
                        IN              MX      20      remailer.gabrix.ath.cx.


It misses A records , PTR for rerverse  ???
Yes it is a primary zone . 

kristiankrohn

gabrix, I think there exists some confusion here...

ath.cx is a domain operated by DynDNS.com and I'm pretty sure that they do not allow custom NS records for their (sub)domains. It is not totally clear if this is possible using their "Custom DNS" service. I don't know if gabrix.ath.cx would count as a 'subdomain' in this case:

QuoteThese NS records are not displayed in either the Expert or Standard interface, and can not be modified in any way. However, customers can create third-level or lower NS records to delegate a specific subdomain to another set of nameservers.
[ http://www.dyndns.com/support/kb/record_types_supported_in_custom_dns_expert_interface.html#ns_record ]

In any case, you definitely do not want the OpenDNS resolvers as NS records in your zone. (Actually, pure 'resolvers' aka caching name servers should never be associated with NS records.)

Also I don't got get the point of actually creating the zone file. Doesn't XName provide a web interface for this? (I'm not familiar with their service.)

And finally: The PTR records would go into a different zone. (...x.y.z.ip6.arpa).

gabrix

#9
Ok no doubt about confusion .
Yes xname.org has an interface for custom zones .
Dyndns.org allows custom zones but they charge for this hence i don't think they will like this as you said.
I have a static ipv6 address , i don't need extra configurations , my ipv6 subnet is the following 2001:470:1f13:97a::/64 , i can start to assign this ip to my hosts :

2001:470:1f13:97a::2 for the gateway
2001:470:1f13:97a::3 let's say this is the web server static ip.
2001:470:1f13:97a::4 this for the mail server  and so on ...

Is this correct ?
???

kristiankrohn

Yes, the assigment should work this way. However I think most people would choose ...::1 for the gateway.

Make sure that you have routing enabled on the gateway: echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

gabrix

Do you mean the public interface for ::1 ? Sure forwarding is enabled!

snarked

From private e-mail, I don't think that gabrix understands what a reverse DNS zone is.  I'm trying to set him straight.

However, to assign a separate IPv6 address to each service like he wants, that means that each service must have a forward entry that's NOT a CNAME.  This means individual AAAA records (as expected), but also individual A records for each label.  ALL of the A records will be the same dynamic IPv4 address.  Does dyndns support changing them all with one command?  It seems that they use a wildcard * at the 4th label level CNAMEd to the 3rd label level, so I don't see this as necessarily working.  I think that he'll have to assign a single IPv6 address to his label and primary machine.  His other machines can have IPv6 addresses (with resolving reverse lookups), but no forward name->IPv6 lookup under his existing zone.

I think that his only alternative is to get his own domain.  I suggested that he use xname.org (a free DNS provider) for his reverse IPv6 zone because it is geographically near him.  It also supports dynamic IP updates for forward zones.

gabrix

I'm back  ??? on the ipv6 .
I was seeing the perl script updater and i have run in the following issues , this is my  actual config:

        'autodev'               => 1,         
        'extdev'                => 'eth0',       
        'tnldev0'               => 'sit0',     
        'tnldev1'               => 'sit1',     
        'behindnat'             => 1,           
        'autonat'               => 1,           
        'staticip'              => '',       
         'username'              => 'gabrix',   
        'clearpassword'         => '',         
        'password'              => 'md5md5md5md5md5',       
        'tunnelid'              => 2426,       
        'updatens'              => 0,           
        'ns1'                   => 'ns1.he.net',             
        'ns2'                   => 'ns2.he.net',
        'ns3'                   => 'ns3.he.net',
        'verbose'               => 1,     
        'trycount'              => 3,           
        'proxy'                 => '',     
        'config_int'            => 0,         
        'loadmod'               => 0,         
        'remote'                => '216.66.84.42',         
        'local'                 => '79.43.149.69',           
        'remote-ipv6'           => '2001:470:1f12:9a4::1/64',           
        'local-ipv6'            => '2001:470:1f12:9a4::2/64 ',       
        'routed-48'             => '2001:470:c9df::/48',       
        'routed-64'             => '2001:470:1f13:9a4::/64 ',           
        'rdns1'                 => 'ns1.he.net',               
        'rdns2'                 => 'ns1.he.net',               
        'rdns3'                 => 'ns1.he.net',

i have configured my thunnel with paris tunnelbroker server , i get as output of the above:

tunnelbroker-update version 0.10 (2008-03-10)
Running under: Linux
Getting local ip
Using http://www.whatismyip.com/ to determine localip!
Use of uninitialized value $localip in concatenation (.) or string at /usr/local/bin/tunnelbroker-update-0.10_pl line 223.
Checking to make sure  is not LAN IP...
Use of uninitialized value $localip in pattern match (m//) at /usr/local/bin/tunnelbroker-update-0.10_pl line 224.
Use of uninitialized value $localip in pattern match (m//) at /usr/local/bin/tunnelbroker-update-0.10_pl line 224.
Use of uninitialized value $localip in pattern match (m//) at /usr/local/bin/tunnelbroker-update-0.10_pl line 224.
Local Settings:
Use of uninitialized value $localip in concatenation (.) or string at /usr/local/bin/tunnelbroker-update-0.10_pl line 244.
Local   eth :
Local   sit0 : 127.0.0.1
Local   sit1 : DOWN
creating new session... done
initialising session... done
login and get current settings... done
Couldn't find Local   IPv4
Couldn't find Remote  IPv4
Couldn't find Remote  IPv6
Couldn't find Local   IPv6
Couldn't find Routed  /48
Couldn't find Routed  /64
Couldn't find RDNS NS 1
Couldn't find RDNS NS 2
Couldn't find RDNS NS 3
Current Server Settings:
Local   IPv4 : 79.43.149.69
Remote  IPv4 : 216.66.84.42
Remote  IPv6 : 2001:470:1f12:9a4::1/64
Local   IPv6 : 2001:470:1f12:9a4::2/64
Routed  /48  : 2001:470:c9df::/48
Routed  /64  : 2001:470:1f13:9a4::/64
RDNS NS 1    : ns1.he.net
RDNS NS 2    : ns1.he.net
RDNS NS 3    : ns1.he.net
Use of uninitialized value $localip in string ne at /usr/local/bin/tunnelbroker-update-0.10_pl line 279.
update ipv4 end... Use of uninitialized value $localip in concatenation (.) or string at /usr/local/bin/tunnelbroker-update-0.10_pl line 290.
Use of uninitialized value $msg in concatenation (.) or string at /usr/local/bin/tunnelbroker-update-0.10_pl line 300.
done:
Use of uninitialized value $msg in string eq at /usr/local/bin/tunnelbroker-update-0.10_pl line 302.
name servers already configured or auto-configuration disabled, skipped
config changed, get tunnel details... done
Couldn't find Local   IPv4
Couldn't find Remote  IPv4
Couldn't find Remote  IPv6
Couldn't find Local   IPv6
Couldn't find Routed  /48
Couldn't find Routed  /64
Couldn't find RDNS NS 1
Couldn't find RDNS NS 2
Couldn't find RDNS NS 3
Current Server Settings:
Local   IPv4 : 79.43.149.69
Remote  IPv4 : 216.66.84.42
Remote  IPv6 : 2001:470:1f12:9a4::1/64
Local   IPv6 : 2001:470:1f12:9a4::2/64
Routed  /48  : 2001:470:c9df::/48
Routed  /64  : 2001:470:1f13:9a4::/64
RDNS NS 1    : ns1.he.net
RDNS NS 2    : ns1.he.net
RDNS NS 3    : ns1.he.net
logout... done
local interface eth already configured or auto-configuration disabled, skipped

It's not working because the whatismyip.com ipv4 resolver is not working

Using http://www.whatismyip.com/ to determine localip!
Use of uninitialized value $localip in concatenation (.) or string

Why the above ?

snarked

Quote'ns1'                   => 'ns1.he.net',             
        'ns2'                   => 'ns2.he.net',
        'ns3'                   => 'ns3.he.net',
I've told you this is WRONG.  It should be the Xname servers (as this is for your IPv6 reverse zone).  Also, unless you're doing something I don't know about, you don't need BOTH a routed /48 and a routed /64.  Everything I told you regarded the routed /64.


As for $localip, that should be the same as "local", so I don't know what's happening there.  As you know, I don't deal with dynamic IP, so someone else will have to help you with the script.