Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- content:serverbasics:network-dyndns [2024/01/01 18:24] – [Check the Connection] Daniel
+++ content:serverbasics:network-dyndns [2025/02/16 10:42] (aktuell) – [Settings] Daniel
@@ Zeile 1: / Zeile 1: @@
 ====== DynDNS and IPv6 ======
-as i have been struggeling for a bit to get IPv6 Working, i am writing down, what i have experienced so far.. this guide may not be complete, so expect things not to work.
+I found out, that IPv6 is really nice - even if you are behind some firewall or router - as long as you can make them pass the packets to your host. By default most home office routers would block the packages, as otherwise every host in your local network would be completely open to the internet. This - in fact - makes it really nice to manage, as you wont need tricks to reach your host directly from out of the internet as IPv4 needs them.
 ===== Difference between IPv4 and IPv6 =====
@@ Zeile 18: / Zeile 18: @@
 I experienced, that opening the ports a some Modems, is basically possible, but still no connection could be made.
+==== Problematic Brands ====
 For example, the German Telekom does have a modem / router called "Speedport", which is generally not allowing IPv6 from the internet to pass to the local net (while IPv4 with NAT works as expected).
 So - if you did the settings at your Firewall and still you cannot curl some Adress, maybe you have the wrong modem.
+==== Settings ====
+Also check if your modem has some feature called "rebind protection". If so, you need to add ALL full names to the list of allowed services.
+e.g. add the fqdn like:
+<file>
+cname.domainname.dynv6.net
+</file>
+How the rebind protection work: DNS queries to your Router won't return the IP of the service. So if you experience, that ''dig to 8.8.8.8'' will work, but ''nslookup'' does not - check the rebind protection!
 ===== Modem Setup =====
@@ Zeile 34: / Zeile 50: @@
 There is one thing to do in your router: open the Device and the Port to be accessable from the internet. This is nearby the same as it is done at IPv4. After that, genereally the host shpuld be reachable.
+===== Security/privacy Extensions =====
+By default, your IPv6 Adress will contain the MAC of your network card, which is an unique hardware- identifier of the chip. This has the advantage, that this part of your adress is fixed in the internet an will not change, so you can always reach your device anywhere knowing this adress part - even on mobile devices that may change the adress according to the connected network.
+The opposite is, that your device can always be identified by that adress for all times - making all network traffic attached to the device directly belonging to it. So someone analysing the traffic of that adress would know exactly when and what has been done with that device. This is very poor as for privacy.
+To avoid this, your device can generate an id that will change from time to time, making it impossible to identify the device with that adress.
+To turn this on, you can add a line to ''/etc/sysctl.conf'' like:
+<code>
+sudo sysctl net.ipv6.conf.wlan0.use_tempaddr=2
+</code>
+Replace wlan0 with the name of your Device.
+After that, check if your device has an temporary adress with ''ip addr''
+*** Not finished - i have not found any docs at ddclient, how to get the interface temporary adress working, made up [[https://github.com/ddclient/ddclient/issues/651|https://github.com/ddclient/ddclient/issues/651]] ***
+For the time beeing, i will be fine using the non- private adress.
 ===== DynDNS Provider =====
-Next Step to choose is a provider for dyndns. There are many dyndns- providers out there. i chose [[https://dynv6.com|https://dynv6.com]] which seems to work fine. Registration there is done quite fast and no setup needs to be done at the providers interface.
+Next Step to choose is a provider for dyndns. There are many dyndns- providers out there - even free of charge. E.g. [[https://dynv6.com|https://dynv6.com]] which seems to work fine. Registration there is done quite fast and no setup needs to be done at the providers interface.
+The opposite of those free registries is, that you can only use a subdomain of the Top-Level domain they offer, which makes your Domain Name fixed at the end. For me personally, i have bought a domain on my own in the tld of my country (costs about 15 Euro in one Year), which i can now use.
+===== Register Subdomains =====
+After you logged into your DynDNS Provider, enable dynDNS for your IPs and add subdomains - each one for one service. If you want to acces your Portainer you created when setting up docker, e.g. use a Subdomain called
+portainer.domain.tld
+Make sure, that DynDNS is selected for that record again!
 ===== DDclient =====
@@ Zeile 81: / Zeile 128: @@
 ==== Check the Connection ====
-you may now have the IPv6 of your Device published at some adress and check this by:
+you may now have the IPv6 of your Device published at some adress and check this by digging at googles DNS for that IPV6:
 <code>
-pcserver2023:~ # nslookup obel1x.dynv6.net
+pcserver2023:~ # dig @8.8.8.8 ipa.obel1x.de AAAA
-Server:         192.168.2.1
-Address:        192.168.2.1#53
+; <<>> DiG 9.18.33 <<>> @8.8.8.8 ipa.obel1x.de AAAA
+; (1 server found)
+;; global options: +cmd
+;; Got answer:
+;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50334
+;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
+;; OPT PSEUDOSECTION:
+; EDNS: version: 0, flags:; udp: 512
+;; QUESTION SECTION:
+;ipa.obel1x.de.                 IN      AAAA
+;; ANSWER SECTION:
+ipa.obel1x.de.          60      IN      AAAA    2a00:1f:f8c1:6d01:468a:5bff:fe9f:6415
-Non-authoritative answer:
+;; Query time: 44 msec
-Name:   obel1x.dynv6.net
+;; SERVER: 8.8.8.8#53(8.8.8.8) (UDP)
-Address: 2003:c4:bf3c:c236:88a:927d:ac6:5a35
+;; WHEN: Sat Feb 08 12:49:12 CET 2025
+;; MSG SIZE  rcvd: 70
 </code>