No IPv6 on WAN interface, but IPv6 works direct to workstation

dwsummers

I've been using COX IPv6 ever since they turned it on 3-4 years ago.

They give a WAN IPv6 GUA address.

By default they only give a /64 (1 subnet) on LAN

But they give a /56 (up to 256 subnets) on the LAN if you request it on the IPv6 DHCPV6-PD Settings.

The only thing they haven't done yet for Business customers is make it have parity with IPv4 on reverse DNS.

I can do reverse DNS on IPv4 on Cox but not IPv6.

I'm in the process of moving houses so I can get connected to a local electric utility that gives FTTH (fiber to the home) and also gives IPv4 and also IPv6 with reverse DNS for business customers as I've been waiting years for COX to give the same functionality on IPv6 as they give on IPv4 but they have not yet done that and will provide no timeline for when that may happen (although they claim they will do it at some point).

JKnott

@dwsummers said in No IPv6 on WAN interface, but IPv6 works direct to workstation:

The only thing they haven't done yet for Business customers is make it have parity with IPv4 on reverse DNS.
I can do reverse DNS on IPv4 on Cox but not IPv6.

Are you referring to the WAN or LAN addresses? They control the WAN addresses, including DNS, but you control the DNS for the LAN addresses. For my LAN, I use an external DNS server that has nothing to do with my ISP.

dwsummers

@jknott I'm talking about REVERSE DNS, where you look up the name from the address (not the normal FORWARD DNS where you look up the address from the name).

So I'm talking about the delegated /64 or /56 addresses, not the (single) WAN address on the router.

Yes, I certainly run my own DNS servers and don't use the ISP provided DNS servers.

I also have my own domain name(s) which provide forward and reverse DNS lookup for those names and addresses.

COX currently allows reverse DNS lookup for their IPv4 addresses but not the delegated /64 or /56 IPv6 addresses.

I currently still have to use the free Hurricane Electric IPv6 service to get reverse DNS lookup for my FQDN (fully qualified domain name) addresses.

So this greatly complicates the network design because if I want to use the COX IPv6 for some clients then I have to program the router to do PBR (policy based routing) to distinguish between the HE IPv6 and the COX IPv6 addresses and send the packets to the correct interface for either COX or HE.

I hope this explanation helps.

I liked your tag line. :-)

My version of that is:

I haven't lost my mind....it's backed up on tape around here somewhere.

JKnott

@dwsummers said in No IPv6 on WAN interface, but IPv6 works direct to workstation:

I'm talking about REVERSE DNS, where you look up the name from the address (not the normal FORWARD DNS where you look up the address from the name).
So I'm talking about the delegated /64 or /56 addresses, not the (single) WAN address on the router.

That's what I thunk. Your IPv4 address is comparable to your WAN IPv6 and I would expect the ISP have the full DNS lookup for it. With he.net, do they also provide a DNS for addresses within your LAN? That is you go to their site and set up a host name? While my addresses are set up in the pfsense DNS server, they are also configured on an external DNS server that has nothing to do with my ISP. I also set up an alias for my ISP provided IPv4 address.

dwsummers

Yes, that is what I stated a couple of times, I'm not sure how to make it any clearer.

HE provides capability for you to set servers to provide reverse DNS for the delegated addresses they give you, unlike COX.

So for example, I can do a forward lookup of my host.domain.com and it points to the IPv6 address and since they allow me to set reverse DNS servers for my IPv6 delegated addresses, then when you look up the IPv6 address, it points back to the name you want.

JKnott

@dwsummers

Let's try again. Where are your DNS records stored? The records for you WAN addresses will be with your ISP. Your LAN addresses are your responsibility, as the ISP will not know what's on your network. I use pfsense on my LAN and Enom for my public addresses. I can do a reverse lookup on my WAN address, but not on my LAN addresses. If you could do reverse look ups on he.net, then they are providing a DNS service that provides it. In my case, my ISP, Rogers, does for the WAN address on both IPv4 & IPv6, but not for my LAN address on IPv6 and of course, there's no way they could provide it for IPv4 NAT addresses on my LAN. Incidentally, some people might consider not having reverse lookup on the LAN addresses a security benefit.

So, what DNS provider are you using for your IPv6 LAN addresses?

BTW, reverse look up works with pfsense for the LAN addresses.

Bob.Dig

Reverse DNS has do be provided by the entity who gives you the IP-addresses or blocks/prefixes. And while HE allows you to set those, @dwsummers ISP doesn't allows this for IPv6, but for IPv4 for business costumer allows it.

Hope I could make this clear to @JKnott

JKnott

@bob-dig

How is that different from what I've been saying? With he.net, they control the addresses and prefixes. Do they have a DNS service for users? Do the users have to use the he.net domain? I have my own domain that has nothing to do with my ISP. I used to use a 6in4 tunnel provider, but don't recall them providing DNS. As I mentioned, my ISP provides reverse look up for the WAN addresses, but they have no knowledge of what I have on my LAN, other than my /56 prefix, and so cannot provide DNS in either direction for those addresses. I use Enom for my public DNS, but again, they don't provide reverse DNS. Pfsense supports it, but I have no way to automatically push that info out onto the net. When I make a change on my LAN, I have to update both the pfsense DNS and Enom.

So, where are the OP's DNS records stored? I suspect his problem has nothing to do with pfsense. Also, does COX provide a block of IPv4 addresses for business custmomers? Or do they have to use NAT? I have provided Internet connections for many business customers. Many have setups similar to home users, where they get a single IPv4 address and have to hide behind NAT. On the other hand, I have set up others, where they have their own address block, independent of any ISP or carrier and they are responsible for setting up their own DNS. They also have completely different hardware from a typical home/small office user.

JKnott

@bob-dig said in No IPv6 on WAN interface, but IPv6 works direct to workstation:

Reverse DNS has do be provided by the entity who gives you the IP-addresses or blocks/prefixes.

Many organizations have their own autonomous systems, where they arrange for their own address blocks from ARIN or other and are completely responsible for everything about their network, including DNS.

dwsummers

@jknott This has gotten way off topic.

The comment was made that COX only delegates a /64 and I answered that by default they delegate a /64 but by request (DHCPv6-PD hint) they will delegate a /56.

If you (or anyone) would like to discuss reverse DNS, let's take it to another message topic.

If you are interested I can definitely discuss how I've set up my Hurricane Electric IPv6 reverse DNS and how COX doesn't yet provide that service (they claim at some point they will but have not yet done that).

It is preventing Cox users from having complete parity between IPv4 and IPv6 and is why I'm in the process of moving to another ISP who will provide the same reverse DNS capability as Hurricane Electric as soon as I can. That way I'll have the same features for IPv6 that I have for IPv4.

Sorry for changing topics on this message thread.

Oh, back on thread:

I get an IPv6 GUA on my WAN interface and not a link local from Cox.

Now that may be determined by whether or not your settings ask for an address or not, I haven't tried not asking for a WAN address, so don't know how the Cox system would respond in that case.

That would be an interesting test for me to try.

JKnott

@dwsummers said in No IPv6 on WAN interface, but IPv6 works direct to workstation:

I get an IPv6 GUA on my WAN interface and not a link local from Cox.

You will always have a link local address on an IPv6 capable interface. What address is used for routing? Use netstat -r to find out. I also have a GUA from Rogers, but routing is via the link local address.

dwsummers

@jknott Yes, the "routing" is done by link local address.