DDNS IPv6 Cloudflare

Bob.Dig · Dec 11, 2019, 7:41 PM

@JKnott Ok, so there is no connection between this two and no chance of pfSense updating my DDNS for IPv6. I will look out for Clients on each machine like @johnpoz said.

JKnott · Dec 11, 2019, 7:42 PM

@Bob-Dig

No. As I said, I don't use dynamic DNS. However, as long as you can create AAAA records, you shouldn't need it for IPv6.

Bob.Dig · Dec 11, 2019, 7:43 PM

@johnpoz said in DDNS IPv6 Cloudflare:

If you have a prefix that your going to use to service services off of... Then give your boxes IPs in that prefix, be it static or set to be handed out via dhcp6 so they always have this IP,

Will have to learn this.

Bob.Dig · Dec 11, 2019, 7:45 PM

@JKnott said in DDNS IPv6 Cloudflare:

@Bob-Dig

No. As I said, I don't use dynamic DNS. However, as long as you can create AAAA records, you shouldn't need it for IPv6.

I will use clients if possible. Friend of mine has DSL and it changing the prefix every time he restarts his router (fritzbox)!

johnpoz · Dec 11, 2019, 7:49 PM

You shouldn't be doing services off IPs that change to be honest... But how you update those records via cloudflare is all here... This has nothing to do with pfsense..

https://support.cloudflare.com/hc/en-us/articles/360020524512-Manage-dynamic-IPs-in-Cloudflare-DNS-programmatically

You can have pfsense update ITs IPs both ipv4 and IPv6 in cloudflare sure -- but not some client on network behind pfsense...

edit: All that being said... I have been hosting ntp via IPv6 for years... The IP hasn't ever changed even moving to different isp... Since I use a /48 from HE... and the ntp server has a IPv6 address that I assign it, and create a AAAA record for... If your trying to serve services to the public via some IP that is going to change willy nilly, your doing it wrong ;)

Its fine if your wanting to connect to your home connection, etc.. But even then - I have had the same IPv4 address since I have been with this ISP, got a be a year now - has never changed... Why should it - pfsense is online 24/7 and renews the lease... As for the IPv6 - that is static is as well since its one of /48 addresses...

Bob.Dig · Dec 11, 2019, 7:50 PM

@johnpoz It is just a homeserver.

Interestingly my friends router (fritzbox) saves its firewall rules for IPv4 (NAT) and IPv6. And after a reboot it changes the ipv6 in the rule automatically to the new one. This means it is theoretically possible that the router knows the IPv6 addresses and also updates them, theoretically!

johnpoz · Dec 11, 2019, 7:52 PM

Not saying its technically not possible... I could have a any client on my network update the IPv6 address of some other box on my network.. Especially dhcpv6 that is handing the client the IPv6 address, etc.

What I am telling you is pfsense isn't going to do this for you with some click of a gui button...

But if that is what your looking for - its the wrong path... You should be looking for your IP address to not be changing if your wanting to serve services off of it..

Bob.Dig · Dec 11, 2019, 8:09 PM

To bad, dnsomatic seems not to support ipv6 with cloudflare. So I am in need of a client for windows.
When the IPv6 changes I will probably not notice it because I don't use IPv6... But some people ask, why IPv6 is not used, this is why!

johnpoz · Dec 11, 2019, 8:19 PM

Who asks this? There is no actual need for IPv6 at this point in time... No matter how much jknott for it too be true...

There is a powershell script floating around that works with cloudflare api I believe, or you should just be able to use the perl ddclient on windows as well..

this powershell should work
https://port1433.com/2017/02/20/updating-google-domains-dynamic-dns-with-powershell/

JKnott · Dec 11, 2019, 8:18 PM

@Bob-Dig said in DDNS IPv6 Cloudflare:

To bad, dnsomatic seems not to support ipv6 with cloudflare. So I am in need of a client for windows.
When the IPv6 changes I will probably not notice it because I don't use IPv6... But some people ask, why IPv6 is not used, this is why!

Why do you think IPv6 addresses will change? Unless your ISP screws up, your addresses are essentially static. It's only IPv4 you have to worry about.

Bob.Dig · Dec 11, 2019, 8:20 PM

@JKnott said in DDNS IPv6 Cloudflare:

@Bob-Dig said in DDNS IPv6 Cloudflare:

To bad, dnsomatic seems not to support ipv6 with cloudflare. So I am in need of a client for windows.
When the IPv6 changes I will probably not notice it because I don't use IPv6... But some people ask, why IPv6 is not used, this is why!

Why do you think IPv6 addresses will change? Unless your ISP screws up, your addresses are essentially static. It's only IPv4 you have to worry about.

Like I said, my friends IPv6 changes all the time after each reboot of his router... Haven't watched mine.

johnpoz · Dec 11, 2019, 8:24 PM

And what does your friends IPv6 address have to do with anything? What does it matter what their IP is?

Them talking to you would prob always change - because they would be using one of the privacy IPs... That is not the IP you would serve up services with..

What exactly are you trying to accomplish?? What do you want to happen - and why do you want it to be ipv6?

If your wanting to serve up services - then you should be looking to make sure your IP doesn't change and use that/those IP(s).

What are you and your friends trying to accomplish - play a game? what?

JKnott · Dec 11, 2019, 8:28 PM

@johnpoz said in DDNS IPv6 Cloudflare:

Who asks this? There is no actual need for IPv6 at this point in time... No matter how much jknott for it too be true...

I recently linked to an article about how there are no longer ANY IPv4 addresses available in Europe and the Middle East. Suppose someone puts up a server there that's only on IPv6. How will you reach it if you only have IPv4? While you personally might not have such a need, there are many people who come from those regions who might want to do just that. Or perhaps you might want to contact some supplier based in Europe. How will you get to their web site, if it's IPv6 only?

As I mentioned earlier, this IPv4 is good enough nonsense is just head in sand stupidity. We've been seeing problems caused by the lack of IPv4 addresses for many years and it will only get worse. The more people pretend IPv6 isn't needed, the longer it will take the world to switch over. In another thread here, there's a discussion about someone who's trying to connect to a hotel, when only CG NAT is available. What's your solution for him?

JKnott · Dec 11, 2019, 8:26 PM

@Bob-Dig said in DDNS IPv6 Cloudflare:

Like I said, my friends IPv6 changes all the time after each reboot of his router... Haven't watched mine.

I thought we were talking about your pfSense firewall. Does it do that? What is your friend's router? PfSense can be configured to change the prefix too. Maybe that friend has something configured wrong.

Bob.Dig · Dec 11, 2019, 8:39 PM

@JKnott said in DDNS IPv6 Cloudflare:

@Bob-Dig said in DDNS IPv6 Cloudflare:

Like I said, my friends IPv6 changes all the time after each reboot of his router... Haven't watched mine.

I thought we were talking about your pfSense firewall. Does it do that? What is your friend's router? PfSense can be configured to change the prefix too. Maybe that friend has something configured wrong.

No, like I said before, he has a router called fritzbox. And what changes is not the temporary IP @johnpoz ! Even something in the first 4 parts changes (sorry my lag of knowledge and English). Anyway, I will look for a client that is working just to make sure IPv6 will work, even if I don't use it.

johnpoz · Dec 11, 2019, 8:42 PM

@JKnott said in DDNS IPv6 Cloudflare:

Suppose someone puts up a server there that's only on IPv6. How will you reach

I have IPv6 - if I wanted to contact it... Which highly unlikely anyway...

If it was some service that was to actually do something - then they would get IPv4... If not its not worth me needing to talk to..

We have gone over this and over this... Until at some point some major player(s) goes only IPv6 the migration isn't going to gain any speed..

You have a HUGE market were it would make sense and grab a whole lot of attention - and they can not even do that right... The biggest draw to get users to bitch to their isp about ipv6 is games... We have had IPv6 for how many years. It was going to be savior to head to head gaming.... Name 1 freaking game that gets IPv6 done correctly where I can play head to head agains you via just IPv6?

JKnott · Dec 11, 2019, 9:02 PM

@johnpoz said in DDNS IPv6 Cloudflare:

I have IPv6 - if I wanted to contact it... Which highly unlikely anyway...

I know you do, but I was speaking in the general sense. There is a major phone company in Canada that's still IPv4 only. What if that supplier in Europe cannot get an IPv4 address? At the moment, he has to wait until someone has some surplus addresses to sell. We now have a world splitting in two, part IPv4 and part IPv6. On the other hand, the company I'm with provides IPv6 on both the cable and cell networks and with LTE, IPv6 only. My phone uses 464XLAT to access IPv4 sites. Other Canadian companies, both carrier and reseller, are managing to move to IPv6. Why not that phone company?

As for games, I have no idea, as I don't play online games. However, I expect those issues are due to the mix of IPv4 and IPv6. There is nothing inherent in IPv6 that would prevent playing games over it. Also, didn't the XBox require IPv6 and used Teredo when it wasn't available?

World IPv6 Lauch Day was June 6, 2012. That's over 7 years ago. My ISP was providing IPv6 back then, though not native. It used 6to4 and 6rd tunnels. but they were at least offering it. At that time, I was using a 6in4 tunnel, from another provider, and it worked fine.

Like I said, head in sand stupid. Those who insist on sticking with IPv4 are holding up the rest of the world.

Bob.Dig · Dec 13, 2019, 3:28 PM

@JKnott I talk to you in this thread because it is already cluttered up. I hadn't set that option, because I didn't knew, if I needed it in the firs place. Now I set it, thanks, and I have to watch this in the future.

Something different, in the Service DHCPv6 Server & RA I set up the DUID togehter with an hostname but no ip. There it says, if no IP is given, one will be dynamically allocated from the pool.
But the end result always is, that there is no connection between an ip and the hostname (in DNS).

So I guess I have to input an link-local ipv6 in the DNS (Unbound) to always have a functional DNS Setup for my LAN.

JKnott · Dec 13, 2019, 3:48 PM

@Bob-Dig

That's why I said to ensure it's set. Prior to that setting being available, all it took for my prefix to change is just disconnect/reconnect the WAN Ethernet cable.

What setting are you referring to re DUID? I have never had to set anything like that.

Bob.Dig · Dec 13, 2019, 5:19 PM

@JKnott I was talking about
ServicesDHCPv6 Server & RALANDHCPv6 Server

Finally got it working, I had to use those IPv6s, which the PCs made up by themselves and not the ones from the DHCPv6 Server.

Now the hostnames defined in the DHCP & DHCPv6 Server are automatically in DNS (unbound) and I can have the same Firewall-alias for IPv4 & v6.
This also means, next time (?) the prefix changes, there is nothing to do in pfSense anymore, I only have to update my DNS-Provider.

For that, I still don't have a solution, but I made up a "Dynamic DNS Client" with Cloudflare (v6) in pfSense for the LAN interface, then disabled this client. But those disabled Clients will still be checked by pfSense it seems, so I will see something red in the pfSense Dashboard, next time the prefix changes.