Discussion:
[Cerowrt-devel] dynamic dns and ipv6 and "preferred lifetime"
Dave Taht
2018-10-08 16:07:54 UTC
Permalink
I have a machine whose ipv6 address I'd like to register in dns. I used to use
the ddns tool in openwrt to do this, but I don't think it quite does
what I want.

the ip tool now has json capability, yea, but basically I have
rotating addresses that expire.

Stuff like this:

inet6 2603:3324:1536:86f0:556d:9147:97a1:290a/64 scope global
temporary deprecated dynamic
valid_lft 157874sec preferred_lft 0sec

And other stuff that also expires but is mildly painful. I can do this
to show the
current primaries

ip -c -6 addr show primary | grep -A 1 2603

and the same, so I can delete secondaries

So I can see having a nsupdate (or linode api) script that parses this
all properly
and sends it "up there", or roll my own, but I was hoping for a
recommendation, that
does it as addresses change...
--
Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740
Michael Richardson
2018-10-08 17:57:16 UTC
Permalink
Post by Dave Taht
I have a machine whose ipv6 address I'd like to register in dns. I used
to use the ddns tool in openwrt to do this, but I don't think it quite
does what I want.
the ip tool now has json capability, yea, but basically I have rotating
addresses that expire.
You don't want to register temporary addresses, you want to turn them off.
Publishing your super-private address in DNS makes it not private, so don't
do that. You want stable private addresses.

You either do this in NetworkManager, or net.ipv6.conf.all.use_tempaddr = 0

https://major.io/2016/04/17/enable-ipv6-privacy-networkmanager/
Post by Dave Taht
And other stuff that also expires but is mildly painful. I can do this
to show the current primaries
ip -c -6 addr show primary | grep -A 1 2603
and the same, so I can delete secondaries
So I can see having a nsupdate (or linode api) script that parses this
all properly and sends it "up there", or roll my own, but I was hoping
for a recommendation, that does it as addresses change...
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] ***@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
Dave Taht
2018-10-08 18:13:36 UTC
Permalink
Post by Michael Richardson
Post by Dave Taht
I have a machine whose ipv6 address I'd like to register in dns. I used
to use the ddns tool in openwrt to do this, but I don't think it quite
does what I want.
the ip tool now has json capability, yea, but basically I have rotating
addresses that expire.
You don't want to register temporary addresses, you want to turn them off.
Publishing your super-private address in DNS makes it not private, so don't
do that. You want stable private addresses.
You either do this in NetworkManager, or net.ipv6.conf.all.use_tempaddr = 0
https://major.io/2016/04/17/enable-ipv6-privacy-networkmanager/
In general I don't use network manager, just good ole fashioned
/etc/network/interfaces
where the equivalent is

iface enp7s0 inet6 dhcp

Also it is more complicated than this in that the core machines are
multihomed, and I
do want several ipv6 addresses...

lastly, this stuff is managed in linode which (turns out) has a
painful means of assigning
a permanent ID to an address record that you have to capture by
parsing json by eyeball.

openwrt has no support for linode ddns in the ddns scripts, but I can
write that.

I never thought I'd say this, but nsupdate was much easier. And
theoretically ceres.cerowrt.org is up
now in ipv6 dns but it's not showing up across the internet even an hour later.

login=whatver
pass=noneofyourbusiness
key=thisinsanely long stream
domain=bunchonumbers # cerowrt.org
resourceid=differentbunchonumbers # ceres
# resourceid=a second id for my other interface # ceres again
device=enp7s0 # I'll end up putting this into /etc/network/rc.post_up
and in cron
# this does the right thing mostly, perhaps can filter out other stuff
address=$(ip -6 addr list scope global $device | grep -v " fd" | sed
-n 's/.*inet6 \([0-9a-f:]\+\).*/\1/p' | head -n 1)

# nosql strikes again
# find the domain id
# curl https://api.linode.com/?api_key=$key&api_action=domain.list
# find the other id
# find the resource id
# curl "https://api.linode.com/?api_key=$key&api_action=domain.resource.list&domainid=$domain"

# scribble al that down

# 3 */30 * * * * /bin/echo `/bin/date`: `/usr/bin/wget -qO-
--no-check-certificate
https://api.linode.com/?api_key=your-api-key\&api_action=domain.resource.update\&domainid=your-domain-id\&resourceid=your-resource-id\&target=[remote_addr]`
Post by Michael Richardson
Post by Dave Taht
/var/log/linode_dyndns.log
curl "https://api.linode.com/?api_key=$key&api_action=domain.resource.update&domainid=$domain&resourceid=$resourceid&target=$address"
Post by Michael Richardson
/dev/null
echo $address
Post by Michael Richardson
Post by Dave Taht
And other stuff that also expires but is mildly painful. I can do this
to show the current primaries
ip -c -6 addr show primary | grep -A 1 2603
and the same, so I can delete secondaries
So I can see having a nsupdate (or linode api) script that parses this
all properly and sends it "up there", or roll my own, but I was hoping
for a recommendation, that does it as addresses change...
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
--
Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740
Loading...