On 2010-04-06 at 22:19 -0400, Edward Ned Harvey wrote:
> I can't assume option (a) because Intel's video conference system isn't
> probably going to match Adobe's and Microsoft's and Apple's and Google's and
> RedHat's and so on. So there's got to be some really awesome DDNS solution.
> I am familiar with dyndns.com and a few others, but dyndns.com seems to be
> unable to support IPv6 right now . so . Anybody know how to solve the "I
> need a DNS name wherever I am" problem of IPv6?
Dynamic DNS updates. I haven't messed on this Mac, but ISTR that it's
the wide-area bonjour stuff. Using this with bind involves setting up
per-host keys, so scripting with OMAPI is probably the way forward, when
setting up for an org. With just a couple of users, manual keys work
fine.
I haven't touched this zone directive in a couple of years, so this
should still be good:
----------------------------8< cut here >8------------------------------
include "/etc/namedb-auth/nsupdate/keys.field.spodhuis.org";
zone "field.spodhuis.org." {
type master;
file "dynamic/db.field.spodhuis.org";
update-policy {
// selfsub is new in Bind 9.4
grant *.field.spodhuis.org selfsub *.field.spodhuis.org A AAAA
TXT SRV;
};
notify explicit; // we're the only server, IPv6 too though, so don't
notify ourselves
allow-transfer { whatever_is_right_for_yo
};
----------------------------8< cut here >8------------------------------
The contents of the keys.field.spodhuis.org files are items like this:
----------------------------8< cut here >8------------------------------
// dnssec-keygen -a HMAC-MD5 -b 512 -n HOST raincoat.field.spodhuis.org
key raincoat.field.spodhuis.org. {
algorithm HMAC-MD5;
secret "a long base64-encoded string goes here";
};
----------------------------8< cut here >8------------------------------
and, if my memory isn't playing tricks, the base64-form is what you
paste into WAN Bonjour on an Apple client. For *nix clients, scripting
around nsupdate(1) worked for me, but I never bothered making it fully
automatic, just "oh, I want people to be able to reach me, let's
register". No idea about Windows.
Often, sharing stuff is local LAN with people nearby. Bonjour actually
does work well for that and is far more automatic, but obviously less
secure.
> For that matter . anybody know how to get an IPv6 address, if your ISP
> doesn't simply give them out?
Hurricane Electric give out free tunnels: http://www.tunnelbroker.net/
Need static end-points. Some tunnel providers have custom protocols for
updating their DB with information of what your end's current IPv4
address is. I'm not aware of a tool for the HE/Tunnelbroker tunnels but
I haven't looked. Well worth checking out, including the
"Certification" stuff which is really just some quick tutorial stuff for
sysadmin IPv6 on a few platforms.
You can use 6to4, which needs to be configured on the router, just as
the static tunnels from he.net do. 6to4 is easy to turn on, tends to
work from anywhere, but does that by having anycast announcements of a
couple of specific IP address-blocks for a well-known IP that does the
gatewaying, which means that your forward and reverse network paths are
often different and problems are hard to diagnose.
Relevant RFCs:
3056 Connection of IPv6 Domains via IPv4 Clouds {6to4} {IPv6-prefix 2002::/16}
3068 An Anycast Prefix for 6to4 Relay Routers {192.88.99.1 2002:c058:6301::}
3964 Security Considerations for 6to4 {inf}
5158 6to4 Reverse DNS Delegation Specification {inf}
Regards,
-Phil
_______________________________________________
Discuss mailing list
Discuss@lopsa.org
http://lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
