Jump to content



Photo

Implementing dual stack IPv4/IPv6 at my home


  • Please log in to reply
19 replies to this topic

#16 tonyjr

tonyjr

    Brewer

  • Joined: 20-July 04
  • Location: Essex, UK
  • OS: Windows 0.1
  • Phone: Lumia 1020

Posted 05 December 2013 - 00:18

Hmm, so that is what Windows does, seems strange (Like, the DNS server shouldn't allow any random system to update records, it should only allow a trusted client)

 

Won't work in a mixed setup though, where you have Linux and Windows clients, or use a non Windows Server DNS server (like bind)

 

Edit: And putting the logic in the DHCP server allows for stuff like batching, restoring DNS info across restarts, etc.

I just checked and it is only Windows clients that do this through dynamic registration (or whatever it is called). It looks a lot easier to manage with DHCPv6. I suppose just using stateless is good for a 'click and go' situation.

 

I have a question though. What happens with DHCPv6 clients and the Temporary IPv6 address? Does that also show up in the management console as a EUI64 (i.e. does it register somewhere aswell)? Usually the temporary address is the preferred source for IPv6 data from a host. I am unable to try this out for myself.

 

It would be hard to keep track of some things in a mixed environment with all these different addresses and the temporary ones too.

 

Time for bed.




#17 The_Decryptor

The_Decryptor

    STEAL THE DECLARATION OF INDEPENDENCE

  • Tech Issues Solved: 5
  • Joined: 28-September 02
  • Location: Sol System
  • OS: iSymbian 9.2 SP24.8 Mars Bar

Posted 05 December 2013 - 03:52

By default (with a DHCPv6 managed network) each system will have at least 3 addresses, one assigned by DHCP (Which can be easily tracked), one assigned by SLAAC (Which might be the EUI64 of the NIC, by default Windows randomises it with the same algo as privacy addresses) and at least one privacy address (Which is used as the default outgoing IP)

During the transition between privacy addresses you might have 2 bound to the adapter, although I've seen up to 10 at any one point on my Mac (Not counting DHCP/SLAAC)

I assume Windows clients would register all the addresses (But maybe not the DHCP provided one?), and then whatever comes first in DNS wins (Unless you're using a Mac client but meh) Now as for outgoing address selection, that's a bit stranger. From quick testing both OS X and Windows seem to use the DHCP provided address to communicate with systems on the same subnet (And I assume SLAAC if you don't have DHCP), but the privacy address for systems outside it, which does make sense (You can already see the MAC on the network, what's the point in hiding it?)

#18 tonyjr

tonyjr

    Brewer

  • Joined: 20-July 04
  • Location: Essex, UK
  • OS: Windows 0.1
  • Phone: Lumia 1020

Posted 27 December 2013 - 00:51

By default (with a DHCPv6 managed network) each system will have at least 3 addresses, one assigned by DHCP (Which can be easily tracked), one assigned by SLAAC (Which might be the EUI64 of the NIC, by default Windows randomises it with the same algo as privacy addresses) and at least one privacy address (Which is used as the default outgoing IP)

During the transition between privacy addresses you might have 2 bound to the adapter, although I've seen up to 10 at any one point on my Mac (Not counting DHCP/SLAAC)

I assume Windows clients would register all the addresses (But maybe not the DHCP provided one?), and then whatever comes first in DNS wins (Unless you're using a Mac client but meh) Now as for outgoing address selection, that's a bit stranger. From quick testing both OS X and Windows seem to use the DHCP provided address to communicate with systems on the same subnet (And I assume SLAAC if you don't have DHCP), but the privacy address for systems outside it, which does make sense (You can already see the MAC on the network, what's the point in hiding it?)

 

 

I am going to see what happens with the DNS registration in a few days when I have some spare time. I can add that static IPv6 addresses also get registered, however I have also noted the following:

 

over a site-to-site vpn (different subnet), the static address is used as source.

for same subnet traffic, the SLAAC address is used

for internet traffic, the temporary address is used.

 

This is for Win2k8 R2. I am not sure why the static address is only used as source for inter-site/subnet traffic. I haven't set anything up for it to do that.

 

Tony



#19 The_Decryptor

The_Decryptor

    STEAL THE DECLARATION OF INDEPENDENCE

  • Tech Issues Solved: 5
  • Joined: 28-September 02
  • Location: Sol System
  • OS: iSymbian 9.2 SP24.8 Mars Bar

Posted 27 December 2013 - 02:24

I was reading up on DNS behaviour and I found that BIND also supports the client-registration method, seems strange to me though and I haven't seen it used in practise (Although my experience with Windows Server/BIND/Enterprise setups is pretty much non-existent)

That's strange behaviour of using a different address for VPN traffic vs. local subnet/internet traffic.

#20 OP riahc3

riahc3

    Neowin's most indecisive member

  • Tech Issues Solved: 11
  • Joined: 09-April 03
  • Location: Spain
  • OS: Windows 7
  • Phone: HTC Desire Z

Posted 27 December 2013 - 03:54

Hello,

 

Glad this conversation is still going on :)

 

Now that I have vacations, I might get around to implementing this (finally) on my network (like the original purpose of this thread was)