Last Active


  • (Quote) Dynamic signing is possible with DNSSEC. I use OpenDNSSEC myself, and I have configured it to query an internal Bind9 server which have one dynamic zone. But I think DNSSEC with split-horizon DNS is more complicated. That's one reason I don'…
  • It's also possible via DNS: For IPv4: dig -4 +short -t a myip.opendns.com @resolver1.opendns.com And for IPv6: dig -6 +short -t aaaa myip.opendns.com @resolver1.opendns.com
  • (Quote) Why do service providers use large on-link prefixes that easily can fill the routers' neighbor caches when a customer wants to use a large sub-prefix over for example a VPN connection? (IP scanning which exists on IPv6 even if some sources s…
  • (Quote) To be used on the Internet? IPv6 is the latest and greatest Internet Protocol. Why do you need an alternative anyway?
  • (Quote) Is the /64 IPv6 routed to the VPS? If it isn't the case, how many IPv6 addresses are you allowed to use (since each address would create a neighbor entry in the router)?
  • I run my own DNS resolver (bind), and it doesn't forward the request to an external DNS resolver but queries the root DNS servers etc. I also host the authoritative DNS server for my own domains and I use Hurricane Electric Free DNS as slaves.
  • (Quote) I wonder if your router is able to forward the SIT protocol (41) which you are trying to use. BTW GRE also use its own protocol (47), but WireGuard uses UDP.
  • (Quote) There is no DHCPv6 server in systemd anyway. A DHCPv6 server with prefix delegation was one of the requirements. Open issue on systemd: network: implement DHCPv6 Server #16039
  • (Quote) Which Linux distribution do you recommend for routers? Do they have DHCPv6-PD clients, and servers and are able to receive IPv6 prefixes from the upstream routers, which they split into sub-prefixes that are assigned to interfaces, or delega…
  • (Quote) I'm using certbot and have configured dns-rfc2136-propagation-seconds=120 which works for me. The propagation delay was about 90 seconds last time I checked. And that's the total delay from my master via my opendnssec live signer, and a slav…
  • The IPv6 address ::2/128 used on Openvz 7 is invalid. Using it is completely broken. Bird also fills the log with: KIF: Invalid interface address ::2 for venet0
  • (Quote) IPv6 is great, but I would prefer if I didn't have to configure each IPv6 address I want to use in the VPS configuration. I wonder why I can't have the whole IPv6 prefix (/64 or other size) routed to the VPS.
  • (Quote) Do you need to use IPv6 NAT? Can't you instead add more global IPv6 addresses to the VPS, and assigned them to your peers. (The addresses also have to be removed from /etc/network/interfaces if you want to use them on the peers.) If you have…
  • What I'd like to see is one IPv6 address assigned on the external network interface, and one reasonably big IPv6 prefix that's routed via that address (or the link-local address). The routed IPv6 prefix will give you the flexibility to decide how t…