Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 19 submissions in the queue.
posted by n1 on Thursday May 05 2016, @06:36PM   Printer-friendly
from the not-yet dept.

APNIC reminds us that "there are now a large number of ISPs, data centres, cloud services, and software that now support IPv6" and "enabling IPv6 can be as simple as clicking a button on your WiFi router."

I turned it on, with Comcast I received an IPv6 route but no DNS server. Fortunately, Google Public DNS has unmemorable addresses, which I was able to configure manually.

2001:4860:4860::8888
2001:4860:4860::8844

It works. "There's only one thing left for you to do: Turn it on!"

[ ed: What are the alternatives to Google's Public DNS? ]


Original Submission

Related Stories

Removing IPv4 Completely from FreeBSD and Other Operating Systems 69 comments

A Swiss VM hosting provider has a technical blog post about how to kill IPv4 completely on FreeBSD. That is to say, turning it completely off, not just preferring IPv6. They then solicit concrete solutions describing, along with a proof of concept, how to turn IPv4 completely off in other operating systems and allowing them to communicate with IPv6 only.

Earlier on SN:
Vint Cerf's Dream Do-Over: 2 Ways He'd Make the Internet Different (2016)
You have IPv6. Turn it on. (2016)
We've Killed IPv4! (2014)


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Thursday May 05 2016, @06:39PM

    by Anonymous Coward on Thursday May 05 2016, @06:39PM (#342162)

    Sprint offers DNS at 2600::1 and 2600::2

    Google really dropped the ball this time.

    • (Score: 2) by davester666 on Friday May 06 2016, @08:14AM

      by davester666 (155) on Friday May 06 2016, @08:14AM (#342467)

      Still have utterly craptastic IPv6 support in Canada.

  • (Score: 4, Insightful) by TheGratefulNet on Thursday May 05 2016, @06:39PM

    by TheGratefulNet (659) on Thursday May 05 2016, @06:39PM (#342163)

    sorry, not willing to run dual-stack at home. zero reason. I get an ipv4 dhcp addr and it works fine with my firewall, router, nat setup, etc.

    works fine. I can ping any site I want.

    go sell ipv6 to the carriers. let them figure it out.

    (I worked at a smartphone tech company a few yrs ago and we counted on samsung having a good ipv6 stack for android. of course, samsung can't program its way out of a paper bag without bugs and errors, so ipv6 was a pain in the ass. if big old sammy can't get it right, why should I even care about taking on more problems?)

    --
    "It is now safe to switch off your computer."
    • (Score: 1) by daaelar on Thursday May 05 2016, @06:44PM

      by daaelar (5403) on Thursday May 05 2016, @06:44PM (#342167)

      Samsung isn't writing the v6 stack for their android phones, Google is. Google supports RFC 2460 and 6101, but unfortunately is refusing to support 3315. That means SLAAC works fine, but DHCPv6 doesn't. That all has to do with Google, though. And for the record, IPv6 in the home has been exploding with new home gateways and sites supporting the stack. I'm reading this site via native v6 right now and it's working very well.

      • (Score: 4, Informative) by Scruffy Beard 2 on Thursday May 05 2016, @06:52PM

        by Scruffy Beard 2 (6030) on Thursday May 05 2016, @06:52PM (#342172)

        That reminds me: for a few months I had native ISP-provided IPv6 (IPv4 only at the moment).

        It appears that the Gnome Network Manager does not support SLAC: only DHCPv6. That meant my Android and machine with no network manager just worked, while Linux Mint did not.

        Not sure if it is gnome network manager because: the about message has a non-functional network at cinnamon dot org e-mail address and the words "Network Manager Applet".

      • (Score: 2, Touché) by daaelar on Thursday May 05 2016, @06:53PM

        by daaelar (5403) on Thursday May 05 2016, @06:53PM (#342173)

        Bah, that should have said RFC 6106, not 6101

      • (Score: 2) by TheGratefulNet on Thursday May 05 2016, @06:57PM

        by TheGratefulNet (659) on Thursday May 05 2016, @06:57PM (#342176)

        I don't remember if we had issues with nexus phones or if it was just samsungs. we bet on samsung and we lost. they could not deliver a quality ipv6 phone stack. the details escape me as it was a few yrs ago and I was more on the unix side than the phone/android side.

        still, the one who SHIPS HARDARE is where the buck stops. so I would still blame samsung. they are big enough that they have funds and resources to fix killer bugs.

        as for ipv6 at home, I still see no need until I'm forced. what do I gain, exactly, by changing things and HAVING to run dual stacks? I simply don't see any benefit for the effort involved.

        perhaps on a brand new setup; but to update old working ones? if it aint broke, the saying goes....

        --
        "It is now safe to switch off your computer."
    • (Score: 3, Interesting) by Scruffy Beard 2 on Thursday May 05 2016, @06:45PM

      by Scruffy Beard 2 (6030) on Thursday May 05 2016, @06:45PM (#342168)

      Not if you want to use VOIP.

      At the moment I am contemplating tunnelling to my Asterisk server that has ports forwarded to it. I suspect going straight to my VOIP provider would have less latency, but I can not receive incoming calls while using NAT.

      • (Score: 2) by tibman on Thursday May 05 2016, @08:06PM

        by tibman (134) Subscriber Badge on Thursday May 05 2016, @08:06PM (#342207)

        Doesn't port forwarding solve this? Or worst case, DMZ *shudders*

        --
        SN won't survive on lurkers alone. Write comments.
        • (Score: 2) by Scruffy Beard 2 on Thursday May 05 2016, @08:13PM

          by Scruffy Beard 2 (6030) on Thursday May 05 2016, @08:13PM (#342213)

          No port-forwarding does not work because I do not get a public IP address from my mobile provider.

          I called and asked about IPv6. They will do it if I upgrade to a business plan with a higher minimum monthly commitment.

          • (Score: 2) by frojack on Friday May 06 2016, @02:25AM

            by frojack (1554) on Friday May 06 2016, @02:25AM (#342366) Journal

            Voip handles non public IPs via STUN servers [voip-info.org].

            --
            No, you are mistaken. I've always had this sig.
            • (Score: 0) by Anonymous Coward on Friday May 06 2016, @07:09AM

              by Anonymous Coward on Friday May 06 2016, @07:09AM (#342458)

              We are talking about *incoming* connections. STUN is not going to help you there.

              TURN does this, but requires turning the incoming connection into an outgoing one - which means the host receiving the connection needs to know when to expect a connection. That mean always having a different connection open for signalling. I'm guessing that's what he meant by tunneling through his asterisk server.

              • (Score: 2) by frojack on Friday May 06 2016, @03:07PM

                by frojack (1554) on Friday May 06 2016, @03:07PM (#342577) Journal

                We are talking about *incoming* connections. STUN is not going to help you there.
                TURN does this, but requires turning the incoming connection into an outgoing one - which means the host receiving the connection needs to know when to expect a connection.

                You are right of course. I linked the wrong page as well.

                http://www.voip-info.org/wiki/view/TURN [voip-info.org]

                The thing is, MOST VOIP/SIP providers (even free ones) supply TURN services on their systems precisely because such a vast portion of the net is behind NAT routers, and just about always has been. NAT traversal hasn't been a problem for Voip or Sip for some time now, and TURN was in place in one form or another since LONG before the relevant RFCs were formalized.

                Most providers have TURN/STUN/ICE all bundled into one server on their network. Incoming calls are just automatically routed to what ever network you happen to be on at the moment. Even cellular networks.

                If the OP has a problem its probably because his Asterisk server is behind a double nat (his and his ISPs), but even this is not a problem with any (free) external TURN service configured in his asterisk box. If

                --
                No, you are mistaken. I've always had this sig.
      • (Score: 2) by edIII on Thursday May 05 2016, @09:43PM

        by edIII (791) on Thursday May 05 2016, @09:43PM (#342256)

        While I've not configured it myself, I believe Asterisk has supported IPv6 since 1.8. PJSIP in Asterisk 11 does support IPv6, and there is information out there on how to set it up and configure it.

        --
        Technically, lunchtime is at any moment. It's just a wave function.
    • (Score: 0) by Anonymous Coward on Thursday May 05 2016, @06:58PM

      by Anonymous Coward on Thursday May 05 2016, @06:58PM (#342177)

      Had to turn off ipv6 on some friends' equipment for awhile. Local service providers hand out ipv6 addresses but don't actually route them, and their technical staff doesn't understand it enough to do anything.

      On the plus side, for 30-45 minutes of work I talked an ISP into 30 days free service to compensate for them not having internet for 2-3 days. Got paid with home-cooked dinner and $50. :)

  • (Score: 1) by daaelar on Thursday May 05 2016, @06:41PM

    by daaelar (5403) on Thursday May 05 2016, @06:41PM (#342164)

    You should get DNS servers from Comcast IPv6. It's a DHCPv6 exchange, and as long as your client accepts it you should have gotten 2001:558:feed::1 and ::2. For that matter, if your client supports it, you should be able to hint for a shorter prefix and get enough addresses for muliptle /64s. I can't remember if it's a /62 or a /60 for the shortest prefix it'll give out, as it's been a while since I tried. You can also manually get the DNS info from dns.comcast.net (redirects to dns.xfinity.com).

    • (Score: 0) by Anonymous Coward on Thursday May 05 2016, @06:47PM

      by Anonymous Coward on Thursday May 05 2016, @06:47PM (#342169)

      Why use DHCPv6 when SLAAC is perfectly capable of offering a DNS configuration?

      • (Score: 2, Informative) by daaelar on Thursday May 05 2016, @06:55PM

        by daaelar (5403) on Thursday May 05 2016, @06:55PM (#342175)

        Because SLAAC would only get you an address on your router, and the idea is to avoid NAT. DHCPv6 has the concept of Prefix Delegation. When you send a DHCPv6 Solicit message from a typical home gateway, you're requesting an IA_NA (Non-temporary address, which goes on the WAN port) and an IA_PD (Prefix Delegation: this goes on your whole LAN as typically a /64) so each of your connected devices has a routable address.

        • (Score: 0) by Anonymous Coward on Thursday May 05 2016, @07:04PM

          by Anonymous Coward on Thursday May 05 2016, @07:04PM (#342181)

          My Verizon router uses ICMPv6 to advertise a /64 prefix and a DNS server. Devices on my LAN take the prefix, pick addresses for themselves, and use the DNS server. There is no NAT.

          • (Score: 0) by Anonymous Coward on Friday May 06 2016, @04:00PM

            by Anonymous Coward on Friday May 06 2016, @04:00PM (#342584)

            I believe the parent meant that you're router could use DHCPv6 to get your LAN prefix from your ISP. Your local machines would use SLAAC to get their info from the router. That is, if the router uses SLAAC, it just gets an IP address and not the prefix it needs to broadcast to the LAN. It could then NAT the LAN through its IP, but the local LAN wouldn't have public addresses.

  • (Score: 3, Interesting) by Anonymous Coward on Thursday May 05 2016, @06:53PM

    by Anonymous Coward on Thursday May 05 2016, @06:53PM (#342174)

    IPv6 is too new for anyone to have really figured out the privacy risks.
    I put too much effort into maintaining privacy online, I'm not going to risk all that work to be a guinea pig.
    My VPN service explicitly turns off IPv6 in order to make sure nothing leaks out via that path and I'm good with that.

    I suspect that becoming an IPv6 expert could lead to some lucrative consulting gigs as it gets rolled out world-wide. But that's the only reason I can see for someone like me to even consider turning it on. Even then I'd probably only do it on a separate subnet dedicated just testing.

    • (Score: 2, Interesting) by webnut77 on Thursday May 05 2016, @07:10PM

      by webnut77 (5994) on Thursday May 05 2016, @07:10PM (#342187)

      My VPN service explicitly turns off IPv6 in order to make sure nothing leaks out via that path and I'm good with that.

      Then you should block outgoing the Teredo port (3544) and the IPv6 encapsulation protocol (41). I'm finding all sorts of nasty stuff happening on the LAN side.

    • (Score: 1, Touché) by Anonymous Coward on Thursday May 05 2016, @07:13PM

      by Anonymous Coward on Thursday May 05 2016, @07:13PM (#342191)

      I suspect that becoming an IPv6 expert could lead to some lucrative consulting gigs as it gets rolled out world-wide.

      Yeah it's exactly like Y2K except there's no deadline and no compelling reason to switch and nobody cares about it. So lucrative.

    • (Score: 2) by Scruffy Beard 2 on Thursday May 05 2016, @07:33PM

      by Scruffy Beard 2 (6030) on Thursday May 05 2016, @07:33PM (#342200)

      IPv6 is too new for anyone to have really figured out the privacy risks.

      I was a little surprised when an IPv6 testing site told me I was using a Compaq MAC address (SLAC). That tells you something about the age of my computer (assuming I did not moved the NIC to a new machine).

    • (Score: 0) by Anonymous Coward on Thursday May 05 2016, @07:58PM

      by Anonymous Coward on Thursday May 05 2016, @07:58PM (#342204)

      Who else thought this was about using google's dns? They already know too much about you, no need to give them everything!

      • (Score: 0) by Anonymous Coward on Thursday May 05 2016, @08:07PM

        by Anonymous Coward on Thursday May 05 2016, @08:07PM (#342208)

        OpenNIC [opennicproject.org] has a few servers [opennicproject.org] you could use.

    • (Score: 2) by rleigh on Thursday May 05 2016, @08:34PM

      by rleigh (4887) on Thursday May 05 2016, @08:34PM (#342229) Homepage

      "Too new"? I've been using it for over 15 years!

      My current ISP supplies a router which has firewall rules for v4 and v6, pretty simple to configure, including forwarding and filtering. Turn on computer, get v4 and v6 addresses. Works without any effort. I don't really care if the world can derive my MAC address from my v6 address; but if you do then there are privacy extensions and other ways to assign addresses.

      • (Score: 0) by Anonymous Coward on Thursday May 05 2016, @08:48PM

        by Anonymous Coward on Thursday May 05 2016, @08:48PM (#342240)

        > "Too new"? I've been using it for over 15 years!

        You are correct. Technically correct which is the best kind of correct.
        It lets you ignore the point in favor of a literal misunderstanding. Congratulations on your aspergers!

        > I don't really care if the world can derive my MAC address from my v6 address

        That is only the babiest of baby steps. That you think MAC address tracking is the be all and end all of the privacy risks that ipv6 brings with it, then ipv6 really is new to you.

        http://www.computerworlduk.com/news/security/vpn-providers-failing-secure-ipv6-well-enough-study-finds-3618416/# [computerworlduk.com]

    • (Score: 2) by Hyperturtle on Friday May 06 2016, @01:01AM

      by Hyperturtle (2824) on Friday May 06 2016, @01:01AM (#342336)

      Yes, even being an IPV6 half-ass can yield you some good gigs. Being able to identify this in front of the businesses with money can make you a hero, even if you make gobs of money, you still can save them gobs by getting rid of those people that just are riding the crest, like those self identified experts that called themselves cloud engineers. I havent heard a cringe worthy name for IPV6 specific engineers, but I think someone is trying to invent one, somewhere...

      The fact that it costs so much to go legit with IPV6 (and get your own ranges) has rendered the field as a place filled with half-asses, so get going while the going is good. It is hard to use IPV6 locally with most consumer stuff right now as it is. Much of it is rudimentary and basic, but yeah it sorta works. IPV4 on NT 4.0 works better in comparison to IPV6 on most stuff one can get from the local best buy or similar store (this has been my experience). IPV6 may work better on custom firmwares on that same best buy hardware -- but perhaps only a few reading this will go out of their way to do that. And find their ISP has a real problem with it.

      I expect 2017/2018 to be when things really pick up speed -- because of IoT and smart this and smart that, and robot cars and etc... don't expect them all to use carrier grade NAT!

  • (Score: 1) by webnut77 on Thursday May 05 2016, @07:00PM

    by webnut77 (5994) on Thursday May 05 2016, @07:00PM (#342178)

    When I finally got IPv6 on my Comcast connection, I asked a Customer Service Representative about getting static IPv6 addresses. She told me yes they have them and they're just like IPv4 addresses; $25 for five, $10 for one, etc.

    I though to myself: Isn't that like trying to charge for cups of ocean water?

    I set up a IPv6 over IPv4 tunnel with Hurricane Electric and got a static /64 for my server and a static /48 for my LANs. It works really well.

    Anyone else irritated because Google doesn't support DHCPv6 on Android?

    • (Score: 2) by tangomargarine on Thursday May 05 2016, @08:22PM

      by tangomargarine (667) on Thursday May 05 2016, @08:22PM (#342218)

      Aren't people like you the reason we ran out of IPv4 addresses?

      "Yes of course I need 1024 addresses."

      --
      "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
      • (Score: 3, Informative) by Anonymous Coward on Thursday May 05 2016, @08:42PM

        by Anonymous Coward on Thursday May 05 2016, @08:42PM (#342235)

        There are 42,535,295,865,117,307,932,921,825,928,971,026,432 possible public facing ipv6 addresses. Every man, woman and child on the planet could take 10 million addresses each and that would still leave 99.9999999999999999998% of the address space available.

        Put that in your smike and poke it.

        • (Score: 0) by Anonymous Coward on Thursday May 05 2016, @09:25PM

          by Anonymous Coward on Thursday May 05 2016, @09:25PM (#342250)

          Challenge accepted!

          • (Score: 2) by Gaaark on Thursday May 05 2016, @10:24PM

            by Gaaark (41) on Thursday May 05 2016, @10:24PM (#342277) Journal

            Pics?
            I'd like to try it myself, but am wondering how you get into that position to do it? Any suggestions?

            --
            --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
        • (Score: -1, Redundant) by Anonymous Coward on Thursday May 05 2016, @11:13PM

          by Anonymous Coward on Thursday May 05 2016, @11:13PM (#342294)

          Every man, woman and child on the planet could take 10 million addresses each...

          Does this count my newborn son, who is about 7 hours old at the moment?

          • (Score: 1, Touché) by Anonymous Coward on Friday May 06 2016, @03:02PM

            by Anonymous Coward on Friday May 06 2016, @03:02PM (#342574)

            Your kid is just 7 hours old and you are on soylent making random useless posts?
            You are going to be a great parent!

            • (Score: 0) by Anonymous Coward on Friday May 06 2016, @10:47PM

              by Anonymous Coward on Friday May 06 2016, @10:47PM (#342735)

              Yes, you should be standing by the bedside staring at mother/baby ready to jump at a moment's notice, even if they are sleeping because, oh I don't know, they just went through a fucking childbirth seven hours ago?

      • (Score: 0) by Anonymous Coward on Thursday May 05 2016, @08:48PM

        by Anonymous Coward on Thursday May 05 2016, @08:48PM (#342241)

        1024 IPv4 addresses for me, 1024 IPv4 addresses. Troll a site, ban for me, 1023 IPv4 addresses left.

    • (Score: 2) by Hyperturtle on Friday May 06 2016, @12:52AM

      by Hyperturtle (2824) on Friday May 06 2016, @12:52AM (#342334)

      What is your package with Comcast, and what is your hardware used to connect to them?

      You have done as I intend to, but I needed to buy an additional router for this purpose. My firewall does not allow for GRE tunnels to originate from itself; only through itself, and so I needed an actual router to... act as a router.

      I also would like to know where you have registered anything of importance.

      I wanted to get a IPV6 range that was portable, having missed the IPV4 bandwagon because I was cheap, and my god ARIN sure is acting like those cups of water are worth their weight in dissoved precious metal ions. (I guess I am still cheap if I think that) And the proof they demand; why do I need to multihome this and demonstrate how many IPs I am using up, and that I am not subleasing these to others? Why is it thousands of dollars to get a range? Why is it Comcast won't even talk to me about it without a fiber connection to them because that's what they require for me to run BGP, because that's what they require to route IPV6 unless I buy a few statics off them that aren't really statics or bought at all...

      I totally understand this for IPV4; but the IPV6 ranges are just obscenely large. Waste not, want not, I too don't want to just squander it all.. but they are really hindering the adoption by keeping the assigment requirements so high. A medium business can afford the costs and renewals, the common person just seems to be forced into the cloud with an ISP that refuses to let them run servers. IPV4 scarcity isn't the issue anymore...

      Anyway, I wanted to take the plunge and do as you did, signed up and everything... but found that its not so easy to get IPV6 working on *non modern hardware*. Or comcast, without at least a business class modem. Otherwise the DHCP can reset (as they seem to do to me every few months.. its not consistent anymore) and everything I may put online through a tunnel broker suddenly becomes offline.

  • (Score: 5, Touché) by wonkey_monkey on Thursday May 05 2016, @07:04PM

    by wonkey_monkey (279) on Thursday May 05 2016, @07:04PM (#342180) Homepage

    You have IPv6. Turn it on.

    No I don't. Shut up.

    --
    systemd is Roko's Basilisk
    • (Score: 2) by skater on Friday May 06 2016, @11:50AM

      by skater (4342) on Friday May 06 2016, @11:50AM (#342512) Journal

      Me either. My FiOS router is from ~2008 and doesn't support IPv6. I'd have to get a new router, but that's the kind of call to tech support that I dread (though from what I just read, Verizon would like to get the older ones like mine out of circulation). Actually, come to think of it, I dread most calls to tech support...

  • (Score: 2) by richtopia on Thursday May 05 2016, @07:11PM

    by richtopia (3160) on Thursday May 05 2016, @07:11PM (#342188) Homepage Journal

    I'm not the most sophisticated user; I have a personal server running at home and that is about it. My ISP gave me a static IPv4 address. What advantage is there to me by moving to IPv6?

    • (Score: 3, Funny) by Anonymous Coward on Thursday May 05 2016, @07:15PM

      by Anonymous Coward on Thursday May 05 2016, @07:15PM (#342192)
    • (Score: 0) by Anonymous Coward on Thursday May 05 2016, @07:44PM

      by Anonymous Coward on Thursday May 05 2016, @07:44PM (#342202)

      Personally I like to ssh from the clouds straight into the various boxen at home behind my NAT/IPv6 router box. Not a lot of places have IPv6 so I find myself bouncing off my server in the clouds, but in my mind that's a little better than doing the port-forwarding dance.

      There's probably no real rush other than you get to do the IPv6 nerd dance when you get on the IPv6 internet.

      The port-forwarding dance does still work for IPv4. The vast majority of torrent peers I see are still IPv4 with the occasional IPv6 peer. I just thought I'd throw this out for passers-by who might need to do the UPnP dance for a custom-built NAT box who don't want say PfSense: MiniUPnP [tuxfamily.org].

      Hmm... I've often thought that once everybody's IPv6, we'd be able to finally be successful with providing Everyman a client/server to some kind of distributed content network, say a distributed Facebook that Everyman could find "easy to use" without having to muck with port forwarding, being picky about which box it's install on in the house, etc. On the other hand, most consumer NAT devices probably have UPnP enabled by default. I guess one less thing to go wrong? I don't really know anything about this subject area.

      • (Score: 2) by Capt. Obvious on Friday May 06 2016, @08:55AM

        by Capt. Obvious (6089) on Friday May 06 2016, @08:55AM (#342475)

        So, I should turn on IPv6 because it avoids my DMZ/firewall? That sounds exactly backwards from the way I want to go..

    • (Score: 0) by Anonymous Coward on Friday May 06 2016, @10:52AM

      by Anonymous Coward on Friday May 06 2016, @10:52AM (#342500)

      The day will come when your isp will charge you extra for belonging to an exclusive club of no more than 4 billion members.

  • (Score: 1) by HonestFlames on Thursday May 05 2016, @07:28PM

    by HonestFlames (3704) on Thursday May 05 2016, @07:28PM (#342198)

    I'm an IT pro-sumer and general geek like many of us here. That doesn't mean I'm going to spend £200+ on a new router just now. My previous £140 router works just fine and dandy.

    I have installed Tomato firmware on my router. It supports IPv6. I've even had my ISP turn on the feature. Is it useful? No. It's the opposite of useful, because IPv6 traffic runs quite a lot slower through my router.

    I'm lucky, my router actually works with IPv6. There are routers out there advertising IPv6 compatibility where in reality the feature is quite broken.

    It all really comes down to "why should I care?" IPv6 offers nil features versus IPv4 to me. Average users clearly aren't going to care about it.

  • (Score: 2) by dltaylor on Thursday May 05 2016, @08:04PM

    by dltaylor (4693) on Thursday May 05 2016, @08:04PM (#342206)

    My Cisco only has IPv4 on the WAN side, and it's not supported (that I can find for an RVS4000) by any open source firmware.

    When I finish the OpenBSD router/firewall, I may try IPv6 to see if it gives me any advantage in connectivity, but I am NOT allowing anything on the LAN to bypadd the firewall and use IPv6 to directly connect to the internet.

    • (Score: 2) by wisnoskij on Thursday May 05 2016, @08:28PM

      by wisnoskij (5149) <reversethis-{moc ... ksonsiwnohtanoj}> on Thursday May 05 2016, @08:28PM (#342222)

      Me as well. My rural ISP actually only offers my internet to me through a router. So I am 99% sure that I share an ip address with everyone else in the area; At least that is how I think it must work. SO I do not have any conttrol over this ip address and definitely cannot switch to v6.

      • (Score: 0) by Anonymous Coward on Friday May 06 2016, @12:07AM

        by Anonymous Coward on Friday May 06 2016, @12:07AM (#342310)

        My ISP uses CGN [wikipedia.org]. All the downsides of NAT with the only benefit being it acting like a rudimentary firewall. UDP hole punching and ICE do not work reliably, especially on well-known ports, and not all software understands that the CGN IP address is not publicly routeable. The real nice one is during school vacations and I find the public IP banned from all sorts of services.

  • (Score: 2, Insightful) by Anonymous Coward on Thursday May 05 2016, @08:19PM

    by Anonymous Coward on Thursday May 05 2016, @08:19PM (#342216)

    The privacy implications of Google DNS are too large to even seriously consider using that piece of crap.

    • (Score: 0) by Anonymous Coward on Thursday May 05 2016, @08:25PM

      by Anonymous Coward on Thursday May 05 2016, @08:25PM (#342221)

      What are the alternatives to Google's Public DNS?

      I use something called IvyDNS which lets me block undesireable domains at the DNS level. It's like hosts files but on steroids because it can block entire domains and subs in one go (so I can block [*.]facebook.com instead of having to block every single hosts known as being affiliated with FB as you would have to do with a hosts file). Oh, and it constantly learns about new domains that should be blocked as well, so I have zero maintenance on my side if I don't want to maintain it.
      I see no ads, I am not tracked online (pixel.facebook.com, google-analytics.com, etc...). My internet is faster because of it and my privacy enhanced.

      • (Score: 1, Interesting) by Anonymous Coward on Thursday May 05 2016, @08:28PM

        by Anonymous Coward on Thursday May 05 2016, @08:28PM (#342223)

        I am not tracked online

        correction: I am tracked *less*, by fewer actors and without a central repository that would otherwise hold all that tracking data and serve it to the highest bidder.
        Sure, each individual site still tracks me but they've long since outsourced this to the big ones like GOOG and FB so in practice, I'm tracked much, MUCH less...

    • (Score: 2) by jmorris on Thursday May 05 2016, @10:31PM

      by jmorris (4844) on Thursday May 05 2016, @10:31PM (#342281)

      There are worse things. I'm on Suddenlink and their DNS resolves pretty much everything to a Suddenlink IP and attempts https hijack. They want you to install their wildcard cert to make it possible. So I'm using the Google DNS servers until they get around to shutting that down, then it will be time to pay extra for VPN service.

      • (Score: 0) by Anonymous Coward on Friday May 06 2016, @12:48PM

        by Anonymous Coward on Friday May 06 2016, @12:48PM (#342527)

        I used to run an open DNS server for people in circumstances such as yours. Then one day I noticed that the entire 100Mb/s was in use. Turns out some criminals were using DNS reflection attacks against someone else using my server, so that had to stop. As it turned out, a low-power Celeron can't handle processing iptables flood rules with the volume of traffic the crooks were sending, so bye bye public DNS server.

        It was much the same story with NTP.

      • (Score: 0) by Anonymous Coward on Friday May 06 2016, @06:37PM

        by Anonymous Coward on Friday May 06 2016, @06:37PM (#342654)

        yeah, or you could use dnsmasq and dnscrypt-proxy and use the default nameserver or pick another.

  • (Score: 0) by Anonymous Coward on Thursday May 05 2016, @08:30PM

    by Anonymous Coward on Thursday May 05 2016, @08:30PM (#342227)

    its nice that g. provides free and fast dns servers.
    however lets not forget thar requesting the machine usable number of a human used name reveals alot.

    also it is probably the easiest way to start a new search engine or keep one going: by providing domain resolution you get to know what websites are being sought and you can then instruct your web spider to crawl them and send data to your search database.

    it is like having a ghost person follow you into some store and watching you taking out products from the ailes and taking note of it.

    so if you want to help google search get even better, use their dns servers -or- start an alternative free dns server (cluster, p2p?) that feeds a search engine.

    • (Score: 3, Insightful) by inertnet on Thursday May 05 2016, @10:23PM

      by inertnet (4071) on Thursday May 05 2016, @10:23PM (#342276) Journal

      Be aware that by using Google DNS you're giving them an opportunity to build a database of every site you visit.

      • (Score: 0) by Anonymous Coward on Friday May 06 2016, @04:47AM

        by Anonymous Coward on Friday May 06 2016, @04:47AM (#342423)

        How is that different than any other DNS provider?

        • (Score: 0) by Anonymous Coward on Friday May 06 2016, @04:22PM

          by Anonymous Coward on Friday May 06 2016, @04:22PM (#342602)

          Not all DNS providers keep that information around. And not all those that do keep that information use it to sell you out. There are still *some* honest people alive.

          • (Score: 0) by Anonymous Coward on Friday May 06 2016, @10:44PM

            by Anonymous Coward on Friday May 06 2016, @10:44PM (#342732)

            But you don't know that. They tell you that and you believe them because they are not Google et al.

  • (Score: 0) by Anonymous Coward on Thursday May 05 2016, @08:36PM

    by Anonymous Coward on Thursday May 05 2016, @08:36PM (#342231)

    I believe this IPv6 when the ADSL boxes and ISPs support that protocol. Especially those embedded devices are notorious for shitty support.. and bugs.

  • (Score: 0) by Anonymous Coward on Thursday May 05 2016, @08:41PM

    by Anonymous Coward on Thursday May 05 2016, @08:41PM (#342234)

    My PCs are all IPv6 enabled, my router is IPv6 enabled, my cable modem is IPv6 capable... but yet COCKS (COX) CABLE still hasn't turned it on, even after promising it would over a year ago. Yes folks, COX cable of San Diego breaking another promise.

  • (Score: 0) by Anonymous Coward on Thursday May 05 2016, @09:27PM

    by Anonymous Coward on Thursday May 05 2016, @09:27PM (#342251)

    Not trolling, just asking. As a consumer, is there any benefit to me for switching to IPv6?

    • (Score: 0) by Anonymous Coward on Thursday May 05 2016, @10:03PM

      by Anonymous Coward on Thursday May 05 2016, @10:03PM (#342260)

      Now all your things can be publicly addressable from the intertubes. No more need for NAT. Internet of ALL the things!

      • (Score: 0) by Anonymous Coward on Thursday May 05 2016, @10:17PM

        by Anonymous Coward on Thursday May 05 2016, @10:17PM (#342270)

        Publicly addressable doesn't mean reachable, if your ISP firewalls incoming connections. Still, it's nice to see the same addresses on your things from inside your LAN and outside on the WAN. No more NAT means no more internal addresses, unless you consider link-local, then each thing still an internal address for LAN use. Well, crap.

      • (Score: 3, Informative) by dltaylor on Thursday May 05 2016, @10:25PM

        by dltaylor (4693) on Thursday May 05 2016, @10:25PM (#342278)

        He said benefit.

        Having all of your stuff directly accessible means that every device is usable by any script-kiddie on the planet.

        They'll be able to look at every devices' camera, listen to every microphone, shut-off you IoT refrigerator, whatever.

        Didn't Miss Teen America's experience teach you anything?

        • (Score: 4, Informative) by rleigh on Thursday May 05 2016, @10:55PM

          by rleigh (4887) on Thursday May 05 2016, @10:55PM (#342291) Homepage

          "Addressable" does not imply "accessible". The computer I'm posting this message on currently has an address of... checking... 2001:8b0:860:ddbd:8079:5481:bb1e:84e6 but you won't be able to access it because the firewall in the ADSL router won't allow incoming connections; if I wanted to open up ports to individual machines or for the entire /64 block I could certainly do so.

          While there will inevitably be insecure or misconfigured stuff out there, your typical ADSL router will not be allowing incoming connections by default, just as it doesn't automatically allow it for v4. Mine was certainly configured this way.

          As for benefit, since bigger sites started enabling v6 in a big way, e.g. youtube, google, etc., I've noticed I get faster download speeds over v6, and in fact the majority of the network traffic is now over v6. All the Linux mirrors I use are v6 now. So in a very real sense, v4 has already been displaced in terms of traffic volume for my usage. As ISPs continue to roll out support, the tipping point isn't far off. Check the stats here: https://www.google.com/intl/en/ipv6/statistics.html [google.com] The growth is exponential, doubling every ~1.5 years; might hit 20% by the end of this year and 40% the year after. It's taken a long time to get there, but we'll likely all the using it by default in just a small number of years now; once adoption reaches a critical level, network effects will force everyone to be on it as the v4 address scarcity really starts to hit home.

    • (Score: 2) by jmorris on Thursday May 05 2016, @10:53PM

      by jmorris (4844) on Thursday May 05 2016, @10:53PM (#342290)

      And that is the problem. Every year we hold IPv6 day, everybody talks about it for a day, every few months we get another story, like clockwork, about IPv4 address exhaustion and everything continues to stubbornly keep working in spite of it.

      The only touted benefit, no more NAT, has become a nightmare for most. We all have far too many connected devices that wouldn't last a day if exposed to the Internet and everybody knows it.

      IPv6 was a solution to a problem that stopped existing along with the old Internet. The problem was the old Internet was designed around a dumb network and smart endpoints that directly communicated with each other and NAT broke that model. But it is dead. Now it is a smart network / cloud and the endpoints are dumber than a sack of hammers and getting dumber and less capable with each revision. Endpoints are all tethered to the corporate overlord that made them and they all get through your NAT router just fine for that purpose.

  • (Score: 1) by dak664 on Friday May 06 2016, @12:08AM

    by dak664 (2433) on Friday May 06 2016, @12:08AM (#342312)

    ipv6 address space is so vast that assignments can last forever so names can be mapped through the local hosts file. Faster, automatic block of malware sites, automatic opt-in of third party ads, and less internet traffic. It's a win for everyone except the spammers.

  • (Score: 2) by archfeld on Friday May 06 2016, @02:10AM

    by archfeld (4650) <treboreel@live.com> on Friday May 06 2016, @02:10AM (#342360) Journal

    DNS on Time Warner Cable here in Yuma doesn't support IPV6 either. My local hardware does but I had to move to OpenDNS. TWC had their DNS configured to sequential IPs on the same subnet anyways, so anytime there was any sort of issue, both DNS suffered from the same problem. Anyone know if there is any noticeable difference between OpenDNS or GoogleDNS ?

    --
    For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge
    • (Score: 0) by Anonymous Coward on Friday May 06 2016, @05:36AM

      by Anonymous Coward on Friday May 06 2016, @05:36AM (#342439)

      Which is fine. Because they are dual stack. You can get AAAA records from the ipv4 DNS servers.

      > google.com
      Server: dns-cac-lb-01.rr.com
      Address: 209.18.47.61

      Non-authoritative answer:
      Name: google.com
      Addresses: 2607:f8b0:4002:c07::8b
                          74.125.21.138
                          74.125.21.101
                          74.125.21.139
                          74.125.21.102
                          74.125.21.100
                          74.125.21.113
      -----

      ping google.com

      Pinging google.com [2607:f8b0:4002:c08::8b] with 32 bytes of data:
      Reply from 2607:f8b0:4002:c08::8b: time=28ms
      Reply from 2607:f8b0:4002:c08::8b: time=33ms
      Reply from 2607:f8b0:4002:c08::8b: time=39ms
      Reply from 2607:f8b0:4002:c08::8b: time=33ms

      Ping statistics for 2607:f8b0:4002:c08::8b:
              Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
      Approximate round trip times in milli-seconds:
              Minimum = 28ms, Maximum = 39ms, Average = 33ms

  • (Score: 2) by dingus on Friday May 06 2016, @02:23AM

    by dingus (5224) on Friday May 06 2016, @02:23AM (#342365)

    It's pretty easy to set up and makes your attack surface that much smaller.

  • (Score: 2) by Runaway1956 on Friday May 06 2016, @02:36AM

    by Runaway1956 (2926) Subscriber Badge on Friday May 06 2016, @02:36AM (#342369) Journal

    I fiddled with IPv6 a couple years ago, and nothing worked. Called the ISP, and was told, "Yeah, we've got IPv6, but we don't "support" it." That is, the tech support line couldn't tell me anything, and the one real tech I talked to couldn't find the time to help me out. After a couple days of screwing around, I just gave up on it.

    Things have changed in the last couple years - maybe it works now. But, I hate to think about wasting a couple days testing it.

    This is one of the benefits of living in Outback, Nowhere. A decade after new technology is introduced, we might get it working out here. Or not.

    --
    “I have become friends with many school shooters” - Tampon Tim Walz
    • (Score: 2) by ledow on Friday May 06 2016, @08:03AM

      by ledow (5567) on Friday May 06 2016, @08:03AM (#342464) Homepage

      Same with Virgin Media in the UK.

      For years, they've been talking up IPv6, but still you can't get anything.

      I have a full IPv6 network at home, all my external servers are IPv6 (and sometimes people even use them!), and my router can do absolutely any method of IPv6 you like from DHCPv6 to the various tunnels to you-name-it.

      I have the Virgin Media box in "modem mode" so it just passes traffic straight on and doesn't need to interpret it (and it's DOCSIS 3 so it has to "support IPv6" to get certified nowadays).

      Nothing.

      I can tunnel out, but they provide no support so it's no different to just treating IPv6 as a VPN and having a trusted machine on the other end (yes, I've done it going out to my external servers and having them act as the 6-to-4 endpoints).

      And, having set that all up, pretty much you notice no different whatsoever, except the IPv6 test sites light up green instead of red.

      Every few months I try again. Still nothing.

      It's been like that for about 6 years now.

      • (Score: 0) by Anonymous Coward on Sunday May 08 2016, @09:03PM

        by Anonymous Coward on Sunday May 08 2016, @09:03PM (#343295)

        That's useful to know. I'm on Virgin media and will soon be switching their supplied router to modem-mode in favour of a decent router running openwrt. Now I won't waste time trying to get IPv6 working when I make the switch.

  • (Score: 0) by Anonymous Coward on Friday May 06 2016, @11:31PM

    by Anonymous Coward on Friday May 06 2016, @11:31PM (#342744)

    A shiny new modem recently enabled IPV6 on my network. It immediately broke my email server, since I don't have reverse IPV6 PTR records associated with the new global addresses. The big players flat out reject email from servers without reverse IPV6 pointers.

    Ok, fine, *but* then my ISP (they're craptastic) could not provide the necessary reverse IPV6 PTR when I asked them to do so, despite the fact that they are among the many organizations that require it. Tech support claims that they are "working on the issue", and thoughtfully handed out a ticket to nowhere. I fixed the problem by disabling IPV6 on the affected server. What else is broken? I dunno yet...