turbine2
Posts: 45
Joined: Thu Dec 06, 2012 11:21 am

Migrating from IPv4 server to IPv6

Tue May 22, 2018 2:45 pm

Good afternoon everyone,
Currently I have a pair of PIs set up as a primary and fail-over providing DHCP (isc-dhcp-server) and DNS (Bind9) for IPv4. Other PIs on the network provide other services (external domain mail, website, that sort of thing). That all works great but I want to migrate over to IPv6 and learn about it in the process. The problem I'm having is that the knowledge I'm getting on IPv6 is fragmented and, in a lot of cases contradictory.

I know my ISP provides IPv6 addresses, so that's a good start. I also know that other computers on my network are using IPv6 (specifically, a couple of windows machines). I also know how to enable IPv6 on the PI. Just about everything in my home network is wired, the only exception being phones, tablets and kindles but I'm not worried about them.

This is where my troubles start. Bind is set up to provide DNS for my home network and as a caching DNS server for internet requests. The home network DNS is configured with forward and reverse configuration files that I can marry up with my DHCP server reserved address configuration. For IPv6 though I don't set those addresses and, from what I can see, I shouldn't (they should be from my ISP), except for guides that tell me I should.

I'll want my PIs to do mail and web services, as well as providing DNS caching for external sites, but I'm stuck on how to do that. I /think/ I can stick the PIs that do mail and web services in the DNS record for my domain, but that feels to me like I'm fully exposing them to the internet at large rather than firewalling them at the router which then risks exposing my home network (again, I could be wrong about this).

What guides are recommended or have I completely confused what I'm trying to do?
David

User avatar
DougieLawson
Posts: 33796
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website

Re: Migrating from IPv4 server to IPv6

Tue May 22, 2018 7:02 pm

Enable radvd or dhcpv6 on your router and your Raspberry will get a IPv6 address.

It's got some already that you'll see with an ip -6 addr command.

Code: Select all

[email protected]:~ $ ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
3: wlxb827eb698d91: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2002:xxxx:xxxx:xxxx:ba27:ebff:fe69:8d91/64 scope global mngtmpaddr noprefixroute dynamic
       valid_lft 300sec preferred_lft 120sec
    inet6 fe80::ba27:ebff:fe69:8d91/64 scope link
       valid_lft forever preferred_lft forever
[email protected]:~ $
Any address in the range 2000::/3 (that's 2000 to 2E00 inclusive) is a globally unique public address. As soon as you get that working you need to configure a firewall on your RPi.
Microprocessor, Raspberry Pi & Arduino Hacker
Mainframe database troubleshooter
MQTT Evangelist
Twitter: @DougieLawson

2012-18: 1B*5, 2B*2, B+, A+, Z, ZW, 3Bs*3, 3B+

Any DMs sent on Twitter will be answered next month.

turbine2
Posts: 45
Joined: Thu Dec 06, 2012 11:21 am

Re: Migrating from IPv4 server to IPv6

Wed May 23, 2018 10:44 am

Hi Dougie (a fellow Basingstoke user, yay)

That's great, but if I'm going to be getting IPv6 addresses then I'm going to want to be in control of them so I can set the reservations and update my Bind9 configuration with them. For IPv4 I can do that with ids-dchp-server (which I believe can be an IPv6 DHCP server too) but what address range do I use (the equivalent of 192.168.x.x or 10.x.x.x for IPv6 or something else)? Then comes the question on NAT which I understand isn't used for IPv6; I guess if I go with the ISP / router assigned IPv6 address then it will be contactable and I can stick a firewall on it, but then we're back into to the issue of my not having control over the reservation.

David
David

User avatar
DougieLawson
Posts: 33796
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website

Re: Migrating from IPv4 server to IPv6

Wed May 23, 2018 7:41 pm

My IPv6 is a 6to4 tunnel (as Plusnet don't do native IPv6, unlike BT & Sky who do).
I use my globally unique 6to4 address which is a /64 prefix. 6to4 is quite interesting as it's 2002:ipip:ipip:nnnn where ipip:ipip is your 32-bit IPv4 address in hex and nnnn is a randomly assigned 16-bit subnet.

I'm running a local bind9 server which dishes out A and AAAA addresses. You can ALWAYS use FD00:aaaa:aaaa:aaaa::/64 where aaaa:aaaa:aaaa is a random 48-bit number even if you don't have a globally unique public prefix. The FD00::/16 block is like the 192.168.xxx.xxx block without the level of pain that the FE00::/16 block carries with it (FE00::/16 addresses need to be targetted to a specific interface).

Here's an example of the stuff in my main zone file

Code: Select all

$ORIGIN .
$TTL 259200     ; 3 days
example.bogus    IN SOA  ns.example.bogus. hostmaster.example.bogus. (
                                201805231  ; serial
                                28800      ; refresh (8 hours)
                                7200       ; retry (2 hours)
                                2419200    ; expire (4 weeks)
                                86400      ; minimum (1 day)
                                )

                        NS      ns.example.bogus.
                        MX      10 mail.example.bogus.
                        TXT     "example.bogus, your DNS consultants"
$ORIGIN example.bogus.
apollo                  A       192.168.3.1
                        MX      10 mail
;                       AAAA    fd00:aaaa:bbbb:cccc:ba27:ebff:fe85:c936
                        AAAA    2002:bbbb:cccc:dddd:ba27:ebff:fe85:c936
raspberrypi                A       192.168.3.14
                        MX      05 raspberrypi
                        MX      10 mail
;                       AAAA    fd00:aaaa:bbbb:cccc:ba27:ebff:fe21:f0fc
                        AAAA    2002:bbbb:cccc:dddd:ba27:ebff:fe21:f0fc
My reverse zone (IPv4)

Code: Select all

$TTL 3D
$ORIGIN 1.1.10.in-addr.arpa.
@ IN  SOA apollo.example.bogus. dougie.apollo.example.bogus. (
                                201805231    ; Serial
                                8H   ; Refresh
                                3H    ; Retry
                                4W  ; Expire
                                1D)  ; Minimum TTL

   NS  example.bogus.
1              IN  PTR   apollo.example.bogus.
14             IN  PTR   raspberrypi.example.bogus.
My reverse zone (IPv6)

Code: Select all

;
; Zone file built with the IPv6 Reverse DNS zone builder
; http://rdns6.com/
;
$TTL 1h ; Default TTL
; 2002:bbbb:cccc:dddd:ba27:ebff:fe85:c936
$ORIGIN d.d.d.d.c.c.c.c.b.b.b.b.2.0.0.2.ip6.arpa.
@       IN      SOA     example.bogus.   hostmaster.example.bogus. (
        201805231       ; serial
        1h              ; slave refresh interval
        15m             ; slave retry interval
        1w              ; slave copy expire time
        1h              ; NXDOMAIN cache time
        )

@       IN      NS      example.bogus.

; IPv6 PTR entries
;
; 2002:bbbb:cccc:dddd:ba27:ebff:fe85:c936
6.3.9.c.5.8.e.f.f.f.b.e.7.2.a.b IN    PTR    apollo.example.bogus.
;
; 2002:bbbb:cccc:dddd:ba27:ebff:fe21:f0fc
c.f.0.f.1.2.e.f.f.f.b.e.7.2.a.b IN    PTR    raspberrypi.example.bogus.
;
BTW, folks from Basingstoke, Winchester, Andover and So'ton Pi Interest Group (SWABPiIG) meet in the Roebuck PH, Stockbridge Lane, Winchester on the second Wednesday each month. I'm planning to be there on Wed 13th June @ 20:00.
Microprocessor, Raspberry Pi & Arduino Hacker
Mainframe database troubleshooter
MQTT Evangelist
Twitter: @DougieLawson

2012-18: 1B*5, 2B*2, B+, A+, Z, ZW, 3Bs*3, 3B+

Any DMs sent on Twitter will be answered next month.

turbine2
Posts: 45
Joined: Thu Dec 06, 2012 11:21 am

Re: Migrating from IPv4 server to IPv6

Fri May 25, 2018 12:06 pm

Okay, I think I get it now. I'll have a play with ISC-DHCP-SERVER on another box and see what I can create.

I've noticed that the sky route does have an IPv6 firewall, so that's a start. It's also got an IPv6 DHCP server which I'll have to disable first.

Looks like sky addresses start 2a02:c7f: on either a /64 or /56 block. All my network devices have picked up one of those addresses, along with the fe80: local link address. The other address they pick up are fd8a: ones, which I guess are from the Sky router's DHCP server.

Thanks for the pointers.

David
David

User avatar
DougieLawson
Posts: 33796
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website

Re: Migrating from IPv4 server to IPv6

Fri May 25, 2018 1:40 pm

Use dsnmasq rather than isc-dhcp-server if possible as it's an order of magnitude easier.

The 2A02::/16 block is globally unique
The FD8A::/8 block is unique local https://en.wikipedia.org/wiki/Unique_local_address
Microprocessor, Raspberry Pi & Arduino Hacker
Mainframe database troubleshooter
MQTT Evangelist
Twitter: @DougieLawson

2012-18: 1B*5, 2B*2, B+, A+, Z, ZW, 3Bs*3, 3B+

Any DMs sent on Twitter will be answered next month.

Return to “Networking and servers”

Who is online

Users browsing this forum: No registered users and 3 guests