On Monday 17 June 2019 10:54:19 am Dan Ritter wrote: > Gene Heskett wrote: > > But that opens yet another container of worms. If I arbitrarily > > assign ipv6 local addresses, and later, ipv6 shows up at my side of > > the router, what if I have an address clash with someone on a > > satellite circuit in Ulan Bator. How is that resolved, by > > unroutable address blocks such as 192.168.xx.xx is now? > > Sort of. > > IPv6 has a concept of "scope" that says: this address space is > purely local. This address space is global. This address space > is for a link. > > If you fire up 'ip -6 address' on a stock Debian machine with > IPv6 enabled (which is the default these days), you will see > something like this: > > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1 > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever > > 3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen > 1000 > inet6 2001:570:1c07:ff7:d63d:7eff:fe93:e318/64 scope > global > valid_lft forever preferred_lft forever > inet6 fe80::a2d3:c1ff:ce24:b122/64 scope link > valid_lft forever preferred_lft forever > > Your loopback interface has one address with scope host: it's only on > this machine. The eth0 has two addresses: one is scope global, > and can be used for routing to your machine from the outside > world, and one is scope link, and should only be used to talk to > your local network. IPv6 routers should never forward those > packets. > > If you don't get an address block from your ISP, you won't have > a scope global address. > > > What I've read so far has not addressed this serious security > > concern. Or even mentioned it. If in the future all addressing is > > by dhcpd6, how do the other machines on my local net, advertise > > their presence to the other machines on my local net. So I can still > > ssh -Y vna.coyote.den for instance, if I can ever make ssh work to a > > win-10-home edition box. Thats a rarely used hookup at best. > > Presently the hosts file duplicated on all machines fill's this > > requirement. > > Most IPv6 boxes don't use dhcpd6; they use SLAAC: stateless > automatic address configuration. But you're asking about local > naming, and that's done the same way on IPv4 and 6: zeroconf, > aka Rendezvous, Bonjour or Avahi. > > Try (installing avahi-utils if needed)_ avahi-browse-domains -a > > -dsr-
Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis Genes Web page <http://geneslinuxbox.net:6309/gene>