Re: Wildcards in reverse DNS - DNS

This is a discussion on Re: Wildcards in reverse DNS - DNS ; I should add that you need those also for subdomains leading up to f.e.e.b and d.a.e.d: $ORIGIN 4.c.f.f.8.d.6.1.1.0.0.2.ip6.arpa. * IN PTR out-of-bounds.ipv6.cmd.nu. *.b IN PTR out-of-bounds.ipv6.cmd.nu. *.e.b IN PTR out-of-bounds.ipv6.cmd.nu. *.e.e.b IN PTR out-of-bounds.ipv6.cmd.nu. *.d IN PTR out-of-bounds.ipv6.cmd.nu. *.e.d IN ...

+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 27

Thread: Re: Wildcards in reverse DNS

  1. Re: Wildcards in reverse DNS

    I should add that you need those also for subdomains leading up to
    f.e.e.b and d.a.e.d:

    $ORIGIN 4.c.f.f.8.d.6.1.1.0.0.2.ip6.arpa.
    * IN PTR out-of-bounds.ipv6.cmd.nu.
    *.b IN PTR out-of-bounds.ipv6.cmd.nu.
    *.e.b IN PTR out-of-bounds.ipv6.cmd.nu.
    *.e.e.b IN PTR out-of-bounds.ipv6.cmd.nu.
    *.d IN PTR out-of-bounds.ipv6.cmd.nu.
    *.e.d IN PTR out-of-bounds.ipv6.cmd.nu.
    *.a.e.d IN PTR out-of-bounds.ipv6.cmd.nu.

    If you want to worry about all the little subdomains, then you need to
    add the following:

    $ORIGIN 4.c.f.f.8.d.6.1.1.0.0.2.ip6.arpa.

    b IN PTR out-of-bounds.ipv6.cmd.nu.
    d IN PTR out-of-bounds.ipv6.cmd.nu.

    $ORIGIN f.e.e.b.4.c.f.f.8.d.6.1.1.0.0.2.ip6.arpa.

    0 IN PTR not-active.ipv6.cmd.nu.
    2 IN PTR not-active.ipv6.cmd.nu.
    0.0 IN PTR not-active.ipv6.cmd.nu.
    2.0 IN PTR not-active.ipv6.cmd.nu.
    e.2 IN PTR not-active.ipv6.cmd.nu.
    ....

    $ORIGIN d.a.e.d.4.c.f.f.8.d.6.1.1.0.0.2.ip6.arpa.

    0 IN PTR tunnel.ipv6.cmd.nu.
    0.0 IN PTR tunnel.ipv6.cmd.nu.
    ....

    --
    Joe Yao
    -----------------------------------------------------------------------
    This message is not an official statement of OSIS Center policies.



  2. Re: Wildcards in reverse DNS

    I am curious, why are you using ipv6 in the first place? Aside from it's
    eye appearance (I frankly find it difiuclt to make any sence of show
    it's structured, where as ipv4 a.b.c.d is so easy to understand), why
    would anyone want to use it? I really am curious.

    Joseph S D Yao wrote:
    > I should add that you need those also for subdomains leading up to
    > f.e.e.b and d.a.e.d:
    >
    > $ORIGIN 4.c.f.f.8.d.6.1.1.0.0.2.ip6.arpa.
    > * IN PTR out-of-bounds.ipv6.cmd.nu.
    > *.b IN PTR out-of-bounds.ipv6.cmd.nu.
    > *.e.b IN PTR out-of-bounds.ipv6.cmd.nu.
    > *.e.e.b IN PTR out-of-bounds.ipv6.cmd.nu.
    > *.d IN PTR out-of-bounds.ipv6.cmd.nu.
    > *.e.d IN PTR out-of-bounds.ipv6.cmd.nu.
    > *.a.e.d IN PTR out-of-bounds.ipv6.cmd.nu.
    >
    > If you want to worry about all the little subdomains, then you need to
    > add the following:
    >
    > $ORIGIN 4.c.f.f.8.d.6.1.1.0.0.2.ip6.arpa.
    >
    > b IN PTR out-of-bounds.ipv6.cmd.nu.
    > d IN PTR out-of-bounds.ipv6.cmd.nu.
    >
    > $ORIGIN f.e.e.b.4.c.f.f.8.d.6.1.1.0.0.2.ip6.arpa.
    >
    > 0 IN PTR not-active.ipv6.cmd.nu.
    > 2 IN PTR not-active.ipv6.cmd.nu.
    > 0.0 IN PTR not-active.ipv6.cmd.nu.
    > 2.0 IN PTR not-active.ipv6.cmd.nu.
    > e.2 IN PTR not-active.ipv6.cmd.nu.
    > ....
    >
    > $ORIGIN d.a.e.d.4.c.f.f.8.d.6.1.1.0.0.2.ip6.arpa.
    >
    > 0 IN PTR tunnel.ipv6.cmd.nu.
    > 0.0 IN PTR tunnel.ipv6.cmd.nu.
    > ....
    >
    > --
    > Joe Yao
    > -----------------------------------------------------------------------
    > This message is not an official statement of OSIS Center policies.





  3. Re: Wildcards in reverse DNS

    On Thu, 2007-01-04 at 02:18 -0800, Steve K. wrote:
    > I am curious, why are you using ipv6 in the first place? Aside from it's
    > eye appearance (I frankly find it difiuclt to make any sence of show
    > it's structured, where as ipv4 a.b.c.d is so easy to understand), why
    > would anyone want to use it? I really am curious.


    Address space exhaustion is the global warming of the Internet. Nobody
    *really* believes it's coming, but it is. There are various short term
    strategies, like NAT, that alleviate the symptoms but do not actually
    fix the problem.

    IPv6 fixes quite a few problems that plague the Internet - it delivers
    automatic addressing for smaller networks, almost automatic addressing
    for larger networks, automatic renumbering, much more efficient ways of
    finding servers, no more broadcasts, finer grained control of
    subnetting, way better route aggregation, faster processing due to a
    simplified header...

    As to how it's structured in the DNS, it's *exactly the same* as IPv4,
    with obvious exceptions:

    - the entries are longer because the addresses are bigger

    - it's hex, not decimal (about time!)

    - addresses are divided on nibble boundaries instead of byte boundaries

    - reverse lookups are in "ip6.arpa" instead of "in-addr.arpa".

    Get into it. Or you'll be sitting on top of your house waiting for the
    coastguard while the rest of us enjoy our lovely new ocean views.

    Regards, K.

    --
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
    Karl Auer (kauer@biplane.com.au) +61-2-64957160 (h)
    http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)



  4. Re: Wildcards in reverse DNS

    At 2:18 -0800 1/4/07, Steve K. wrote:
    >I am curious, why are you using ipv6 in the first place? Aside from it's
    >eye appearance (I frankly find it difiuclt to make any sence of show
    >it's structured, where as ipv4 a.b.c.d is so easy to understand), why
    >would anyone want to use it? I really am curious.


    This really isn't the forum for this question.

    There's another answer out there already that I would could be
    simplified that IPv6 is just 96 more bits in address space. A lot of
    the innovations introduced for IPv6 have already been rolled back
    into IPv4 (like IPSEC), and there are band-aids like NAT that
    alleviate other shortcomings.

    IPv4 won't allow the Internet to grow to a global scale. (Contrary
    to reports, the Internet still has a lot of growth left.) IPv6
    removes the address depletion factor.

    OTOH, whether IPv6 is still the answer (it was selected to replace
    IPv4 about 10 years ago) is something I question. Route table
    capacity issues dog the technology and are the primary reason holding
    it back.

    So far, the dancing KAME turtle has been the only thing available on
    IPv6 that is not available on IPv4. If a dancing turtle couldn't
    make IPv6 popular, what can?

    --
    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Edward Lewis +1-571-434-5468
    NeuStar

    Dessert - aka Service Pack 1 for lunch.



  5. Re: Wildcards in reverse DNS

    I just recently attended an ipV6 seminar that touted the great
    benefits and speed increase in ipV6. I remained critical during the
    entire seminar. What it essentially boiled down to is the city is
    getting ready to crank up a city wide wireless network using ipV6.
    Great for the city. But if we are an island in the middle of all ipv4
    routers, all the traffic has to be encapsulated in ipv4 packets.
    Hence all speed increases are null because everything suddenly becomes
    ipv4 instead of ipv6. I think the main reason they went with ipv6 was
    because of the availibility of ipv4 addresses. Although NATING would
    handle the issue quite well. I wouldnt think that every device would
    need a public ip. Also IPv4 addresses were handed out quite willy
    nilly. Some institutions own huge blocks of addresses and dont use
    them. I have 3 class C's and only use a fraction of them. But, I
    wont give them up. Although my ISP is really eager for me to give
    some up. If the internet continues to grow, IPv6 will just be a
    stopgap measure. Those addresses are not infinite.

    ddh


    Quoting Edward Lewis :

    > At 2:18 -0800 1/4/07, Steve K. wrote:
    >> I am curious, why are you using ipv6 in the first place? Aside from it's
    >> eye appearance (I frankly find it difiuclt to make any sence of show
    >> it's structured, where as ipv4 a.b.c.d is so easy to understand), why
    >> would anyone want to use it? I really am curious.

    >
    > This really isn't the forum for this question.
    >
    > There's another answer out there already that I would could be
    > simplified that IPv6 is just 96 more bits in address space. A lot of
    > the innovations introduced for IPv6 have already been rolled back
    > into IPv4 (like IPSEC), and there are band-aids like NAT that
    > alleviate other shortcomings.
    >
    > IPv4 won't allow the Internet to grow to a global scale. (Contrary
    > to reports, the Internet still has a lot of growth left.) IPv6
    > removes the address depletion factor.
    >
    > OTOH, whether IPv6 is still the answer (it was selected to replace
    > IPv4 about 10 years ago) is something I question. Route table
    > capacity issues dog the technology and are the primary reason holding
    > it back.
    >
    > So far, the dancing KAME turtle has been the only thing available on
    > IPv6 that is not available on IPv4. If a dancing turtle couldn't
    > make IPv6 popular, what can?
    >
    > --
    > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
    > Edward Lewis +1-571-434-5468
    > NeuStar
    >
    > Dessert - aka Service Pack 1 for lunch.
    >
    >
    >




    --
    Dwayne Hottinger
    Network Administrator
    Harrisonburg City Public Schools



  6. Re: Wildcards in reverse DNS

    On Thu, 2007-01-04 at 08:25 -0500, dhottinger@harrisonburg.k12.va.us
    wrote:
    > Great for the city. But if we are an island in the middle of all ipv4
    > routers, all the traffic has to be encapsulated in ipv4 packets.
    > Hence all speed increases are null because everything suddenly becomes
    > ipv4 instead of ipv6.


    The islands will join up. It's a chicken and egg thing. IPv4 started out
    as islands too, don't forget, and it had competition from many other
    protocols, whereas IPv6 has competition really only from IPv4.

    People can win a lot from IPv6 without having IPv6 connectivity to the
    Internet. Autoaddressing, IPSEC, no broadcasts, VAST private address
    space, etc.

    > I think the main reason they went with ipv6 was
    > because of the availibility of ipv4 addresses. Although NATING would
    > handle the issue quite well.


    NAT is a Bad Thing for the Internet. It is a classic
    treat-the-symptom-not-the-disease response, and while it has saved our
    bacon for now, the waters are still rising...

    > I wouldnt think that every device would need a public ip.


    Even quite small organisations are running out of *private* address
    space. IPv6 delivers a vast amount of private address space too...

    Don't fall for what Richard Dawkins calls the Argument from Personal
    Incredulity. The fact that you don't see it, don't get it, don't
    understand it, don't believe it, don't want it or don't need it doesn't
    prove anything. We cannot imagine what things the future will dream up
    to do with almost unlimited address space.

    > Also IPv4 addresses were handed out quite willy
    > nilly. Some institutions own huge blocks of addresses and dont use
    > them. I have 3 class C's and only use a fraction of them. But, I
    > wont give them up.


    That's the problem, thanks for being part of it. There are people
    sitting on largely empty /8 (!) and /16 networks who won't give them up
    either.

    > Although my ISP is really eager for me to give
    > some up. If the internet continues to grow, IPv6 will just be a
    > stopgap measure. Those addresses are not infinite.


    No, and there are already disturbing signs both of incompetence in
    applying for stupidly large spaces and worse, of incompetence in
    allocating stupidly large spaces. And of outright land-grabbing. The US
    Government, for example, wanted an IPv6 /8 network. All for itself.

    We will need to be *extremely* profligate with addresses to put a dent
    in that vast address space. Sadly some people are already being
    extremely profligate.

    Regards, K.

    --
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
    Karl Auer (kauer@biplane.com.au) +61-2-64957160 (h)
    http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)



  7. Re: Wildcards in reverse DNS

    At 8:25 -0500 1/4/07, dhottinger@harrisonburg.k12.va.us wrote:
    >I just recently attended an ipV6 seminar that touted the great
    >benefits and speed increase in ipV6. I remained critical during the


    Don't hold the touting against the technology. IMHO, IPv6 zealots
    oversell and over hype the technology. The raised expectations
    either will be missed or seen as 21st century snake oil.

    Faster? Did they also say it whitens your teeth too?

    Faster is quirky - I've seen that used to over hype everything. IPv6
    could make your network faster in part because is may require you to
    buy all new equipment.

    My message is - don't let the "touts" get you down or against the
    technology. Staying skeptical is a good thing until it raises your
    blood pressure.

    >entire seminar. What it essentially boiled down to is the city is
    >getting ready to crank up a city wide wireless network using ipV6.
    >Great for the city. But if we are an island in the middle of all ipv4
    >routers, all the traffic has to be encapsulated in ipv4 packets.
    >Hence all speed increases are null because everything suddenly becomes
    >ipv4 instead of ipv6. I think the main reason they went with ipv6 was
    >because of the availibility of ipv4 addresses. Although NATING would
    >handle the issue quite well. I wouldnt think that every device would
    >need a public ip. Also IPv4 addresses were handed out quite willy
    >nilly. Some institutions own huge blocks of addresses and dont use
    >them. I have 3 class C's and only use a fraction of them. But, I
    >wont give them up. Although my ISP is really eager for me to give
    >some up. If the internet continues to grow, IPv6 will just be a
    >stopgap measure. Those addresses are not infinite.


    Keep in mind that one reason to move to IPv6 is to reach out to those
    that can't get IPv4 addresses, they exist even if some organizations
    are "hoarding" them.

    It's not clear what interfaces will have public IP addresses (meaning
    fully routable) in the future. NAT does complicate protocol design
    and can mess with security; a NAT box is one more thing that can fail
    out in the network beyond your reach. (NAT is a band aid, it helps
    but it isn't a permanent solution.)

    Don't dis IPv6, it's just a technology, it's not a cultural invasion.

    --
    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Edward Lewis +1-571-434-5468
    NeuStar

    Dessert - aka Service Pack 1 for lunch.



  8. Re: Wildcards in reverse DNS

    Actually I want to give up all but one of my Class C's, but management
    wont let me. So, hence I am part of the problem, but not by my own
    doing. I inherited most of what I have, and although it works quite
    well there are several things Im working on changing that being one.
    I agree that ipv6 has quite a few good things, but I am not quite sure
    it is the answer to the problem. I think the US goverment has already
    implemented ipv6, they use it extensively for troop communications in
    IRAQ. Yea, chicken and egg. But with quite a bit of cost associated
    with it. Which is why Im taking a wait and see approach. As I remove
    equipment and install new, the new will be ipv6 compat. I know its
    coming. No way around it.

    Quoting Karl Auer :

    > On Thu, 2007-01-04 at 08:25 -0500, dhottinger@harrisonburg.k12.va.us
    > wrote:
    >> Great for the city. But if we are an island in the middle of all ipv4
    >> routers, all the traffic has to be encapsulated in ipv4 packets.
    >> Hence all speed increases are null because everything suddenly becomes
    >> ipv4 instead of ipv6.

    >
    > The islands will join up. It's a chicken and egg thing. IPv4 started out
    > as islands too, don't forget, and it had competition from many other
    > protocols, whereas IPv6 has competition really only from IPv4.
    >
    > People can win a lot from IPv6 without having IPv6 connectivity to the
    > Internet. Autoaddressing, IPSEC, no broadcasts, VAST private address
    > space, etc.
    >
    >> I think the main reason they went with ipv6 was
    >> because of the availibility of ipv4 addresses. Although NATING would
    >> handle the issue quite well.

    >
    > NAT is a Bad Thing for the Internet. It is a classic
    > treat-the-symptom-not-the-disease response, and while it has saved our
    > bacon for now, the waters are still rising...
    >
    >> I wouldnt think that every device would need a public ip.

    >
    > Even quite small organisations are running out of *private* address
    > space. IPv6 delivers a vast amount of private address space too...
    >
    > Don't fall for what Richard Dawkins calls the Argument from Personal
    > Incredulity. The fact that you don't see it, don't get it, don't
    > understand it, don't believe it, don't want it or don't need it doesn't
    > prove anything. We cannot imagine what things the future will dream up
    > to do with almost unlimited address space.
    >
    >> Also IPv4 addresses were handed out quite willy
    >> nilly. Some institutions own huge blocks of addresses and dont use
    >> them. I have 3 class C's and only use a fraction of them. But, I
    >> wont give them up.

    >
    > That's the problem, thanks for being part of it. There are people
    > sitting on largely empty /8 (!) and /16 networks who won't give them up
    > either.
    >
    >> Although my ISP is really eager for me to give
    >> some up. If the internet continues to grow, IPv6 will just be a
    >> stopgap measure. Those addresses are not infinite.

    >
    > No, and there are already disturbing signs both of incompetence in
    > applying for stupidly large spaces and worse, of incompetence in
    > allocating stupidly large spaces. And of outright land-grabbing. The US
    > Government, for example, wanted an IPv6 /8 network. All for itself.
    >
    > We will need to be *extremely* profligate with addresses to put a dent
    > in that vast address space. Sadly some people are already being
    > extremely profligate.
    >
    > Regards, K.
    >
    > --
    > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
    > Karl Auer (kauer@biplane.com.au) +61-2-64957160 (h)
    > http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)
    >
    >
    >




    --
    Dwayne Hottinger
    Network Administrator
    Harrisonburg City Public Schools



  9. Re: Wildcards in reverse DNS

    On Thu, Jan 04, 2007 at 08:25:00AM -0500, dhottinger@harrisonburg.k12.va.us wrote:
    > Hence all speed increases are null because everything suddenly becomes
    > ipv4 instead of ipv6.


    IPv6 is not going to increase speed. Who sells IPv6 because it's
    faster did miss something.

    Greetings
    Marc

    --
    -----------------------------------------------------------------------------
    Marc Haber | "I don't trust Computers. They | Mailadresse im Header
    Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
    Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835



  10. Re: Wildcards in reverse DNS

    Karl Auer wrote:
    > On Thu, 2007-01-04 at 08:25 -0500, dhottinger@harrisonburg.k12.va.us
    > wrote:
    >> Great for the city. But if we are an island in the middle of all
    >> ipv4 routers, all the traffic has to be encapsulated in ipv4 packets.
    >> Hence all speed increases are null because everything suddenly
    >> becomes ipv4 instead of ipv6.

    >
    > The islands will join up. It's a chicken and egg thing. IPv4 started
    > out as islands too, don't forget, and it had competition from many
    > other protocols, whereas IPv6 has competition really only from IPv4.
    >
    > People can win a lot from IPv6 without having IPv6 connectivity to the
    > Internet. Autoaddressing, IPSEC, no broadcasts, VAST private address
    > space, etc.


    But what's the point of using it on a Private LAN? It just adds
    confusion and lack of clarity. Not to mention for privat subnets, it'll
    just be overkill. What's wrong with using 10.0.0.0 or 192.168.0.0 or any
    other private subnet?

    I find that the *appearance* of an IPv6 address is confusing in and of
    it self. It actually look like an IPX address (maybe a cross between an
    IPX address and a MAC address.) Don't get me wrong, I like HEX, but I
    think it's nto such a good idea to change such a basic idiom... sice
    TCP/IP came out, people have used DEC octets, any one wh oworks with
    networks thinks DEC when thinking of IP addresses... I'd imagine IPv6
    turns that way of thinking inside out and upside down.

    Wouldn't it be better to have a better solution that could be somewhat
    compatible with IPv4 so we don't have to get used to something so
    radically different?

    >> I think the main reason they went with ipv6 was
    >> because of the availibility of ipv4 addresses. Although NATING would
    >> handle the issue quite well.

    >
    > NAT is a Bad Thing for the Internet. It is a classic
    > treat-the-symptom-not-the-disease response, and while it has saved our
    > bacon for now, the waters are still rising...


    I disagree. If you think NAT is bad then you don't know how to properly
    use one. For home and busienss LANs, you can have one IP and share it
    among the whole LAN? How is this a BAD thing? It's a money saver. I
    suppose that's a BAD thing too.

    >> I wouldnt think that every device would need a public ip.

    >
    > Even quite small organisations are running out of *private* address
    > space. IPv6 delivers a vast amount of private address space too...


    Then they have the wrong class (or length) subnet. I dare you find a
    small organization using a private 10.0.0.0 subnet and is running out of
    them.

    > Don't fall for what Richard Dawkins calls the Argument from Personal
    > Incredulity. The fact that you don't see it, don't get it, don't
    > understand it, don't believe it, down't want it or don't need it
    > doesn't prove anything.


    Thats exactly what you're doing with NAT, while ignoring it's obvious
    benefits.

    > We cannot imagine what things the future will
    > dream up to do with almost unlimited address space.


    I don't deny it, just probably not with IPv6 as we know it.


    >> Also IPv4 addresses were handed out quite willy
    >> nilly. Some institutions own huge blocks of addresses and dont use
    >> them. I have 3 class C's and only use a fraction of them. But, I
    >> wont give them up.

    >
    > That's the problem, thanks for being part of it. There are people
    > sitting on largely empty /8 (!) and /16 networks who won't give them
    > up either.


    Sooner or later they will probably need to give part of them up.

    You're also forgetting that private space is completely seperate form
    public (Internet) space. Most large chuncks of network space are used by
    ISPs, and hosting companies. Private addresses are only visible to the
    private network. Anyone can sue thme on their own networks. IE,
    192.168.0.0 or 10.0.0.0 can and are used on man MANY private networks.

    >> Although my ISP is really eager for me to give
    >> some up. If the internet continues to grow, IPv6 will just be a
    >> stopgap measure. Those addresses are not infinite.

    >
    > No, and there are already disturbing signs both of incompetence in
    > applying for stupidly large spaces and worse, of incompetence in
    > allocating stupidly large spaces. And of outright land-grabbing. The
    > US Government, for example, wanted an IPv6 /8 network. All for itself.


    How the hell do you eve ndefine how big an IPv6 /8 network is? Deos it
    equate to an IPv4 /8 or is it everything up to the last octet? The way
    IPv6, it's eanything but clear and this is one of the many problems that
    seems to be stiffling IPv6 and why most just don't use it.

    > We will need to be *extremely* profligate with addresses to put a dent
    > in that vast address space. Sadly some people are already being
    > extremely profligate.


    You you don't think any of it at all is at least partly do to the
    inherently confusing nature of IPv6? (At least when compared to IPv4.)




  11. Re: Wildcards in reverse DNS

    On Fri, 2007-01-05 at 10:05 +1100, Karl Auer wrote:
    > The short answer is that it works exactly as it does in IPv4, just with
    > way bigger addresses. A /8 in IPv4 has 24 bits of addresses, with an
    > 8-bit prefix. A /8 in IPv6 has 56 bits of addresses, also with an 8-bit
    > prefix. The address space can be further subnetted of course, just like
    > IPv4 address space.


    Er, obviously I meant "a /8 in IPv6 has 120 bits of addresses"! I've
    been puddling around in 64-bit subnets too long :-)

    Regards, K.

    --
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
    Karl Auer (kauer@biplane.com.au) +61-2-64957160 (h)
    http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)



  12. Re: Wildcards in reverse DNS

    > On Thu, Jan 04, 2007 at 02:24:11PM -0800, Clenna Lumina wrote:
    > > Mark Andrews wrote:
    > > > For those of you who think NAT's are great try connecting
    > > > to a port forwarded service from behind a NAT. I've yet
    > > > to see a NAT box do this right. The NAT box should be
    > > > able to loop the traffic around. Instead we are forced
    > > > to kludge solutions to this in the DNS.

    > >
    > > No, a *properly* behaving NAT should always allow looping
    > > back. If you are running a NAT that doesn't allow this,
    > > then it is broken. You cannot put down NAT just because
    > > of broken implimentations.

    >
    > Just show me how to do IPSEC AH via NAT. Or how to connect
    > to a service that does RFC1413 ident lookups and actually does
    > something with the returned value.


    My last company I worked for was running IPSEC (VPN, etc) through their
    (properly) NATed firewall without any problems. Again, this is a
    difference between poor implimentations and the concept your self.
    You're attacking the wrong one here.

    > Even trying to have a mail server HELO with the right host
    > name, regardless of whether the machine connected to is on the
    > internal or an external network, is a challenge if NAT is in
    > the game.


    I can't say I've ever seen that be a problem behind a NAT. The HELO is
    usually generated by the address of the server the connecitng mail
    server is trying to reach, so if it's generating a bad HELO, then thats
    the fault of the foreign mail server, which is likely not configured
    correctly to begin with.

    My personal mail server which sits behind my home NAT, has never faield
    to get a proper HELO from proper foreign hosts.

    > > > IPv6 is a significant step forward. It has enough address
    > > > space the every home can have it's own network with
    > > > global address for each device in the home if they want.

    > >
    > > Yes, but in order to use it you have to turn your network
    > > world as you sse it upside down, and for many it doesn't
    > > seem worth all that. I think many are just waiting for a
    > > much beter soution.

    >
    > IPv6 _IS_ this much better solution.


    It may be.

    Just to clear something up, when I said "turn your network world upside
    down" I mean in the way you think about IP addresses and the like, will
    be radically different. You can't tell me that
    11.22.33.44.55.66.77.88.99.AA.BB.CC.DD.EE.FF.00 is the same as typing
    out 111.222.333.444 , be it in geenral speak or entering into a conf
    file or passing along an IP to a friend for setting up a friendly
    private Quake match.

    Can you really tell me you can easily remember an address that long? I
    can remebmer a 4 section IP with out any trouble. Remembering an IPv6
    address might be possible, no doubt, but you'd likely have to known it
    rather well, and have a rather good memory.

    It's a whole you way of thinking about TCP/IP that going to be a rough
    adjustment for many and while I DO LIKE the advantages (roomy address
    space, using HEX, etc) of IPv6, I really do wish a solutuion could be
    devised to make such adjustments much more easiler.

    > > > There are lots of things you can do when you have a
    > > > globally routable IP address that you can't do from
    > > > behind a NAT.

    > >
    > > Name one. With properly configured NAT, I've not had one
    > > single problem routing things between various servers,
    > > no matter what they run.

    >
    > Then you have not tried a lot of things.
    >
    > > > Bring on IPv6.

    > >
    > > Bring on something better, and more compatible with IPv4,
    > > please.

    >
    > You're trying to be washed without getting wet. IPv4's
    > fundamental problem is too small address space. IPv6 is
    > simply just IP with longer addresses. And it is very compatible.
    >
    > This whole thread sounds like you're desperately trying to
    > find a problem for _your_ solution because you're afraid to
    > learn something new.


    I'm not afriad to try it. I *have* tried it already. I find the huge
    addresses to be rather big adjustment for someone who has spent all
    their life looking at 4 eight bit number seperated by periods. I didin't
    say it was impossible, however. Hell, I will probably end up enabling
    IPv6 on my home network to try to get a better feel for it.

    I just simply wish they didn't deviate so much in how an IP address
    looks like. Even if that's a cosmetic thing, I don't doubt most people
    are used to 123.123.123.123 and that a 16 section HEX string is no where
    near as elegant or easy to pass around (especially verbally) as you
    could with IPv4 addresses.

    While that's far from being the most important factor, I think that it
    does carry *SOME* importantance, as people would have to use them, look
    at them, enter them, etc. Entering 4 three digit numbers is a breeze.
    Entering 16 sets instead just wouldn't be the same, you know

    Actually a couple years ago, after hearing about IPv4 address slowly
    becoming scarce, I actually sort of invisioned IPv4 being expanded in a
    similar way telephone numbers were introduced into area codes (and
    country codes) to furthur divide things. What I envisioned then was
    anywhere for 1 to 4 extra sections (8 byte IPs.)

    When I first saw an IPv6, it immediately looked like over kill. Like I
    said, I will be trying it on my own local network to get a real feel for
    it. On this note, are there any good documents out ther that describe
    what the general conventations are for IPv6 IPs? FOr instance, in IPv4,
    192.168/16, 172.16/12, 10/8, are considered LAN-only IP blocks, 127/8
    being loopback block.




  13. Re: Wildcards in reverse DNS

    On Fri, Jan 05, 2007 at 10:31:23AM -0800, Clenna Lumina wrote:
    > > On Thu, Jan 04, 2007 at 02:24:11PM -0800, Clenna Lumina wrote:
    > > > Mark Andrews wrote:
    > > > > For those of you who think NAT's are great try connecting
    > > > > to a port forwarded service from behind a NAT. I've yet
    > > > > to see a NAT box do this right. The NAT box should be
    > > > > able to loop the traffic around. Instead we are forced
    > > > > to kludge solutions to this in the DNS.
    > > >
    > > > No, a *properly* behaving NAT should always allow looping
    > > > back. If you are running a NAT that doesn't allow this,
    > > > then it is broken. You cannot put down NAT just because
    > > > of broken implimentations.

    > >
    > > Just show me how to do IPSEC AH via NAT. Or how to connect
    > > to a service that does RFC1413 ident lookups and actually does
    > > something with the returned value.

    >
    > My last company I worked for was running IPSEC (VPN, etc) through their
    > (properly) NATed firewall without any problems.


    I guess that this was IPSEC tunnel mode. I specifically asked for
    IPSEC AH for a reason.

    > Again, this is a difference between poor implimentations and the
    > concept your self. You're attacking the wrong one here.


    I am obviously "attacking" somebody who considers herself able to
    judge things that she has not the necessary background knowledge
    about. "It just works for me" is not enough.

    > > Even trying to have a mail server HELO with the right host
    > > name, regardless of whether the machine connected to is on the
    > > internal or an external network, is a challenge if NAT is in
    > > the game.

    >
    > I can't say I've ever seen that be a problem behind a NAT.


    Then you need to be around the block a few more times.

    > The HELO is usually generated by the address of the server the
    > connecitng mail server is trying to reach,


    No. Please read the RFCs before you continue embarrassing yourself
    even more.

    > so if it's generating a bad HELO, then thats the fault of the foreign
    > mail server, which is likely not configured correctly to begin with.
    >
    > My personal mail server which sits behind my home NAT, has never faield
    > to get a proper HELO from proper foreign hosts.


    It's the connecting server who says HELO, not the server connected to.

    > Just to clear something up, when I said "turn your network world upside
    > down" I mean in the way you think about IP addresses and the like, will
    > be radically different. You can't tell me that
    > 11.22.33.44.55.66.77.88.99.AA.BB.CC.DD.EE.FF.00 is the same as typing
    > out 111.222.333.444 , be it in geenral speak or entering into a conf
    > file or passing along an IP to a friend for setting up a friendly
    > private Quake match.


    ::1 is even shorter than 127.0.0.1.

    and 2001:1b18:f:4::4/128 is not _that_ bad. Yes, that's an actually
    workin address.

    > Can you really tell me you can easily remember an address that long? I
    > can remebmer a 4 section IP with out any trouble. Remembering an IPv6
    > address might be possible, no doubt, but you'd likely have to known it
    > rather well, and have a rather good memory.


    If DNS is properly used, you don't need to remember IPv6 addresses.
    And, usually, you only need to remember the prefix anyway.

    > Actually a couple years ago, after hearing about IPv4 address slowly
    > becoming scarce, I actually sort of invisioned IPv4 being expanded in a
    > similar way telephone numbers were introduced into area codes (and
    > country codes) to furthur divide things. What I envisioned then was
    > anywhere for 1 to 4 extra sections (8 byte IPs.)


    Very good idea. Just another migration in ten years. I know people who
    have gone through four phone numbers in three different area codes in
    the last fifteen years.

    Geez, this is _one_ thing that we germans did right. No splits, no
    overlays. Only newly assigned numbers get longer. This is based on the
    convenient fact that our number length was never fixed in the first
    place, and we started making them longer long before the existing
    space was depleted so that we had ample _new_ number space to put into
    use which saved us from doing the splits.

    > When I first saw an IPv6, it immediately looked like over kill. Like I
    > said, I will be trying it on my own local network to get a real feel for
    > it. On this note, are there any good documents out ther that describe
    > what the general conventations are for IPv6 IPs? FOr instance, in IPv4,
    > 192.168/16, 172.16/12, 10/8, are considered LAN-only IP blocks, 127/8 being loopback block.


    http://en.wikipedia.org/wiki/Ipv6 seems pretty good to me.

    Greetings
    Mac

    --
    -----------------------------------------------------------------------------
    Marc Haber | "I don't trust Computers. They | Mailadresse im Header
    Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
    Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835



  14. Re: Wildcards in reverse DNS

    On Fri, Jan 05, 2007 at 09:42:35PM +0100, Marc Haber wrote:
    > On Fri, Jan 05, 2007 at 10:31:23AM -0800, Clenna Lumina wrote:
    > > My last company I worked for was running IPSEC (VPN, etc) through their
    > > (properly) NATed firewall without any problems.

    >
    > I guess that this was IPSEC tunnel mode. I specifically asked for
    > IPSEC AH for a reason.


    Additionally, even IPSEC in tunnel mode does not traverse NAT
    naturally. There is a number of (mutually incompatible) mechanisms to
    add NAT traversal to IPSEC (most of them using one or another kind of
    UDP encapsulation), but since these are not well standardized, these
    mechanisms are the main cause of the fact that IPSEC is a real pain to
    get running if both sides of the connection are not made by the same
    vendor.

    IPSEC was supposed to be interoperable in between vendors just as IPv4
    is. NAT has successfully broken this interoperability, and it has done
    so while successfully making things look like it's all IPSECs fault.

    Greetings
    Marc

    --
    -----------------------------------------------------------------------------
    Marc Haber | "I don't trust Computers. They | Mailadresse im Header
    Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
    Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835



  15. Re: Wildcards in reverse DNS

    Marc Haber wrote:
    > On Fri, Jan 05, 2007 at 10:31:23AM -0800, Clenna Lumina wrote:
    >>> On Thu, Jan 04, 2007 at 02:24:11PM -0800, Clenna Lumina wrote:
    >>>> Mark Andrews wrote:
    >>>>> For those of you who think NAT's are great try connecting
    >>>>> to a port forwarded service from behind a NAT. I've yet
    >>>>> to see a NAT box do this right. The NAT box should be
    >>>>> able to loop the traffic around. Instead we are forced
    >>>>> to kludge solutions to this in the DNS.
    >>>>
    >>>> No, a *properly* behaving NAT should always allow looping
    >>>> back. If you are running a NAT that doesn't allow this,
    >>>> then it is broken. You cannot put down NAT just because
    >>>> of broken implimentations.
    >>>
    >>> Just show me how to do IPSEC AH via NAT. Or how to connect
    >>> to a service that does RFC1413 ident lookups and actually does
    >>> something with the returned value.

    >>
    >> My last company I worked for was running IPSEC (VPN, etc) through
    >> their (properly) NATed firewall without any problems.

    >
    > I guess that this was IPSEC tunnel mode. I specifically asked for
    > IPSEC AH for a reason.


    AH (auth header), which can be part of an IPSEEC tunnel, does indeed
    choke on most NATs, but it IS possible to get it to work, if a bit
    tricky, and down right impossible on many forms of NAT.

    >> Again, this is a difference between poor implimentations and the
    >> concept your self. You're attacking the wrong one here.

    >
    > I am obviously "attacking" somebody who considers herself able to
    > judge things that she has not the necessary background knowledge
    > about. "It just works for me" is not enough.


    Yet you are free to make assertions which are not always right. My my so
    I'm not perfect. I never said I considered my self an ultimate authority
    on all things. I know I'm not perfect. (Btw, I'm not a she, and it's
    pronouned Clenn-aye (like a french sounding ending... just one of those
    really weird names that dont sound like they are spelt.)

    Furthur, I never claimed that if it was enough for me, ti was good
    enough for all. I was pointing out that deficiencies you and other point
    out in NAT are more do to poor implimentations than anything else, as
    with the right NAT (and configuration) you can make it do neearly
    anything you need.

    Stop trying to brand all of one thing as poor when you have various
    manufactures making completely defferent behaving versions.

    >>> Even trying to have a mail server HELO with the right host
    >>> name, regardless of whether the machine connected to is on the
    >>> internal or an external network, is a challenge if NAT is in
    >>> the game.

    >>
    >> I can't say I've ever seen that be a problem behind a NAT.

    >
    > Then you need to be around the block a few more times.


    Or maybe I've just been using properly configured NATs instead of broken
    or shoddy implimentations. Maybe I took the time to research and test
    several before finding one that actually did things properly. Can you
    say the same?

    >> The HELO is usually generated by the address of the server the
    >> connecitng mail server is trying to reach,

    >
    > No. Please read the RFCs before you continue embarrassing yourself
    > even more.



    I have read them before. I think you simply read what I wrote too
    quickly. Foreign mail server connects. Foreigh server says HELO
    remote-mail-host.domain.com, where remote-mail-host.domain.com IS being
    generated from this connecting foreign host. This is how it's always
    worked.

    >> so if it's generating a bad HELO, then thats the fault of the
    >> foreign mail server, which is likely not configured correctly to
    >> begin with.
    >>
    >> My personal mail server which sits behind my home NAT, has never
    >> failed to get a proper HELO from proper foreign hosts.

    >
    > It's the connecting server who says HELO, not the server connected to.


    That *is* what I said - s/foreign/connecting/

    " so if it's generating a bad HELO, then thats the fault of the
    foreign mail server "
    ^^^^^^^

    If you weren't so busy insulting everything I say you might have caught
    this one.

    >> Just to clear something up, when I said "turn your network world
    >> upside down" I mean in the way you think about IP addresses and
    >> the like, will be radically different. You can't tell me that
    >> 11.22.33.44.55.66.77.88.99.AA.BB.CC.DD.EE.FF.00 is the same as
    >> typing out 111.222.333.444 , be it in geenral speak or entering
    >> into a conf file or passing along an IP to a friend for setting up
    >> a friendly private Quake match.

    >
    >>> 1 is even shorter than 127.0.0.1.

    >
    > and 2001:1b18:f:4::4/128 is not _that_ bad. Yes, that's an actually
    > workin address.


    How does that equate to a full 16 octet IPv6 address? I'm not all the
    keen on all forms of IPv6 ips, but I've never seen it written like you
    have. If you can connect to an IP using a short hand like this (withotu
    breaking anything) that would be great. It's a new concept to get used
    to, but (if it pans out), a welcome one.

    If you could suggest a good page to look at that desribes these sorts of
    things, I would appreciate it.

    >> Can you really tell me you can easily remember an address that long?
    >> I can remebmer a 4 section IP with out any trouble. Remembering an
    >> IPv6 address might be possible, no doubt, but you'd likely have to
    >> known it rather well, and have a rather good memory.

    >
    > If DNS is properly used, you don't need to remember IPv6 addresses.
    > And, usually, you only need to remember the prefix anyway.


    Well you still need to enter them at _some_ point or another into DNS
    (unless you used a $GENERATE to setup a whole block, and even then,
    sometimes manual entries have to be added, ie: myhost.mydomain.com A ip
    and ip PTR myhost.mydomain.com)

    >> Actually a couple years ago, after hearing about IPv4 address slowly
    >> becoming scarce, I actually sort of invisioned IPv4 being expanded
    >> in a similar way telephone numbers were introduced into area codes
    >> (and country codes) to furthur divide things. What I envisioned then
    >> was anywhere for 1 to 4 extra sections (8 byte IPs.)

    >
    > Very good idea. Just another migration in ten years. I know people who
    > have gone through four phone numbers in three different area codes in
    > the last fifteen years.
    >
    > Geez, this is _one_ thing that we germans did right. No splits, no
    > overlays. Only newly assigned numbers get longer. This is based on the
    > convenient fact that our number length was never fixed in the first
    > place, and we started making them longer long before the existing
    > space was depleted so that we had ample _new_ number space to put into
    > use which saved us from doing the splits.


    Agreed, this approah IS much better This is basically wqhat I was
    getting at.

    On a side note (
    While I like how the Germans did it, there is an
    obvious benefit to using area codes, especially in a country the
    size of the US. When you see a phone number with an area code,
    you can easily deduce or determine where it may actually be located.

    Germany is a much smaller country, so their method works well for
    them. I don't think this method would of worked all that well in a
    much larger country. however.

    It's the old adage that one solution that works in one situation,
    may not be the best solution in another.

    In the case of the networking, I would favor a German-phone style
    approach
    )

    >> When I first saw an IPv6, it immediately looked like over kill. Like
    >> I said, I will be trying it on my own local network to get a real
    >> feel
    >> for it. On this note, are there any good documents out ther that
    >> describe
    >> what the general conventations are for IPv6 IPs? FOr instance, in
    >> IPv4, 192.168/16, 172.16/12, 10/8, are considered LAN-only IP
    >> blocks, 127/8 being loopback block.

    >
    > http://en.wikipedia.org/wiki/Ipv6 seems pretty good to me.


    Thank you.




  16. Re: Wildcards in reverse DNS

    On Sat, Jan 06, 2007 at 11:15:32AM -0800, Clenna Lumina wrote:
    > Marc Haber wrote:
    > >> so if it's generating a bad HELO, then thats the fault of the
    > >> foreign mail server, which is likely not configured correctly to
    > >> begin with.
    > >>
    > >> My personal mail server which sits behind my home NAT, has never
    > >> failed to get a proper HELO from proper foreign hosts.

    > >
    > > It's the connecting server who says HELO, not the server connected to.

    >
    > That *is* what I said - s/foreign/connecting/
    >
    > " so if it's generating a bad HELO, then thats the fault of the
    > foreign mail server "
    > ^^^^^^^


    I am talking about connecting via SMTP to the outside. How is a server
    behind NAT supposed to know which HELO to use when connecting to the
    outside?

    > > and 2001:1b18:f:4::4/128 is not _that_ bad. Yes, that's an actually
    > > workin address.

    >
    > How does that equate to a full 16 octet IPv6 address? I'm not all the
    > keen on all forms of IPv6 ips, but I've never seen it written like you
    > have. If you can connect to an IP using a short hand like this (withotu
    > breaking anything) that would be great. It's a new concept to get used
    > to, but (if it pans out), a welcome one.


    Quoting from Wikipedia:

    IPv6 addresses are normally written as eight groups of four
    hexadecimal digits. For example,
    2001:0db8:85a3:08d3:1319:8a2e:0370:7334 is a valid IPv6 address.

    If a four-digit group is 0000, the zeros may be omitted. For example,
    2001:0db8:85a3:0000:1319:8a2e:0370:1337 can be shortened as
    2001:0db8:85a3::1319:8a2e:0370:1337. Following this rule, any group of
    consecutive 0000 groups may be reduced to two colons, as long as there
    is only one double colon used in an address. Leading zeros in a group
    can also be omitted. Thus, the addresses below are all valid and
    equivalent:

    2001:0db8:0000:0000:0000:0000:1428:57ab
    2001:0db8:0000:0000:0000::1428:57ab
    2001:0db8:0:0:0:0:1428:57ab
    2001:0db8:0:0::1428:57ab
    2001:0db8::1428:57ab
    2001:db8::1428:57ab

    Having more than one double-colon abbreviation in an address is
    invalid, as it would make the notation ambiguous.

    A sequence of 4 bytes at the end of an IPv6 address can also be
    written in decimal, using dots as separators. This notation is often
    used with compatibility addresses (see below). Thus, ::ffff:1.2.3.4 is
    the same address as ::ffff:102:304.

    Additional information can be found in RFC 4291 - IP Version 6
    Addressing Architecture.

    > If you could suggest a good page to look at that desribes these sorts of
    > things, I would appreciate it.


    The Wikipedia page on ipv6 is not that bad.

    > >> Can you really tell me you can easily remember an address that long?
    > >> I can remebmer a 4 section IP with out any trouble. Remembering an
    > >> IPv6 address might be possible, no doubt, but you'd likely have to
    > >> known it rather well, and have a rather good memory.

    > >
    > > If DNS is properly used, you don't need to remember IPv6 addresses.
    > > And, usually, you only need to remember the prefix anyway.

    >
    > Well you still need to enter them at _some_ point or another into DNS


    yes, once. And one is well advised to use cut&paste for ipv4 as well.

    > While I like how the Germans did it, there is an
    > obvious benefit to using area codes, especially in a country the
    > size of the US. When you see a phone number with an area code,
    > you can easily deduce or determine where it may actually be located.


    Actually, we have area codes. They are longer for rural areas, and
    shorter for the big cities, to allow the actual subscriber number to
    vary in length according to the size of the local network.

    Greetings
    Marc

    --
    -----------------------------------------------------------------------------
    Marc Haber | "I don't trust Computers. They | Mailadresse im Header
    Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
    Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835



  17. Re: Wildcards in reverse DNS

    As for 128bit adressing; as far as I can see (which may not be far
    enough) the lower 64bits are meant for the MAC-address, the rest is
    useful as addresses.

    This reduces the number of addresses from the very astronomical numbers
    normally discussed to a 64 bit address space. This will probably be ok,
    but claims of 128bit addressing are a little bit oversold.

    What is the reason for this use of the lower 64 bits? Can you get rid of
    ARP? Is this so much better than the self-assigned IPv4 addresses in use
    today? On top of this, there are now attempts of hiding the MAC-address
    to help privacy, which would otherwise be gone.

    I still doubt if IPv6 is really as good as promised, it may be good
    enough though.

    Marc Haber wrote:
    > On Sat, Jan 06, 2007 at 11:15:32AM -0800, Clenna Lumina wrote:
    >
    >> Marc Haber wrote:
    >>
    >>>> so if it's generating a bad HELO, then thats the fault of the
    >>>> foreign mail server, which is likely not configured correctly to
    >>>> begin with.
    >>>>
    >>>> My personal mail server which sits behind my home NAT, has never
    >>>> failed to get a proper HELO from proper foreign hosts.
    >>>>
    >>> It's the connecting server who says HELO, not the server connected to.
    >>>

    >> That *is* what I said - s/foreign/connecting/
    >>
    >> " so if it's generating a bad HELO, then thats the fault of the
    >> foreign mail server "
    >> ^^^^^^^
    >>

    >
    > I am talking about connecting via SMTP to the outside. How is a server
    > behind NAT supposed to know which HELO to use when connecting to the
    > outside?
    >
    >
    >>> and 2001:1b18:f:4::4/128 is not _that_ bad. Yes, that's an actually
    >>> workin address.
    >>>

    >> How does that equate to a full 16 octet IPv6 address? I'm not all the
    >> keen on all forms of IPv6 ips, but I've never seen it written like you
    >> have. If you can connect to an IP using a short hand like this (withotu
    >> breaking anything) that would be great. It's a new concept to get used
    >> to, but (if it pans out), a welcome one.
    >>

    >
    > Quoting from Wikipedia:
    >
    > IPv6 addresses are normally written as eight groups of four
    > hexadecimal digits. For example,
    > 2001:0db8:85a3:08d3:1319:8a2e:0370:7334 is a valid IPv6 address.
    >
    > If a four-digit group is 0000, the zeros may be omitted. For example,
    > 2001:0db8:85a3:0000:1319:8a2e:0370:1337 can be shortened as
    > 2001:0db8:85a3::1319:8a2e:0370:1337. Following this rule, any group of
    > consecutive 0000 groups may be reduced to two colons, as long as there
    > is only one double colon used in an address. Leading zeros in a group
    > can also be omitted. Thus, the addresses below are all valid and
    > equivalent:
    >
    > 2001:0db8:0000:0000:0000:0000:1428:57ab
    > 2001:0db8:0000:0000:0000::1428:57ab
    > 2001:0db8:0:0:0:0:1428:57ab
    > 2001:0db8:0:0::1428:57ab
    > 2001:0db8::1428:57ab
    > 2001:db8::1428:57ab
    >
    > Having more than one double-colon abbreviation in an address is
    > invalid, as it would make the notation ambiguous.
    >
    > A sequence of 4 bytes at the end of an IPv6 address can also be
    > written in decimal, using dots as separators. This notation is often
    > used with compatibility addresses (see below). Thus, ::ffff:1.2.3.4 is
    > the same address as ::ffff:102:304.
    >
    > Additional information can be found in RFC 4291 - IP Version 6
    > Addressing Architecture.
    >
    >
    >> If you could suggest a good page to look at that desribes these sorts of
    >> things, I would appreciate it.
    >>

    >
    > The Wikipedia page on ipv6 is not that bad.
    >
    >
    >>>> Can you really tell me you can easily remember an address that long?
    >>>> I can remebmer a 4 section IP with out any trouble. Remembering an
    >>>> IPv6 address might be possible, no doubt, but you'd likely have to
    >>>> known it rather well, and have a rather good memory.
    >>>>
    >>> If DNS is properly used, you don't need to remember IPv6 addresses.
    >>> And, usually, you only need to remember the prefix anyway.
    >>>

    >> Well you still need to enter them at _some_ point or another into DNS
    >>

    >
    > yes, once. And one is well advised to use cut&paste for ipv4 as well.
    >
    >
    >> While I like how the Germans did it, there is an
    >> obvious benefit to using area codes, especially in a country the
    >> size of the US. When you see a phone number with an area code,
    >> you can easily deduce or determine where it may actually be located.
    >>

    >
    > Actually, we have area codes. They are longer for rural areas, and
    > shorter for the big cities, to allow the actual subscriber number to
    > vary in length according to the size of the local network.
    >
    > Greetings
    > Marc
    >
    >


    --
    Best regards

    Sten Carlsen

    No improvements come from shouting:

    "MALE BOVINE MANURE!!!"



  18. Re: Wildcards in reverse DNS

    On Sat, Jan 06, 2007 at 09:55:25PM +0100, Sten Carlsen wrote:
    > As for 128bit adressing; as far as I can see (which may not be far
    > enough) the lower 64bits are meant for the MAC-address, the rest is
    > useful as addresses.


    It is common to use the MAC address, but one can use arbitrary numbers
    as well. Which comes in handy for an actual service which should not
    have its IP change when it moves to different hardware.

    > What is the reason for this use of the lower 64 bits? Can you get rid of
    > ARP? Is this so much better than the self-assigned IPv4 addresses in use
    > today? On top of this, there are now attempts of hiding the MAC-address
    > to help privacy, which would otherwise be gone.


    It allows autoconfiguration. And why does one want to hide the MAC
    address? Knowing it does only help an attacker on the local network,
    and who is on the local network knows it anyway.

    Greetings
    Marc

    --
    -----------------------------------------------------------------------------
    Marc Haber | "I don't trust Computers. They | Mailadresse im Header
    Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
    Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835



  19. Re: Wildcards in reverse DNS



    Marc Haber wrote:
    > On Sat, Jan 06, 2007 at 09:55:25PM +0100, Sten Carlsen wrote:
    >
    >> As for 128bit adressing; as far as I can see (which may not be far
    >> enough) the lower 64bits are meant for the MAC-address, the rest is
    >> useful as addresses.
    >>

    >
    > It is common to use the MAC address, but one can use arbitrary numbers
    > as well. Which comes in handy for an actual service which should not
    > have its IP change when it moves to different hardware.
    >

    That was one of my points, I don't see the idea of changing all DNS
    entries just because oone NIC burnt out and was replaced. Good that we
    can avoid that.
    >
    >> What is the reason for this use of the lower 64 bits? Can you get rid of
    >> ARP? Is this so much better than the self-assigned IPv4 addresses in use
    >> today? On top of this, there are now attempts of hiding the MAC-address
    >> to help privacy, which would otherwise be gone.
    >>

    >
    > It allows autoconfiguration. And why does one want to hide the MAC
    > address? Knowing it does only help an attacker on the local network,
    > and who is on the local network knows it anyway.
    >

    I for one don't need any manufacturer knowing what I use my purchase for
    and where. For almost all traditional applications I have no big issue.
    For some of those to come, I am not so sure; I can imagine a host of
    "services" I will not want, all based on the manufacturer tracking his
    own devices.

    For autoconfigurations, yes, it is nice to be able to do that with no
    effort other than copying the MAC to the IP. Is that worth 64bits to be
    transmitted everywhere? I don't see any other value in those bits; at
    least if the world is autoconfigured. If that is not the case we still
    have two classes of addresses: public and private; the low 64 bits still
    do little for addressing as I see it. Maybe I still need more details?
    > Greetings
    > Marc
    >
    >


    --
    Best regards

    Sten Carlsen

    No improvements come from shouting:

    "MALE BOVINE MANURE!!!"



  20. Re: Wildcards in reverse DNS

    On Sat, 2007-01-06 at 23:08 +0100, Sten Carlsen wrote:
    > have two classes of addresses: public and private; the low 64 bits still
    > do little for addressing as I see it. Maybe I still need more details?


    Hm. So having several million trillion addresses PER SUBNET (2^64) still
    isn't enough for you?

    Regards, K.

    --
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
    Karl Auer (kauer@biplane.com.au) +61-2-64957160 (h)
    http://www.biplane.com.au/~kauer/ +61-428-957160 (mob)



+ Reply to Thread
Page 1 of 2 1 2 LastLast