On Wed, Jul 13, 2011 at 12:09:45PM +0100, Scott Ferguson wrote: > On 13/07/11 02:30, Laurence Hurst wrote: > > On Tue, Jul 12, 2011 at 04:09:27PM +0100, Scott Ferguson wrote: > >> Why not just use a single host file on your firewall/router? > >> <snipped> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > I addition I need forward and reverse host-name lookups to function > > correctly across a variety of platforms which is easily achieved by > > running my own internal DNS with little more effort than a static > > hosts file which I then have to copy around a dozen machines (and > > spend time wondering why stuff broke when I forget one!). > >> > > Just brush up on your reading skills and that problem will vanish. ;-p > Ah, yes I did misread what you were suggesting. For my current setup my way works for me, your way works for you. My setup at home is also very similar to that of a number of companies I work for, which is handy for experimentation (say, look at how IPv6 might integrate with and eventually replace the IPv4 infrastructure) ;-) > I can think of a number of large networks that don't run internal DNS > servers - dynamic addresses are a pain to manage on a large scale, and > static addresses make DNS servers redundant on most private networks. > But them my motivation is not to increase the workload for the network > monkeys (I mean - valued, value-adding staff) :-D > I'm still going to disagree with you on this point - user's expect to be able to plug in a machine and it "just work" without faffing around with setting IP/Subnet/Gateway/DNS/local domain settings (or getting the "network monkeys" to do it for them). I also worked for a company which had static addresses and the amount of time changing the settings on every single network connected device on the 2 occasions we had to change the router and/or DNS settings was measured in days - had we been using DHCP it would have been a 30s change to the config at the end of the day and the clients would most likely all be working next morning having renewed their leases and got the updated configuration at the same time. At lot of this depends on your (and mine!) users and environment.
I think, from what I've read, this goes away with IPv6 whereby even if I statically configure the interfaces address it will still use the route-discovery to "find" the router and DNS server so infrastructure changes are picked up automatically (after a period of time) without the need to change every connected hosts settings (as was the case with a static IPv4 setup). <snip /> > > >> > >> Pretty much the same as the example above - just substitute an > >> IPv6 address. Debian is just waiting for you to feed it IPv6, ditto > >> for Windows 7, not so much for OSX, dunno about your embedded > >> devices. > >> > >> From what I've read the auto-configured address is NOT guaranteed > >> to be identical each time a machine is connected to the network > >> (e.g. turned on after being powered off for a period of time), just > >> unique to the network at the time it is configured. While in > >> practice IF the mac address of the NIC is used to generate the IPv6 > >> address it may be the same, > > A static address assigned by MAC is the same process whether by IPv4,5, > or 6. > Dynamic addressing is randomising. I think we're talking at cross purposes here. I am specifically referring to stateless auto-configuration which the current most common convention, for IPv6, is to use the MAC address for the but this is not guaranteed and I have specific references to other methods being used whereby a given NIC does not always auto-configure to the same address each time it is connected to the same network. > > >> the RFC[0] simply states it will be generated from an "interface > >> identifier" and makes specific reference to instances where the > >> identifier is not a "hardware address" which means that although > >> current convention seems to be to use the MAC address this is not > >> guaranteed. If the addresses are not guaranteed to be static > >> between connections to the network then surely a local static DNS > >> (or, indeed, hosts file) cannot guarantee to be reliable? > > [0] http://tools.ietf.org/html/rfc4862 > > I believe you've misinterpreted the context their. None of your concerns > were validated by the trials I looked at during IPv6 day where very > large WANs ran native IPv6 - but then those networks don't allow dynamic > addresses (or bluetooth, or wireless). Again - I'd encourage you to read > the internode guides I linked rather than just one of over a dozen RFCs, > which only cover the basics. > Again I think we're talking cross purposes. My interest is purely in how IPv6 will operate within a private network. Assuming my ISP allocated me a range of addresses how I go about managing that range within the networks which exist in my house (or an organisation). In terms of a smallish network I'm repeatedly being told that stateless auto-configuration makes DHCP redundant (which it clearly does as far as handing out addresses is concerned) but IPv4 DHCP can and does hand out additional information (routers, DNS etc.) and when configured to statically assign certain mac addresses a particular IP makes it very very easy to take a laptop, for example, from home to work to library or internet cafe and back home and be correctly configured at every location, with a known hostname at home and work, without any user intervention. Static configuration does not. > > > > <snip /> > >>>> � * In the DHCP-less world, how would clients "discover" the > >>>> local DNS suffix (e.g. (fictitous) "internal.home.my.tld")? > > hostname? > /hosts file? > \hosts file? > \lmhosts file? > See above regarding laptops. My laptop might be "lappy.internal.home.mydomain.tld" at home, "laurence-laptop-0810.int.somecompany.tld" at work and something completely different (and non-sensical) at an interweb cafe. Additionally the local domain suffix is different at each location and so needs updating. Static configuration just doesn't do it for me in this case. Even my desktop machine moves around sufficiently often this would be a PITA. > And - what DHCP-less world? The one that I keep getting told IPv6 stateless auto-configuration is going to create. > > >> > >> It will depend on what methods your ISP provides > >> > > I'm talking about DNS which exists entirely within my private network > > and has nothing to do with my isp. Currently my DHCP server hands out > > my DNS server's details and the search domain (for the sake of > > argument 'internal.home.my.tld). The configured clients then use my > > DNS for all their DNS lookups - my server is configured to be > > authoritative for hosts on my network, within my subdomain > > ('internal.home.my.tld') and for reverse lookups on 192.168.0.0/24 > > addresses (and on it's other subnets, but let's not over-complicate > > here) and forwards any other request upstream to my ISPs DNS servers. > > It's the DNS bit contained in my network that I'm unclear on. > > It's your network - you can make it as complicated as you want. But if > you have a compelling reason to use DHCP to hand out dynamic addresses > I've missed it. A central hosts file and static addresses make the > question redundant. > Mobile phones, laptops, flaming iPads (don't get me started!). All of these need to "just work" on site, off site (e.g. at customer's homes) and in internet cafe type environments as they are in the hands of some seriously technically challenged people who could not change the configuration even with graphical step-by-step instructions. While my original question was just about my home network I am interested because of the impact this is going to have in the future for businesses and I like to have some idea of where things are going. <snip /> > > Indeed, I think a lot of this is still to be figured out (there maybe > > a spec but how the large corporations choose to "interpret" it may > > have knock on impact for the rest of us). > > Hence the links to "real-world" implementations for users like yourself Yes, and thanks for those but I still need to figure out how the internal infrastructure of the organisations is going to work. The number of things that rely on being able to accurately resolve internal hosts names is quite large (VPN users are a particular pain in this regard with the third-party VPN solution a particular company I work for has bought). <snip /> > > Cheers > I think a large part of my problem is I still keep thinking in terms of how IPv4 works in practice, and IPv6 is clearly a completely different kettle of fish (which is how I got onto thinking there should be a sane way to achieve the same as an IPv4 DHCP/DNS setup taking advantage of IPv6's stateless auto-configuration and doing away with DHCP). Oh well, that's 10+ years of working with IPv4 networks for you. Thanks Laurence -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110713121647.ga80...@diss-84-211.lut.ac.uk
