From b1cec28c0f92ed927663bd9b97c9d5cebcbf3322 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Thu, 12 Dec 2019 23:58:42 +0100 Subject: [PATCH] a name for every ipv6 address --- .../contents.lr | 89 +++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 content/u/blog/has-a-name-for-every-ipv6-address/contents.lr diff --git a/content/u/blog/has-a-name-for-every-ipv6-address/contents.lr b/content/u/blog/has-a-name-for-every-ipv6-address/contents.lr new file mode 100644 index 0000000..5278f61 --- /dev/null +++ b/content/u/blog/has-a-name-for-every-ipv6-address/contents.lr @@ -0,0 +1,89 @@ +title: We are giving every IPv6 address a name with has-a.name +--- +pub_date: 2019-12-12 +--- +author: ungleich network team +--- +twitter_handle: ungleich +--- +_hidden: no +--- +_discoverable: yes +--- +abstract: +Not just because we can, but also because it helps +--- +body: + +## TL;DR + +You can use **IPv6address.has-a.name** as a domain name +for any of your containers or VMs. The required format is +**1234-5678-9abc-def0-1234-5678-9abc-def0.has-a.name**. This is +already a +valid name and points to the IPv6 address +*1234:5678:9abc:def0:1234:5678:9abc:def0*. + +## Introduction + +Imagine the following: you have a container or virtual machine running +with IPv6 and you want to give somebody access to it. + +IPv6 being IPv6, it is very easy to give someone access. However, you +might also want to use HTTPS. First, because HTTP does not look good +in browsers anymore. Secondly, because it is more secure. And thirdly, +because contributing to more encrypted traffic is a good thing for the +Internet. + +But you cannot get a certicate that you need for HTTPS without a name. + +## Developing a tool to map IPv6 addresses to names + +At the last [Hack4Glarus](https://hack4glarus.ch) we were +brainstorming and testing solutions on how to solve this problem. How +can we give **any** IPv6 address a name? At the Hackathon our +participants invited a cool [stateful +solution](https://redmine.ungleich.ch/issues/7379) +that is now even reachable at [weneedaname](https://weneeda.name/). + +After the hackathon our team was continuing to brainstorm on how to +solve this problem, but in a stateless way. + +## Knot to the rescue + +Eventually we rediscovered a software that we have been running for a +while already: [KnotDNS](https://www.knot-dns.cz/). We use it to +synthesize reverse DNS records for all IPv6 addresses in our +networks. That's why you can do a reverse lookup of ANY IPv6 address +in the 2a0a:e5c0::/29 network and you will get a reply that results +for instance in the name +*2a0a-e5c3-cafe-cace-0000-0000-0000-0000.loves.ipv6.at.ungleich.ch*. + +Also the opposite works, so looking up above name, results in finding +the IPv6 address *2a0a:e5c3:cafe:cace::*. + +With has-a.name, we took it one step further: Instead of limiting the +lookups to our own network, you can use this name for **any** IPv6 +address. + +Let's for instance take google's IPv6 address +2a00:1450:4009:811::200e. If google did not yet point google.com to +it, google *could* use +2a00-1450-4009-0811-0000-0000-0000-200e.has-a.name as an alternative +domain name. Obviously not that practical for google, +but not everybody is google. + +## has-a.name is a service for anyone building IPv6 applications + +The reason why we introduce the **has-a.name** service is to allow +anyone quick prototyping with IPv6. Anyone can have an IPv6 network. +Either via a VPN +(our claim is it works anywhere with [IPv6VPN.ch](https://IPv6VPN.ch) +or on your [IPv6 only VM](https://ipv6onlyhosting.com). With IPv6 you +can quickly bootstrap your service and show it to anyone in the world. + +With has-a.name you can now also use SSL certificates on any IPv6 +address. + +If you want to discuss the has-a.name service, we invite you to join the +[IPv6.Chat](https://IPv6.chat).