106 lines
3.8 KiB
Markdown
106 lines
3.8 KiB
Markdown
title: We are giving every IPv6 address a name
|
|
---
|
|
pub_date: 2019-12-12
|
|
---
|
|
author: ungleich network team
|
|
---
|
|
twitter_handle: ungleich
|
|
---
|
|
_hidden: no
|
|
---
|
|
_discoverable: yes
|
|
---
|
|
abstract:
|
|
Not just because we can, but also because it helps
|
|
---
|
|
body:
|
|
|
|
## TL;DR
|
|
|
|
You can use **IPv6address.has-a.name** as a domain name
|
|
for any of your computers, containers or VMs. The required format is
|
|
**1234-5678-9abc-def0-1234-5678-9abc-def0.has-a.name**. This is
|
|
already a
|
|
valid name and points to the IPv6 address
|
|
*1234:5678:9abc:def0:1234:5678:9abc:def0*.
|
|
Alternatively you can also use the domain **has-aaaa.name**, which
|
|
implies IPv6 stronger.
|
|
|
|
Both domains support IPv6 abbreviation using dashes,
|
|
you can f.i. use **2a0a-e5c0--3.has-aaaa.name**.
|
|
|
|
## Introduction
|
|
|
|
Imagine the following: you have a container or virtual machine running
|
|
with IPv6 and you want to give somebody access to it.
|
|
|
|
IPv6 being IPv6, it is very easy to give someone access. However, you
|
|
might also want to use HTTPS. First, because HTTP does not look good
|
|
in browsers anymore. Secondly, because it is more secure. And thirdly,
|
|
because contributing to more encrypted traffic is a good thing for the
|
|
Internet.
|
|
|
|
But you cannot get a certicate that you need for HTTPS without a name.
|
|
|
|
## Developing a tool to map IPv6 addresses to names
|
|
|
|
At the last [Hack4Glarus](https://hack4glarus.ch) we were
|
|
brainstorming and testing solutions on how to solve this problem. How
|
|
can we give **any** IPv6 address a name?
|
|
|
|
After the hackathon our team was continuing to brainstorm on how to
|
|
solve this problem in a stateless way.
|
|
|
|
## Knot to the rescue
|
|
|
|
Eventually we rediscovered a software that we have been running for a
|
|
while already: [KnotDNS](https://www.knot-dns.cz/). We use it to
|
|
synthesize reverse DNS records for all IPv6 addresses in our
|
|
networks. That's why you can do a reverse lookup of ANY IPv6 address
|
|
in the 2a0a:e5c0::/29 network and you will get a reply that results
|
|
for instance in the name
|
|
*2a0a-e5c3-cafe-cace-0000-0000-0000-0000.loves.ipv6.at.ungleich.ch*.
|
|
|
|
Also the opposite works, so looking up above name, results in finding
|
|
the IPv6 address *2a0a:e5c3:cafe:cace::*.
|
|
|
|
With has-a.name, we took it one step further: Instead of limiting the
|
|
lookups to our own network, you can use this name for **any** IPv6
|
|
address.
|
|
|
|
Let's for instance take google's IPv6 address
|
|
2a00:1450:4009:811::200e. If google did not yet point google.com to
|
|
it, google *could* use
|
|
2a00-1450-4009-0811-0000-0000-0000-200e.has-a.name as an alternative
|
|
domain name. Obviously not that practical for google,
|
|
but not everybody is google.
|
|
|
|
## has-a.name is a service for anyone building IPv6 applications
|
|
|
|
The reason why we introduce the **has-a.name** service is to allow
|
|
anyone quick prototyping with IPv6. Anyone can have an IPv6 network.
|
|
Either via a VPN
|
|
(our claim is it works anywhere with [IPv6VPN.ch](https://IPv6VPN.ch)
|
|
or on your [IPv6 only VM](https://ipv6onlyhosting.com). With IPv6 you
|
|
can quickly bootstrap your service and show it to anyone in the world.
|
|
|
|
With has-a.name you can now also use SSL certificates on any IPv6
|
|
address. Even better: [any docker container can now have an official,
|
|
valid certificate](https://ungleich.ch/u/blog/fully-automated-ssl-certificates-for-docker/)!
|
|
|
|
If you want to discuss the has-a.name service, we invite you to join the
|
|
[IPv6.Chat](https://IPv6.chat).
|
|
|
|
## Update 2019-12-20
|
|
|
|
On popular request, we have added support for **has-aaaa.name**,
|
|
too. So you can for instance reach
|
|
*2a0a-e5c0-0000-0002-0400-b3ff-fe39-795c.has-aaaa.name*, which is the
|
|
IPv6 address of [ungleich.ch](https://ungleich.ch).
|
|
|
|
## Update 2021-08-12
|
|
|
|
* The stateful project domain as originally developed at the
|
|
[Hack4Glarus is not in use
|
|
anymore](https://redmine.ungleich.ch/issues/7379). This does *not*
|
|
affect the has-a.name or has-aaa.name domains which are run by ungleich.ch.
|