ungleich-staticcms/content/u/blog/has-a-name-for-every-ipv6-address/contents.lr

title: We are giving every IPv6 address a name
---
pub_date: 2019-12-12
---
author: ungleich network team
---
twitter_handle: ungleich
---
_hidden: no
---
_discoverable: yes
---
abstract:
Not just because we can, but also because it helps
---
body:

## TL;DR

You can use **IPv6address.has-a.name** as a domain name
for any of your containers or VMs. The required format is
**1234-5678-9abc-def0-1234-5678-9abc-def0.has-a.name**. This is
already a
valid name and points to the IPv6 address
*1234:5678:9abc:def0:1234:5678:9abc:def0*.

## Introduction

Imagine the following: you have a container or virtual machine running
with IPv6 and you want to give somebody access to it.

IPv6 being IPv6, it is very easy to give someone access. However, you
might also want to use HTTPS. First, because HTTP does not look good
in browsers anymore. Secondly, because it is more secure. And thirdly,
because contributing to more encrypted traffic is a good thing for the
Internet.

But you cannot get a certicate that you need for HTTPS without a name.

## Developing a tool to map IPv6 addresses to names

At the last [Hack4Glarus](https://hack4glarus.ch) we were
brainstorming and testing solutions on how to solve this problem. How
can we give **any** IPv6 address a name? At the Hackathon our
participants invited a cool [stateful
solution](https://redmine.ungleich.ch/issues/7379)
that is now even reachable at [weneedaname](https://weneeda.name/).

After the hackathon our team was continuing to brainstorm on how to
solve this problem, but in a stateless way.

## Knot to the rescue

Eventually we rediscovered a software that we have been running for a
while already: [KnotDNS](https://www.knot-dns.cz/). We use it to
synthesize reverse DNS records for all IPv6 addresses in our
networks. That's why you can do a reverse lookup of ANY IPv6 address
in the 2a0a:e5c0::/29 network and you will get a reply that results
for instance in the name
*2a0a-e5c3-cafe-cace-0000-0000-0000-0000.loves.ipv6.at.ungleich.ch*.

Also the opposite works, so looking up above name, results in finding
the IPv6 address *2a0a:e5c3:cafe:cace::*.

With has-a.name, we took it one step further: Instead of limiting the
lookups to our own network, you can use this name for **any** IPv6
address.

Let's for instance take google's IPv6 address
2a00:1450:4009:811::200e. If google did not yet point google.com to
it, google *could* use
2a00-1450-4009-0811-0000-0000-0000-200e.has-a.name as an alternative
domain name. Obviously not that practical for google,
but not everybody is google.

## has-a.name is a service for anyone building IPv6 applications

The reason why we introduce the **has-a.name** service is to allow
anyone quick prototyping with IPv6. Anyone can have an IPv6 network.
Either via a VPN
(our claim is it works anywhere with [IPv6VPN.ch](https://IPv6VPN.ch)
or on your [IPv6 only VM](https://ipv6onlyhosting.com). With IPv6 you
can quickly bootstrap your service and show it to anyone in the world.

With has-a.name you can now also use SSL certificates on any IPv6
address. Even better: [any docker container can now have an official,
valid certificate](https://ungleich.ch/u/blog/fully-automated-ssl-certificates-for-docker/)!

If you want to discuss the has-a.name service, we invite you to join the
[IPv6.Chat](https://IPv6.chat).

## Update 2019-12-20

On popular request, we have added support for **has-aaaa.name**,
too. So you can for instance reach
*2a0a-e5c0-0000-0002-0400-b3ff-fe39-795c.has-aaaa.name*, which is the
IPv6 address of [ungleich.ch](https://ungleich.ch).
update the title of previous blog article 2019-12-13 18:07:20 +01:00			`title: We are giving every IPv6 address a name`
a name for every ipv6 address 2019-12-12 23:58:42 +01:00			`---`
			`pub_date: 2019-12-12`
			`---`
			`author: ungleich network team`
			`---`
			`twitter_handle: ungleich`
			`---`
			`_hidden: no`
			`---`
			`_discoverable: yes`
			`---`
			`abstract:`
			`Not just because we can, but also because it helps`
			`---`
			`body:`

			`## TL;DR`

			`You can use IPv6address.has-a.name as a domain name`
			`for any of your containers or VMs. The required format is`
			`1234-5678-9abc-def0-1234-5678-9abc-def0.has-a.name. This is`
			`already a`
			`valid name and points to the IPv6 address`
			`1234:5678:9abc:def0:1234:5678:9abc:def0.`

			`## Introduction`

			`Imagine the following: you have a container or virtual machine running`
			`with IPv6 and you want to give somebody access to it.`

			`IPv6 being IPv6, it is very easy to give someone access. However, you`
			`might also want to use HTTPS. First, because HTTP does not look good`
			`in browsers anymore. Secondly, because it is more secure. And thirdly,`
			`because contributing to more encrypted traffic is a good thing for the`
			`Internet.`

			`But you cannot get a certicate that you need for HTTPS without a name.`

			`## Developing a tool to map IPv6 addresses to names`

			`At the last [Hack4Glarus](https://hack4glarus.ch) we were`
			`brainstorming and testing solutions on how to solve this problem. How`
			`can we give any IPv6 address a name? At the Hackathon our`
			`participants invited a cool [stateful`
			`solution](https://redmine.ungleich.ch/issues/7379)`
			`that is now even reachable at [weneedaname](https://weneeda.name/).`

			`After the hackathon our team was continuing to brainstorm on how to`
			`solve this problem, but in a stateless way.`

			`## Knot to the rescue`

			`Eventually we rediscovered a software that we have been running for a`
			`while already: [KnotDNS](https://www.knot-dns.cz/). We use it to`
			`synthesize reverse DNS records for all IPv6 addresses in our`
			`networks. That's why you can do a reverse lookup of ANY IPv6 address`
			`in the 2a0a:e5c0::/29 network and you will get a reply that results`
			`for instance in the name`
			`2a0a-e5c3-cafe-cace-0000-0000-0000-0000.loves.ipv6.at.ungleich.ch.`

			`Also the opposite works, so looking up above name, results in finding`
			`the IPv6 address 2a0a:e5c3:cafe:cace::.`

			`With has-a.name, we took it one step further: Instead of limiting the`
			`lookups to our own network, you can use this name for any IPv6`
			`address.`

			`Let's for instance take google's IPv6 address`
			`2a00:1450:4009:811::200e. If google did not yet point google.com to`
			`it, google could use`
			`2a00-1450-4009-0811-0000-0000-0000-200e.has-a.name as an alternative`
			`domain name. Obviously not that practical for google,`
			`but not everybody is google.`

			`## has-a.name is a service for anyone building IPv6 applications`

			`The reason why we introduce the has-a.name service is to allow`
			`anyone quick prototyping with IPv6. Anyone can have an IPv6 network.`
			`Either via a VPN`
			`(our claim is it works anywhere with [IPv6VPN.ch](https://IPv6VPN.ch)`
			`or on your [IPv6 only VM](https://ipv6onlyhosting.com). With IPv6 you`
			`can quickly bootstrap your service and show it to anyone in the world.`

			`With has-a.name you can now also use SSL certificates on any IPv6`
cross reference the other article 2019-12-17 00:31:32 +01:00			`address. Even better: [any docker container can now have an official,`
Exclamation mark later 2019-12-17 00:36:21 +01:00			`valid certificate](https://ungleich.ch/u/blog/fully-automated-ssl-certificates-for-docker/)!`
a name for every ipv6 address 2019-12-12 23:58:42 +01:00
			`If you want to discuss the has-a.name service, we invite you to join the`
			`[IPv6.Chat](https://IPv6.chat).`
blog: add has-AAAA.name 2019-12-20 10:03:15 +01:00
			`## Update 2019-12-20`

			`On popular request, we have added support for has-aaaa.name,`
			`too. So you can for instance reach`
			`2a0a-e5c0-0000-0002-0400-b3ff-fe39-795c.has-aaaa.name, which is the`
			`IPv6 address of [ungleich.ch](https://ungleich.ch).`