ungleich-staticcms/content/u/blog/has-a-name-for-every-ipv6-address/contents.lr

91 lines
3.2 KiB
Text
Raw Normal View History

title: We are giving every IPv6 address a name
2019-12-12 22:58:42 +00:00
---
pub_date: 2019-12-12
---
author: ungleich network team
---
twitter_handle: ungleich
---
_hidden: no
---
_discoverable: yes
---
abstract:
Not just because we can, but also because it helps
---
body:
## TL;DR
You can use **IPv6address.has-a.name** as a domain name
for any of your containers or VMs. The required format is
**1234-5678-9abc-def0-1234-5678-9abc-def0.has-a.name**. This is
already a
valid name and points to the IPv6 address
*1234:5678:9abc:def0:1234:5678:9abc:def0*.
## Introduction
Imagine the following: you have a container or virtual machine running
with IPv6 and you want to give somebody access to it.
IPv6 being IPv6, it is very easy to give someone access. However, you
might also want to use HTTPS. First, because HTTP does not look good
in browsers anymore. Secondly, because it is more secure. And thirdly,
because contributing to more encrypted traffic is a good thing for the
Internet.
But you cannot get a certicate that you need for HTTPS without a name.
## Developing a tool to map IPv6 addresses to names
At the last [Hack4Glarus](https://hack4glarus.ch) we were
brainstorming and testing solutions on how to solve this problem. How
can we give **any** IPv6 address a name? At the Hackathon our
participants invited a cool [stateful
solution](https://redmine.ungleich.ch/issues/7379)
that is now even reachable at [weneedaname](https://weneeda.name/).
After the hackathon our team was continuing to brainstorm on how to
solve this problem, but in a stateless way.
## Knot to the rescue
Eventually we rediscovered a software that we have been running for a
while already: [KnotDNS](https://www.knot-dns.cz/). We use it to
synthesize reverse DNS records for all IPv6 addresses in our
networks. That's why you can do a reverse lookup of ANY IPv6 address
in the 2a0a:e5c0::/29 network and you will get a reply that results
for instance in the name
*2a0a-e5c3-cafe-cace-0000-0000-0000-0000.loves.ipv6.at.ungleich.ch*.
Also the opposite works, so looking up above name, results in finding
the IPv6 address *2a0a:e5c3:cafe:cace::*.
With has-a.name, we took it one step further: Instead of limiting the
lookups to our own network, you can use this name for **any** IPv6
address.
Let's for instance take google's IPv6 address
2a00:1450:4009:811::200e. If google did not yet point google.com to
it, google *could* use
2a00-1450-4009-0811-0000-0000-0000-200e.has-a.name as an alternative
domain name. Obviously not that practical for google,
but not everybody is google.
## has-a.name is a service for anyone building IPv6 applications
The reason why we introduce the **has-a.name** service is to allow
anyone quick prototyping with IPv6. Anyone can have an IPv6 network.
Either via a VPN
(our claim is it works anywhere with [IPv6VPN.ch](https://IPv6VPN.ch)
or on your [IPv6 only VM](https://ipv6onlyhosting.com). With IPv6 you
can quickly bootstrap your service and show it to anyone in the world.
With has-a.name you can now also use SSL certificates on any IPv6
2019-12-16 23:31:32 +00:00
address. Even better: [any docker container can now have an official,
valid certificate!](https://ungleich.ch/u/blog/fully-automated-ssl-certificates-for-docker/)
2019-12-12 22:58:42 +00:00
If you want to discuss the has-a.name service, we invite you to join the
[IPv6.Chat](https://IPv6.chat).