a name for every ipv6 address
This commit is contained in:
parent
044cb5b683
commit
b1cec28c0f
1 changed files with 89 additions and 0 deletions
89
content/u/blog/has-a-name-for-every-ipv6-address/contents.lr
Normal file
89
content/u/blog/has-a-name-for-every-ipv6-address/contents.lr
Normal file
|
@ -0,0 +1,89 @@
|
|||
title: We are giving every IPv6 address a name with has-a.name
|
||||
---
|
||||
pub_date: 2019-12-12
|
||||
---
|
||||
author: ungleich network team
|
||||
---
|
||||
twitter_handle: ungleich
|
||||
---
|
||||
_hidden: no
|
||||
---
|
||||
_discoverable: yes
|
||||
---
|
||||
abstract:
|
||||
Not just because we can, but also because it helps
|
||||
---
|
||||
body:
|
||||
|
||||
## TL;DR
|
||||
|
||||
You can use **IPv6address.has-a.name** as a domain name
|
||||
for any of your containers or VMs. The required format is
|
||||
**1234-5678-9abc-def0-1234-5678-9abc-def0.has-a.name**. This is
|
||||
already a
|
||||
valid name and points to the IPv6 address
|
||||
*1234:5678:9abc:def0:1234:5678:9abc:def0*.
|
||||
|
||||
## Introduction
|
||||
|
||||
Imagine the following: you have a container or virtual machine running
|
||||
with IPv6 and you want to give somebody access to it.
|
||||
|
||||
IPv6 being IPv6, it is very easy to give someone access. However, you
|
||||
might also want to use HTTPS. First, because HTTP does not look good
|
||||
in browsers anymore. Secondly, because it is more secure. And thirdly,
|
||||
because contributing to more encrypted traffic is a good thing for the
|
||||
Internet.
|
||||
|
||||
But you cannot get a certicate that you need for HTTPS without a name.
|
||||
|
||||
## Developing a tool to map IPv6 addresses to names
|
||||
|
||||
At the last [Hack4Glarus](https://hack4glarus.ch) we were
|
||||
brainstorming and testing solutions on how to solve this problem. How
|
||||
can we give **any** IPv6 address a name? At the Hackathon our
|
||||
participants invited a cool [stateful
|
||||
solution](https://redmine.ungleich.ch/issues/7379)
|
||||
that is now even reachable at [weneedaname](https://weneeda.name/).
|
||||
|
||||
After the hackathon our team was continuing to brainstorm on how to
|
||||
solve this problem, but in a stateless way.
|
||||
|
||||
## Knot to the rescue
|
||||
|
||||
Eventually we rediscovered a software that we have been running for a
|
||||
while already: [KnotDNS](https://www.knot-dns.cz/). We use it to
|
||||
synthesize reverse DNS records for all IPv6 addresses in our
|
||||
networks. That's why you can do a reverse lookup of ANY IPv6 address
|
||||
in the 2a0a:e5c0::/29 network and you will get a reply that results
|
||||
for instance in the name
|
||||
*2a0a-e5c3-cafe-cace-0000-0000-0000-0000.loves.ipv6.at.ungleich.ch*.
|
||||
|
||||
Also the opposite works, so looking up above name, results in finding
|
||||
the IPv6 address *2a0a:e5c3:cafe:cace::*.
|
||||
|
||||
With has-a.name, we took it one step further: Instead of limiting the
|
||||
lookups to our own network, you can use this name for **any** IPv6
|
||||
address.
|
||||
|
||||
Let's for instance take google's IPv6 address
|
||||
2a00:1450:4009:811::200e. If google did not yet point google.com to
|
||||
it, google *could* use
|
||||
2a00-1450-4009-0811-0000-0000-0000-200e.has-a.name as an alternative
|
||||
domain name. Obviously not that practical for google,
|
||||
but not everybody is google.
|
||||
|
||||
## has-a.name is a service for anyone building IPv6 applications
|
||||
|
||||
The reason why we introduce the **has-a.name** service is to allow
|
||||
anyone quick prototyping with IPv6. Anyone can have an IPv6 network.
|
||||
Either via a VPN
|
||||
(our claim is it works anywhere with [IPv6VPN.ch](https://IPv6VPN.ch)
|
||||
or on your [IPv6 only VM](https://ipv6onlyhosting.com). With IPv6 you
|
||||
can quickly bootstrap your service and show it to anyone in the world.
|
||||
|
||||
With has-a.name you can now also use SSL certificates on any IPv6
|
||||
address.
|
||||
|
||||
If you want to discuss the has-a.name service, we invite you to join the
|
||||
[IPv6.Chat](https://IPv6.chat).
|
Loading…
Reference in a new issue