Dhcpv6-pd is used by isps for prefix delegation, which most routers support now (not so when my isp first started with it).
But for advertising prefixes on a lan most networks use router adverts.
They're different use cases though.
r00ty
joined 2 years ago
You can include some information in router advertisements, likely there will be rfcs for more. Not sure of the full list of stuff you can advertise.
For sure I'm quite sure I had dns servers configured this way. I'll check when not on a phone to see what options there are.
Best thing to do to test the firewall is run some kind of server and try to connect to your ipv6 on that port.
Like I've said in other posts, routers really should block incoming connections by default. But it's not always the case that they do.
That's true. But there are not many differences. It's just, the differences there are, are crucial to understanding it.
Yep, it's all good. In my opinion, IPv6 routers should just be dropping incoming connections by default. If you want to run services you give your machine a static IPv6 and open ports on that IP/port specifically. It's actually easier than NAT because you don't need to translate ports and each IP can use the same ports (multiple web servers on 80/443).
I do agree that the average joe is going to expect NAT level security by default and that would provide that.
It's really not though. ISPs are a problem, but every hosting provider I've used has offered IPv6. It's really trivial to setup IPv6 name DNS, and host a website on both IPv4 and IPv6. I just do it by default now.
Once it becomes the default to deploy to both, if IPv4 died then the IPv6 side would just keep working.
For DNS, you can make a single glue record contain an IPv4 and IPv6 address.
DNS just needs A and AAAA records for the Name servers. NS records still point to the hostname as normal.
For Web servers, the web server just needs to bind to the IPv6 address(es). Then in DNS just have an A and AAAA record for each website hostname. The server name directives will cover both.
There really isn't much to it right now. The technology is mature now. It used to be a pain, but now it isn't.
In most cases, the router advertises the prefix, and the devices choose their own IPv6. Unless you run DHCPv6 (which really no-one does in reality, I don't even think android will use it if present).
It doesn't allow firewall bypass though, as the other commenter noted.
Honestly, I think most fear of IPv6 is just borne out of ignorance and assigning their understanding of IPv4 onto IPv6 and making assumptions.
Routers simply need to block incoming unestablished packets (all modern routers allow for this) to replicate NAT security without NAT translation. Then you just punch holes through on IP addresses and ports you want to run services on and be done with it.
Now, some home routers aren't doing this by default, but they absolutely should be. That's just router software designers being bad, not IPv6's fault, and would get ironed out pretty quick if there was mass adoption and IPv4 became the secondary system.
To be clear, this is not a reason not to be adopting IPv6.
Dude 10-Base2 won, get over it!
Or, just type ping -6 google.com from a command prompt. It won't work if you don't have ipv6.
I think it depends on all the caveats I mentioned. If it could have worked with an outgoing connection, then someone with a bad client could execute it for sure. The VPN wouldn't protect you.