-
Notifications
You must be signed in to change notification settings - Fork 322
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IPv6 not using temporary address / ignoring privacy extensions #651
Comments
Looks like temporary addresses are intentionally excluded: Line 3188 in e291987
I'm not sure why they are excluded. I'm not opposed to adding support for temporary addresses, but I'm reluctant to use them by default because some users might currently rely on the permanent address (e.g., using the temporary causes too many updates, or resource record TTL is greater than the temporary address lifetime). If privacy is a concern, I think that using a RFC7217 address for ddclient is superior to a temporary address. I recognize that not all systems support that RFC yet; Linux users should see |
thank you for the analysis. I am not really sure about RFC7217, here is my output:
So i guess, is has not been set by system-setup as documentation says while this is the default. For setups that do not have RFC7217 (SLAAC) enabled and are using privacy extenstions like this, the temporary address should be an option to choose from if you agree. So my proposal is, to introduce a new option like Would this be a good way in your opinion? |
Sounds good to me, though I think I would prefer |
i am using ddclient 3.11.2 on current linux stable opensuse leap 15.5 to make one device available in the internet. Only the ipv6 address should be connected to a dns record, ipv4 is assigned to another device and not relevant.
ddclient is configured for testing to usev6=ifv6,if=wlan0 which works well to resolve the fqdn to the host, everything works that way.
But i have privacy extensions turned on and have one ipv6 address "scope global dynamic noprefixroute" and one "scope global temporary dynamic".
The temporary address is more private, cause it won't have my mac included. In my setup, ddclient uses the dynamic instead of the temporary one. I would like to tell ddclient to use the temporary address for privacy.
Is there any switch/option i have missed to tell ddclient to check for temporary ipv6 ? If not, why is that not the default? I would encourage making this the default behaviour to respect privacy.
if there is not switch, i read about cmdv6, but found no example, nor any documentation for cmdv6. Could anyone tell my how to set cmdv6 to result in temporary address or some link to the docs?
The text was updated successfully, but these errors were encountered: