-
Notifications
You must be signed in to change notification settings - Fork 322
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[IDEA] IPv6 Prefix only updater #663
Comments
I don't think I fully understand the use case. Why wouldn't |
Maybe I missed a setting, but the thing with IPv6 is, that it terminates at the application (for example your web server). Therefore if I only want to configure my API key for ddclient only at my OPNSense router, I don't know to what exact IP a domain entry is matched. I only know the IPv6 prefix and in combination with NPTv6, it is the only part of the IPv6 public IP that changes. If I missed a setting, that allows handling something like this, then I am sorry for the issue. |
I think I understand what you're saying. Let me rephrase to make sure I understand: You want to run ddclient only on your OPNSense router, and you want it to update AAAA DNS records for multiple hosts behind your OPNSense router. The OPNSense router doesn't know the full public IPv6 addresses of the hosts behind the router, only their (common) public prefix. You want ddclient to:
Is that correct? If so, can you use |
That is exactly my goal. I got to say im still kind of new to OPNSense. I'd like to have everything Network related on a dedicated OPNSense box, so that if I take down any hypervisor in my lab, it doesn't take down any others, as well as having to set up ddclient on each vm. I also don't want to have an api key in any vm, that might get compromised. As far as I can tell, the opnsense plugin only supports I don't know if its a bad approach I'm describing here, but I think that especially for homelabbers, that want to manage their IPv6 like they are used to with IPv4 (internal static and external dynamic), this could be a usecase. I see, that the ddclient conf might be acessible via cli. |
For People using only ULAs in their local infrastructure and NPTv6 for example in their OPNSense to prevent dynamic prefix updates messing with local firewall rules etc. it could be very interesting if ddclient could centrally just update the prefix of IPv6 entries.
One possible (probably inefficient) flow:
It would allow centrally managing DNS API credentials and still keep the upside of unique addresses per service.
Any thoughts?
The text was updated successfully, but these errors were encountered: