Here it is shown how to update a resolvable name at a DNS service like dynv6.com using ddclient on a Debian Linux operating system.
root@debian:~# sudo apt-get install ddclient
While installing, there are some dialogs to fill with informations about your DNS server provider. Select service provider 'other', because dynv6 is not in list:
Select dyndns2 as the protocol, which comply with dynv6:
Server URL of dynv6.com:
Username is none:
Now enter your dynv6 given HTTP token and repeat:
Select the network interface as source to determine the IP:
Figure out your network interface, which is connected to the internet. This could only be the NIC with a global ipv6 address when having a DualStackLite internet access offered by your ISP, for example wlan0 or eth0.
root@debian:~# ip addr
5: **wlan0**: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:3f:4f:ea:a6:44 brd ff:ff:ff:ff:ff:ff
inet6 **2a02:810b:4c0:d37:dcba:5678:1234:abcd/64** scope global dynamic mngtmpaddr
valid_lft 74660sec preferred_lft 31460sec
Now insert the fully qualified domain name where the domain must match with the dynv6 registered domain name and the prefixed hostname:
After finishing the installation process, check if the local ddclient service is running:
root@debian:~# systemctl status ddclient.service
● ddclient.service - Update dynamic domain name service entries
Active: active (running) since Thu 2022-06-23 16:18:21 UTC; 6min ago
Check in /etc/ddclient.conf
if the line ssl=yes
is at the beginning of a configuration block and that usev6=if
is existing before if=xxx
.
The configuration block for the dynv6 provider should look like this:
ssl=yes \
protocol=dyndns2 \
usev6=if, if=eth0 \
server=dynv6.com \
login=none \
password='<token>' \
<hostname>.<domainname>.dynv6.net
The configuration block for the desec provider should look like this:
ssl=yes \
protocol=dyndns2 \
usev6=if, if=eth0 \
server=update6.dedyn.io \
login=domainname.dedyn.io \
password='<token>' \
hostname.domainname.dedyn.io
A reverse proxy in front forwards requests from the internet to the different services in behind. While the IP for all requests should always be the proxy, the hostnames could be different and distinguish the services configured in the proxy manager. So we want that requests to any subdomain of domainname.org going to our reverse proxy. The reverse proxy looks into the configuration and decides to forward to another IP or internal hostname. To tell ddclient a AAAA (IPv6) record which redirects all subdomains to one IP address, tehre is a wildcard necessary:
*.domainname.dedyn.io
The resolvable names are assigned to global unique addresses (GUA's) of the interface in if=<if>
. A common case is it, that the GUA's of multiple nodes reside in one ipv6 subnet. I experienced problems to cross ping the nodes within the subnet. It seems NDP of ipv6 fails, if there are temporary addresses (privacy extensions) beside of the static interface ID ipv6 addresses and they are configured to be used in a prefered way through sysctl.
As the developers stated, ddclient is not able to use temporary GUA's and only the static interface ID addresses are used. So it is necessary to tell the Linux kernel to prefer the handling of static interface ID addresses over temporary ones. Also allow NDP proxying. Edit the /etc/sysctl.conf
:
net.ipv6.conf.eth0.use_tempaddr=1
net.ipv6.conf.eth0.proxy_ndp=1