James Knott wrote:
Per Jessen wrote:
Yes, I do. Not all systems got both types though. When a system is assigned both, which one is used for outgoing connections?
The random address.
When I started radvd on the router/firewall, most of my systems only had one address, the MAC-based one. I would not want the random address used for outgoing connections though. (for arbitrary clients yes, but not for anything fixed). I mean, imagine a mailserver delivering outgoing mail from a random address??
Think of outgoing as you using a browser and incoming, your servers. It is only the incoming traffic that needs to know the address. So, look up your MAC based address and use it for your DNS. For outgoing, it really doesn't matter which you use. There's a way to turn off random, but I don't recall the details at the moment.
For outgoing, at least for a mailserver, it does matter a lot which address is being used. Using the random address would mean the receiving server would have no way of identifying the sending server. If using dhclient6 actually means not getting a random address assigned, that's probably what I need to do.
It's possible that most of our systems are too old (pre 12.x) for the random address to work, but with 13.1M2 I got this:
2: enp3s1f0:
mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:15:60:57:07:f1 brd ff:ff:ff:ff:ff:ff inet 192.168.2.140/21 brd 192.168.7.255 scope global enp3s1f0 valid_lft forever preferred_lft forever inet6 2001:db8:2010:1ff:a5e4:4fb7:2ef0:5d1b/64 scope global temporary dynamic valid_lft 557201sec preferred_lft 38201sec inet6 2001:db8:2010:1ff:215:60ff:fe57:7f1/64 scope global dynamic valid_lft 2550353sec preferred_lft 563153sec inet6 fe80::215:60ff:fe57:7f1/64 scope link valid_lft forever preferred_lft forever "fe80::215:60ff:fe57:7f1/64 scope link" is your link local address. That will never change, unless you replace the NIC.
Right.
"2001:db8:2010:1ff:215:60ff:fe57:7f1/64 scope global dynamic" is your MAC based address. Use this in your DNS.
Right.
"inet6 2001:db8:2010:1ff:a5e4:4fb7:2ef0:5d1b/64 scope global temporary dynamic" is your random number address. As you get more, all but the lastest will say "temporary deprecated dynamic". I've got 3 of those.
Interesting. Thanks James, I'll be back with more questions :-) -- Per Jessen, Zürich (17.7°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org