[COFF] [TUHS] RetroNet… Virtual is cheap.

[COFF] [TUHS] RetroNet… Virtual is cheap.

[gtaylor]

On 08/31/2018 10:24 AM, Cornelius Keck wrote:
> But, I liked the way to have physical control over my setup, still do, 
> so there was, is no reason to switch at this time. Given different 
> circumstances, I might.

I've actually seen / discussed some options to combine the static IP 
that you get with inexpensive VPSs with the only dynamic nature of some 
residential connections.

I'd be happy to talk about details on COFF if people are interested.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://minnie.tuhs.org/pipermail/coff/attachments/20180831/e1ce9211/attachment.bin>

[COFF] [TUHS] RetroNet… Virtual is cheap.

[peter]

On 2018-Aug-31 11:33:19 -0600, Grant Taylor via COFF <coff at minnie.tuhs.org> wrote:
>On 08/31/2018 10:24 AM, Cornelius Keck wrote:
>> But, I liked the way to have physical control over my setup, still do, 
>> so there was, is no reason to switch at this time. Given different 
>> circumstances, I might.
>
>I've actually seen / discussed some options to combine the static IP 
>that you get with inexpensive VPSs with the only dynamic nature of some 
>residential connections.

My approach is a script on the client system (that has dynamic address) that
compares its external address with its address in DNS.  If they differ, it
sends an update to the DNS server.  The script is hooked into dhclient so
it's invoked when the address is updated or renewed.

The "DNS server" is a hack I've added to Iodine[1] - for an "A" lookup, it
does a readlink(2) of the FQDN in a config directory and treats the target
as an IPv4 address[2].  This FQDN is within a subdomain I've delegated to
Iodine - I have a CNAME pointing into the subdomain. The client updates the
symlink by SSHing to the DNS server host and running a command that takes
the domain name and address and updates the symlink.

Whilst I've managed to get a static address at home, I still find it useful
for VPSs where the address is static whilst the instance is running but not
preserved across rebuilds.

As an example, lookup gce1.rulingia.com.

[1] http://code.kryo.se/iodine/
[2] This is good enough because Australian ISPs don't believe in IPv6

-- 
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://minnie.tuhs.org/pipermail/coff/attachments/20180902/898767bd/attachment.sig>

[COFF] [TUHS] RetroNet… Virtual is cheap.

[gtaylor]

On 09/01/2018 04:20 PM, Peter Jeremy wrote:
> My approach is a script on the client system (that has dynamic address) 
> that compares its external address with its address in DNS.  If they 
> differ, it sends an update to the DNS server.  The script is hooked into 
> dhclient so it's invoked when the address is updated or renewed.

That sounds like a very reasonable method to manage Dynamic DNS for a 
DHCP client.

That's not quite what I was thinking of.  ;-)

First:  I'm assuming that the VPS in question has two public IP 
addresses.  (It may be possible to do this with one, but the routing 
gets quite a bit more complex.)

Second:  Establish a VPN / tunnel between a client machine and the VPS.

Third:  Enable Proxy ARP on the VPS for the second (unused & unbound to 
the VPS) IP.

Fourth:  Add a route to said second (unused & unbound to the VPS) via 
the far side of the VPN / tunnel.

Fifth:  Bind the second (unused & unbound to the VPS) ip on the local 
VPN / tunnel client.

Hypothetically this will get the second (unused & unbound to the VPS) 
such that it can be bound and used by a local client.  Thus the local 
client will have the globally routed IP address extended to it from the VPS.

> The "DNS server" is a hack I've added to Iodine[1] - for an "A" lookup, 
> it does a readlink(2) of the FQDN in a config directory and treats the 
> target as an IPv4 address[2].  This FQDN is within a subdomain I've 
> delegated to Iodine - I have a CNAME pointing into the subdomain. The 
> client updates the symlink by SSHing to the DNS server host and running 
> a command that takes the domain name and address and updates the symlink.

Intriguing.  I'll have to check out Iodine.  Thank you for the information.

> Whilst I've managed to get a static address at home, I still find it 
> useful for VPSs where the address is static whilst the instance is 
> running but not preserved across rebuilds.

Indeed.

> As an example, lookup gce1.rulingia.com.
> 
> [1]http://code.kryo.se/iodine/
> [2] This is good enough because Australian ISPs don't believe in IPv6

I'll have to check out what you're suggesting.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://minnie.tuhs.org/pipermail/coff/attachments/20180901/45cac1b1/attachment.bin>

[COFF] [TUHS] RetroNet… Virtual is cheap.

[perry]

On Sun, 2 Sep 2018 08:20:55 +1000 Peter Jeremy <peter at rulingia.com>
wrote:
> My approach is a script on the client system (that has dynamic
> address) that compares its external address with its address in
> DNS.  If they differ, it sends an update to the DNS server.  The
> script is hooked into dhclient so it's invoked when the address is
> updated or renewed.

Why not just dynamic update whenever the lease is renewed? If nothing
changes, no one will see any change. (I've run like that for 15 years
I think...)

Perry
-- 
Perry E. Metzger		perry at piermont.com

[COFF] [TUHS] RetroNet… Virtual is cheap.

[gtaylor]

On 09/06/2018 09:41 AM, Perry E. Metzger wrote:
> Why not just dynamic update whenever the lease is renewed? If nothing 
> changes, no one will see any change. (I've run like that for 15 years 
> I think...)

That does work from a client point of view.

 From a DNS administrators point of view, it's likely to cause 
unnecessary updates to the zone and subsequent transfers to slave 
servers.  All of which is unnecessary.

Perhaps this could be detected and avoided by returning a synthetic 
return to the client doing the update.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://minnie.tuhs.org/pipermail/coff/attachments/20180906/9ae80045/attachment.bin>

[COFF] [TUHS] RetroNet… Virtual is cheap.

[perry]

On Thu, 6 Sep 2018 10:24:09 -0600 Grant Taylor via COFF
<coff at minnie.tuhs.org> wrote:
> On 09/06/2018 09:41 AM, Perry E. Metzger wrote:
> > Why not just dynamic update whenever the lease is renewed? If
> > nothing changes, no one will see any change. (I've run like that
> > for 15 years I think...)  
> 
> That does work from a client point of view.
> 
>  From a DNS administrators point of view, it's likely to cause 
> unnecessary updates to the zone and subsequent transfers to slave 
> servers.  All of which is unnecessary.

I guess I've always viewed my time as being worth more. The data
being transferred is a few k, smaller than the size of one icon on my
desktop, I doubt the communications overhead is noticed in the
hailstorm of video going over the networks in question. Your Milage
May Differ.



Perry
-- 
Perry E. Metzger		perry at piermont.com

[COFF] [TUHS] RetroNet… Virtual is cheap.

[gtaylor]

On 09/06/2018 01:42 PM, Perry E. Metzger wrote:
> I doubt the communications overhead is noticed in the hailstorm of video 
> going over the networks in question. Your Milage May Differ.

The problem isn't bandwidth related.  It's more that it will cause 
additional and completely unnecessary (what is tantamount) to DB 
transactions and fan out replication to all other servers.  For 
something that is a completely unnecessary change.  It functionally 
rolls the serial number and all the additional overhead associated with it.

Because someone didn't check if the IP actually changed.

Compound this by 100s ~ 1,000s of customers doing the same thing.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://minnie.tuhs.org/pipermail/coff/attachments/20180906/fa9ce91e/attachment.bin>

[COFF] [TUHS] RetroNet… Virtual is cheap.

[dave]

On Sun, 2 Sep 2018, Peter Jeremy wrote:

> [2] This is good enough because Australian ISPs don't believe in IPv6

If I go to a site that reports my IP address, I get IPv6 (I have a static 
IPv4 address), which appears to be the default used by my router (a 
Fastnet 5355 or something, which T$ appear to be unloading on us).

I tried asking T$ for a static IPv6 range, but was unable to find anyone 
who even knew what I was talking about.

-- Dave

[COFF] [TUHS] RetroNet… Virtual is cheap.

[perry]

On Mon, 10 Sep 2018 16:35:56 +1000 (EST) Dave Horsfall
<dave at horsfall.org> wrote:
> On Sun, 2 Sep 2018, Peter Jeremy wrote:
> 
> > [2] This is good enough because Australian ISPs don't believe in
> > IPv6  
> 
> If I go to a site that reports my IP address, I get IPv6 (I have a
> static IPv4 address), which appears to be the default used by my
> router (a Fastnet 5355 or something, which T$ appear to be
> unloading on us).
> 
> I tried asking T$ for a static IPv6 range, but was unable to find
> anyone who even knew what I was talking about.

Have you tried DHCPv6ing from your router?

Perry
-- 
Perry E. Metzger		perry at piermont.com