DHCP for DNS or "hard-wired"?

On Sun, 25 Jun 2017 05:49:24 -0000 (UTC), lifewoutmilk
wrote:

Lucifer Morningstar wrote:
On Sun, 25 Jun 2017 01:31:53 -0000 (UTC), lifewoutmilk
wrote:

Dave Doe wrote:
In article ,
, lifewoutmilk says...

NY wrote:
"lifewoutmilk" wrote in message
news NY wrote:
Your typical subnet assigned by an ISP is going to be 2^64 addresses.
There's no conceivable way that you're going to run out of addresses on
your home network.

Agreed. I think I can safely say that you will *never* use up 2^64 different
addresses!

Also, with so many addresses available in a single subnet, there's no need
for
NAT given a decent firewall.

The problem is that (if I understand correctly) the "decent firewall" has to
exist on every device that is connected, otherwise that device is
vulnerable. You could have a good secure firewall on all your Windows

No, all traffic is still filtered by my firewall even if it is IPv6
traffic. Just because my desktop has a publicly routable IPv6 address
doesn't mean that devices on the Internet have unfiltered access to it.
My router/firewall still determines what packets reach my desktop and
what packets reaches the Internet from my desktop.

As someone else mentioned, NAT is not a security solution. It just so
happens to "filter" out public access to devices on the LAN. The
firewall aspect of your router is in *addition* to that NAT function.

computers, but you might also have a security camera on your network which
has no firewall. With IPv4 and NAT, the NAT and the firewall built into the
router provide a first line of defence which is missing if you go for IPv6
and no NAT - you are then devolving the problem to every device separately
rather than centralising it.

No. You've misunderstood. Publicly routable does not imply unfiltered.

Short of firewall settings on the modem, it surely most certainly is ???


My point is that just because an IP is publicly *routable*, does not
mean that access to that publicly routable address is guaranteed to be
unfiltered by a firewall. It simply means that NAT is not required.

A NAT is still required to translate the single address provided by
your ISP to the multiple addresses on your network.

If I gave you my desktops IPv6 address, you would be able to ping my
desktop because IPv6 ICMP echo requests and IPv6 ICMP echo responses are
unfiltered on my firewall. (Required by RFC 4890 section 4.3.1 along
with several other ICMP types.)

Blocked by some to avoid ping attacks.

However, even though you can ping my desktop from the Internet, you
would not be able to connect to the Plex media server that is running
on it because that traffic is filtered (along with most other inbound
traffice) by the firewall.

And because the ISP will not know to send multiple IPs to you.
NAT is still needed.

Let me assure you, I have written the firewall rules myself. There is
no NAT for IPv6 here. The only rule for NAT is for IPv4.

You haven't understood much of what I've written. That's okay. Many
people don't understand how networks and IP addressing work. It's not
required knowledge to use the Internet.

I'm not an expert but I do have a small local network over two
buildings with a mixture of gigabit Ethernet and Wi-Fi and
OSX/OSX server/Windows XP/10/Server 2003/Solaris 10
on SPARC and Solaris 11 X64.

You are far more up to date but I still see IDE used with
optical disk drives because optical drives do not benefit
from the higher speed of SATA.

On Sun, 25 Jun 2017 14:19:19 +1000, Lucifer Morningstar
wrote:

It says the author is one of these people
who thinks he wants everything that is new without realising that
IPv6 is not used on LANs.
All the problems he encountered would have been solved when
he went back to IPv4 for his LAN. Why create problems unnecessarily?

The ISP only ever need provide one address whether it be IPv4
or IPv6.

Paul

With IPv4, the ISP provides one address as you said. Things like
NAT/Port numbers must be used to handle multiple devices. With IPv6,
the ISP is providing one RANGE of addresses. Your router can provide
individual addresses from within that range. Why create problems
unnecessarily? Because, eventually, everything will be IPv6 only and
every device will have its own address.

On Sun, 25 Jun 2017 06:25:06 -0400, Pat wrote:

On Sun, 25 Jun 2017 14:19:19 +1000, Lucifer Morningstar
wrote:

It says the author is one of these people
who thinks he wants everything that is new without realising that
IPv6 is not used on LANs.
All the problems he encountered would have been solved when
he went back to IPv4 for his LAN. Why create problems unnecessarily?

The ISP only ever need provide one address whether it be IPv4
or IPv6.

Paul

With IPv4, the ISP provides one address as you said. Things like
NAT/Port numbers must be used to handle multiple devices. With IPv6,
the ISP is providing one RANGE of addresses.

The ISP is provided with a range of IPs to use for it's customers.
It is not going to waste IPs by giving blocks to each customer
when only one is needed and only one can be used on the WAN
side.

Your router can provide individual addresses from within that range.

Not true.

Why create problems unnecessarily? Because, eventually, everything
will be IPv6 only and every device will have its own address.

Every device already has it's own address.
Your method provides an open door to hackers.
Hackers can get direct access to your printer and feed all the paper
out or launch a ping attack on your printer and make it unusable.

I hope you do not work for any government departments.
You could be arrested for encouraging hackers.

On Sun, 25 Jun 2017 22:31:46 +1000, Lucifer Morningstar
wrote:

On Sun, 25 Jun 2017 06:25:06 -0400, Pat wrote:

On Sun, 25 Jun 2017 14:19:19 +1000, Lucifer Morningstar
wrote:

It says the author is one of these people
who thinks he wants everything that is new without realising that
IPv6 is not used on LANs.
All the problems he encountered would have been solved when
he went back to IPv4 for his LAN. Why create problems unnecessarily?

The ISP only ever need provide one address whether it be IPv4
or IPv6.

Paul

With IPv4, the ISP provides one address as you said. Things like
NAT/Port numbers must be used to handle multiple devices. With IPv6,
the ISP is providing one RANGE of addresses.

The ISP is provided with a range of IPs to use for it's customers.
It is not going to waste IPs by giving blocks to each customer
when only one is needed and only one can be used on the WAN
side.

Your router can provide individual addresses from within that range.

Not true.

Why create problems unnecessarily? Because, eventually, everything
will be IPv6 only and every device will have its own address.

Every device already has it's own address.
Your method provides an open door to hackers.
Hackers can get direct access to your printer and feed all the paper
out or launch a ping attack on your printer and make it unusable.

I hope you do not work for any government departments.
You could be arrested for encouraging hackers.

I give up. Just because you don't understand how devices like
printers are protected doesn't mean they are vulnerable.

Lucifer Morningstar wrote:

The ISP is provided with a range of IPs to use for it's customers. It
is not going to waste IPs by giving blocks to each customer when only
one is needed

true, most will only allocate a single address per customer, and that
may not be fixed unless it's requsted.

and only one can be used on the WAN side.

It's certainly possible to have more than one address on the WAN side,
for example I have 8 addresses.

Lucifer Morningstar wrote:
On Sun, 25 Jun 2017 05:43:17 -0000 (UTC), lifewoutmilk
wrote:

Lucifer Morningstar wrote:
On Sun, 25 Jun 2017 01:18:07 -0000 (UTC), lifewoutmilk
wrote:

Dave Doe wrote:
In article ,
, lifewoutmilk says...

Lucifer Morningstar wrote:
On Sat, 24 Jun 2017 13:49:09 +0100, "NY" wrote:

"lifewoutmilk" wrote in message
news NY wrote:
Your typical subnet assigned by an ISP is going to be 2^64 addresses.
There's no conceivable way that you're going to run out of addresses on
your home network.

Agreed. I think I can safely say that you will *never* use up 2^64 different
addresses!

Also, with so many addresses available in a single subnet, there's no need
for NAT given a decent firewall.

NAT is always needed to translate from the WAN IP to the various
LAN IPs.

I think you're implying here that all LANs need NAT, which is not
correct.

You do realize that it's possible to have a LAN where each device has a
public IP address right? The only reason NAT use is so pervasive is it
avoids the requirement that all devices have a publicly routable IPv4
address (because it is a scarce resource) and it incidently acts as a
sort of firewall (not exactly but close enough).

In my home network which is dual-stack IPv4 and IPv6, NAT is only used
for IPv4. There is absolutely no NAT happening for IPv6 traffic.

Did you turn it off? Just wondering. I have done that on my modem, I
turned off IPV6 because I dislike my PC's on the network getting those
ackward to deal with IPV6 addresses.

https://1drv.ms/i/s!AjwgsYmRt63ph_FZqu4qDk4imZ2x4A

https://1drv.ms/i/s!AjwgsYmRt63ph_FaszBR0fLjR-bphg


No, I went out of my way to ensure that IPv6 is a first-class protocol
on my home network. In fact, for the last week, approximately 23% of
the traffic on this network has been over IPv6.

http://i.imgur.com/16KAqBt.png

You must have got bored with your network not being broken.
Now at least you have something to complain about.
If it aint broke make it so, right?

Not broke at all. Regardless of what your feelings are about IPv6, I'm
pretty sure it's going to be around for a long time.

The outside world needs IPv6 but not the LAN.

Why are most optical drives still using IDE?

I'm sorry, what year do you think it is?

Lucifer Morningstar wrote:
On Sun, 25 Jun 2017 05:49:24 -0000 (UTC), lifewoutmilk
wrote:

Lucifer Morningstar wrote:
On Sun, 25 Jun 2017 01:31:53 -0000 (UTC), lifewoutmilk
wrote:

Dave Doe wrote:
In article ,
, lifewoutmilk says...

NY wrote:
"lifewoutmilk" wrote in message
news NY wrote:
Your typical subnet assigned by an ISP is going to be 2^64 addresses.
There's no conceivable way that you're going to run out of addresses on
your home network.

Agreed. I think I can safely say that you will *never* use up 2^64 different
addresses!

Also, with so many addresses available in a single subnet, there's no need
for
NAT given a decent firewall.

The problem is that (if I understand correctly) the "decent firewall" has to
exist on every device that is connected, otherwise that device is
vulnerable. You could have a good secure firewall on all your Windows

No, all traffic is still filtered by my firewall even if it is IPv6
traffic. Just because my desktop has a publicly routable IPv6 address
doesn't mean that devices on the Internet have unfiltered access to it.
My router/firewall still determines what packets reach my desktop and
what packets reaches the Internet from my desktop.

As someone else mentioned, NAT is not a security solution. It just so
happens to "filter" out public access to devices on the LAN. The
firewall aspect of your router is in *addition* to that NAT function.

computers, but you might also have a security camera on your network which
has no firewall. With IPv4 and NAT, the NAT and the firewall built into the
router provide a first line of defence which is missing if you go for IPv6
and no NAT - you are then devolving the problem to every device separately
rather than centralising it.

No. You've misunderstood. Publicly routable does not imply unfiltered.

Short of firewall settings on the modem, it surely most certainly is ???


My point is that just because an IP is publicly *routable*, does not
mean that access to that publicly routable address is guaranteed to be
unfiltered by a firewall. It simply means that NAT is not required.

A NAT is still required to translate the single address provided by
your ISP to the multiple addresses on your network.

If I gave you my desktops IPv6 address, you would be able to ping my
desktop because IPv6 ICMP echo requests and IPv6 ICMP echo responses are
unfiltered on my firewall. (Required by RFC 4890 section 4.3.1 along
with several other ICMP types.)

Blocked by some to avoid ping attacks.

However, even though you can ping my desktop from the Internet, you
would not be able to connect to the Plex media server that is running
on it because that traffic is filtered (along with most other inbound
traffice) by the firewall.

And because the ISP will not know to send multiple IPs to you.
NAT is still needed.

Let me assure you, I have written the firewall rules myself. There is
no NAT for IPv6 here. The only rule for NAT is for IPv4.

You haven't understood much of what I've written. That's okay. Many
people don't understand how networks and IP addressing work. It's not
required knowledge to use the Internet.

I'm not an expert

You have made that abundantly clear.

but I do have a small local network over two
buildings with a mixture of gigabit Ethernet and Wi-Fi and
OSX/OSX server/Windows XP/10/Server 2003/Solaris 10
on SPARC and Solaris 11 X64.

Windows XP and Server 2003? Both are EOL by Microsoft and yet you're
claiming that we're opening our systems up for hackers?


You are far more up to date but I still see IDE used with
optical disk drives because optical drives do not benefit
from the higher speed of SATA.

What exactly does IDE have to do with any of this? Nothing. I'm sorry
that your stuck working with ancient hardware and software.

On Sun, 25 Jun 2017 09:40:08 -0400, Pat wrote:

On Sun, 25 Jun 2017 22:31:46 +1000, Lucifer Morningstar
wrote:

On Sun, 25 Jun 2017 06:25:06 -0400, Pat wrote:

On Sun, 25 Jun 2017 14:19:19 +1000, Lucifer Morningstar
wrote:

It says the author is one of these people
who thinks he wants everything that is new without realising that
IPv6 is not used on LANs.
All the problems he encountered would have been solved when
he went back to IPv4 for his LAN. Why create problems unnecessarily?

The ISP only ever need provide one address whether it be IPv4
or IPv6.

Paul

With IPv4, the ISP provides one address as you said. Things like
NAT/Port numbers must be used to handle multiple devices. With IPv6,
the ISP is providing one RANGE of addresses.

The ISP is provided with a range of IPs to use for it's customers.
It is not going to waste IPs by giving blocks to each customer
when only one is needed and only one can be used on the WAN
side.

Your router can provide individual addresses from within that range.

Not true.

Why create problems unnecessarily? Because, eventually, everything
will be IPv6 only and every device will have its own address.

Every device already has it's own address.
Your method provides an open door to hackers.
Hackers can get direct access to your printer and feed all the paper
out or launch a ping attack on your printer and make it unusable.

I hope you do not work for any government departments.
You could be arrested for encouraging hackers.

I give up. Just because you don't understand how devices like
printers are protected doesn't mean they are vulnerable.

DOS attacks on printers have happened. You are making it
easier.

Lucifer Morningstar wrote:
On Sun, 25 Jun 2017 09:40:08 -0400, Pat wrote:

On Sun, 25 Jun 2017 22:31:46 +1000, Lucifer Morningstar
wrote:

On Sun, 25 Jun 2017 06:25:06 -0400, Pat wrote:

On Sun, 25 Jun 2017 14:19:19 +1000, Lucifer Morningstar
wrote:

It says the author is one of these people
who thinks he wants everything that is new without realising that
IPv6 is not used on LANs.
All the problems he encountered would have been solved when
he went back to IPv4 for his LAN. Why create problems unnecessarily?

The ISP only ever need provide one address whether it be IPv4
or IPv6.

Paul

With IPv4, the ISP provides one address as you said. Things like
NAT/Port numbers must be used to handle multiple devices. With IPv6,
the ISP is providing one RANGE of addresses.

The ISP is provided with a range of IPs to use for it's customers.
It is not going to waste IPs by giving blocks to each customer
when only one is needed and only one can be used on the WAN
side.

Your router can provide individual addresses from within that range.

Not true.

Why create problems unnecessarily? Because, eventually, everything
will be IPv6 only and every device will have its own address.

Every device already has it's own address.
Your method provides an open door to hackers.
Hackers can get direct access to your printer and feed all the paper
out or launch a ping attack on your printer and make it unusable.

I hope you do not work for any government departments.
You could be arrested for encouraging hackers.

I give up. Just because you don't understand how devices like
printers are protected doesn't mean they are vulnerable.

DOS attacks on printers have happened. You are making it
easier.

Once more, just because a device has a publicly routable IP
address, that doesn't mean the device is not behind a filtering
firewall.

It's almost as though you're being intentionally obtuse about the whole
thing.

On Sun, 25 Jun 2017 16:13:17 +0100, Andy Burns
wrote:

Lucifer Morningstar wrote:

The ISP is provided with a range of IPs to use for it's customers. It
is not going to waste IPs by giving blocks to each customer when only
one is needed

true, most will only allocate a single address per customer, and that
may not be fixed unless it's requsted.

It doesn't need fixing. You use the NAT to translate.

and only one can be used on the WAN side.

It's certainly possible to have more than one address on the WAN side,
for example I have 8 addresses.

When will that be fixed?

On Sun, 25 Jun 2017 15:21:31 -0000 (UTC), lifewoutmilk
wrote:

Lucifer Morningstar wrote:
On Sun, 25 Jun 2017 05:43:17 -0000 (UTC), lifewoutmilk
wrote:

Lucifer Morningstar wrote:
On Sun, 25 Jun 2017 01:18:07 -0000 (UTC), lifewoutmilk
wrote:

Dave Doe wrote:
In article ,
, lifewoutmilk says...

Lucifer Morningstar wrote:
On Sat, 24 Jun 2017 13:49:09 +0100, "NY" wrote:

"lifewoutmilk" wrote in message
news NY wrote:
Your typical subnet assigned by an ISP is going to be 2^64 addresses.
There's no conceivable way that you're going to run out of addresses on
your home network.

Agreed. I think I can safely say that you will *never* use up 2^64 different
addresses!

Also, with so many addresses available in a single subnet, there's no need
for NAT given a decent firewall.

NAT is always needed to translate from the WAN IP to the various
LAN IPs.

I think you're implying here that all LANs need NAT, which is not
correct.

You do realize that it's possible to have a LAN where each device has a
public IP address right? The only reason NAT use is so pervasive is it
avoids the requirement that all devices have a publicly routable IPv4
address (because it is a scarce resource) and it incidently acts as a
sort of firewall (not exactly but close enough).

In my home network which is dual-stack IPv4 and IPv6, NAT is only used
for IPv4. There is absolutely no NAT happening for IPv6 traffic.

Did you turn it off? Just wondering. I have done that on my modem, I
turned off IPV6 because I dislike my PC's on the network getting those
ackward to deal with IPV6 addresses.

https://1drv.ms/i/s!AjwgsYmRt63ph_FZqu4qDk4imZ2x4A

https://1drv.ms/i/s!AjwgsYmRt63ph_FaszBR0fLjR-bphg


No, I went out of my way to ensure that IPv6 is a first-class protocol
on my home network. In fact, for the last week, approximately 23% of
the traffic on this network has been over IPv6.

http://i.imgur.com/16KAqBt.png

You must have got bored with your network not being broken.
Now at least you have something to complain about.
If it aint broke make it so, right?

Not broke at all. Regardless of what your feelings are about IPv6, I'm
pretty sure it's going to be around for a long time.

The outside world needs IPv6 but not the LAN.

Why are most optical drives still using IDE?

I'm sorry, what year do you think it is?

Optical drives are not fast enough to benefit from switching
to SATA.
Your LAN does not need the greater addressing range of IPv6.

On Sun, 25 Jun 2017 15:29:43 -0000 (UTC), lifewoutmilk
wrote:

Lucifer Morningstar wrote:
On Sun, 25 Jun 2017 05:49:24 -0000 (UTC), lifewoutmilk
wrote:

Lucifer Morningstar wrote:
On Sun, 25 Jun 2017 01:31:53 -0000 (UTC), lifewoutmilk
wrote:

Dave Doe wrote:
In article ,
, lifewoutmilk says...

NY wrote:
"lifewoutmilk" wrote in message
news NY wrote:
Your typical subnet assigned by an ISP is going to be 2^64 addresses.
There's no conceivable way that you're going to run out of addresses on
your home network.

Agreed. I think I can safely say that you will *never* use up 2^64 different
addresses!

Also, with so many addresses available in a single subnet, there's no need
for
NAT given a decent firewall.

The problem is that (if I understand correctly) the "decent firewall" has to
exist on every device that is connected, otherwise that device is
vulnerable. You could have a good secure firewall on all your Windows

No, all traffic is still filtered by my firewall even if it is IPv6
traffic. Just because my desktop has a publicly routable IPv6 address
doesn't mean that devices on the Internet have unfiltered access to it.
My router/firewall still determines what packets reach my desktop and
what packets reaches the Internet from my desktop.

As someone else mentioned, NAT is not a security solution. It just so
happens to "filter" out public access to devices on the LAN. The
firewall aspect of your router is in *addition* to that NAT function.

computers, but you might also have a security camera on your network which
has no firewall. With IPv4 and NAT, the NAT and the firewall built into the
router provide a first line of defence which is missing if you go for IPv6
and no NAT - you are then devolving the problem to every device separately
rather than centralising it.

No. You've misunderstood. Publicly routable does not imply unfiltered.

Short of firewall settings on the modem, it surely most certainly is ???


My point is that just because an IP is publicly *routable*, does not
mean that access to that publicly routable address is guaranteed to be
unfiltered by a firewall. It simply means that NAT is not required.

A NAT is still required to translate the single address provided by
your ISP to the multiple addresses on your network.

If I gave you my desktops IPv6 address, you would be able to ping my
desktop because IPv6 ICMP echo requests and IPv6 ICMP echo responses are
unfiltered on my firewall. (Required by RFC 4890 section 4.3.1 along
with several other ICMP types.)

Blocked by some to avoid ping attacks.

However, even though you can ping my desktop from the Internet, you
would not be able to connect to the Plex media server that is running
on it because that traffic is filtered (along with most other inbound
traffice) by the firewall.

And because the ISP will not know to send multiple IPs to you.
NAT is still needed.

Let me assure you, I have written the firewall rules myself. There is
no NAT for IPv6 here. The only rule for NAT is for IPv4.

You haven't understood much of what I've written. That's okay. Many
people don't understand how networks and IP addressing work. It's not
required knowledge to use the Internet.

I'm not an expert

You have made that abundantly clear.

but I do have a small local network over two
buildings with a mixture of gigabit Ethernet and Wi-Fi and
OSX/OSX server/Windows XP/10/Server 2003/Solaris 10
on SPARC and Solaris 11 X64.

Windows XP and Server 2003? Both are EOL by Microsoft and yet you're
claiming that we're opening our systems up for hackers?


You are far more up to date but I still see IDE used with
optical disk drives because optical drives do not benefit
from the higher speed of SATA.

What exactly does IDE have to do with any of this? Nothing. I'm sorry
that your stuck working with ancient hardware and software.

Did you mean you're?

Lucifer Morningstar wrote:

Andy Burns wrote:

most will only allocate a single address per customer, and that
may not be fixed unless it's requsted.

It doesn't need fixing. You use the NAT to translate.

fixed as in static, rather than dynamic.

On Mon, 26 Jun 2017 05:40:37 +1000, Lucifer Morningstar wrote:

Optical drives are not fast enough to benefit from switching
to SATA.

What do you do when your motherboard doesn't have IDE?

Your LAN does not need the greater addressing range of IPv6.

What do you do when IPv4 dies?

IPv4 has 10^32 addresses. IPv6 has 10^128. My ISP has allocated me a
block of 10^64 IPv6 addresses that's 32 bits more than the whole of the
IPv4 range. Apart from the fact that my routers firewall blocks people
trying to get in how long do you think it will take someone to try all
of my 10^64 addresses to find a printer if it's switched on at the
time?

--
Faster, cheaper, quieter than HS2
and built in 5 years;
UKUltraspeed http://www.500kmh.com/

Rodney Pont wrote:

IPv4 has 10^32 addresses. IPv6 has 10^128.

2^32 and 2^128