@doachs@ipv6.social cover
@doachs@ipv6.social avatar

doachs

@doachs@ipv6.social

#Linux, #IPv6, Mountain Bikes / #fatbike, #Minnesota, and #FPV Drones.

I volunteer as the VP of Technology and Regulations for the FPV Freedom Coalition

I build and maintain the mountain bike trails in my local community. #mnmtb

I push people to use ipv6 whenever possible.

This profile is from a federated server and may be incomplete. View on remote instance

doachs , to Random stuff
@doachs@ipv6.social avatar

So apparently the place we get our SSL certs from ( indirectly via Sectigo ) will allow you to put IPv4 addresses in your certs as SANs, but they have told me that they "are not issuing certificates for ipv6 addresses"

Bummer, as that makes DNS over TLS less useful in some cases. :(

#dns #tls #ipv4 #ipv6

doachs , to Firefox
@doachs@ipv6.social avatar

Not sure what if anything I am doing wrong, but I wanted to try setting up a personal DNS over HTTPS server ( #DOH ) that was password protected, but I can't make it work.

DOH without authentication works fine, but once I have the server require a username and password #firefox and chrome won't pass a username to the DOH server.

I've tried a url like https://username:password@doh.example.com but the browsers just seem to ignore the username.

Seems like this feature is not supported. :(

#dns

doachs OP ,
@doachs@ipv6.social avatar

@xdydx I can't remember where I started. I first created a DOH server many years ago using NGINX. However as I was replacing that system recently I wanted to ditch the NGINX part and do it all with ISC BIND, which can do DOH natively now.

But when I was trying to make things more secure and locked down I found the issues I mentioned.

doachs OP ,
@doachs@ipv6.social avatar

@xdydx I tried using NGINX to for authentication, which works, but I could not get any web browser to actually use it.

I want to use DOH to my own DNS server on a laptop wherever in the world I may be. That means it needs to be open to the world, but I'd rather not have the world have access to an otherwise internal DNS server.

If the browser stored the credentials, authenticated DOH would happen without me noticing anything.

I could obfuscate it a bit, but decided to just give up for now.

doachs , to Random stuff
@doachs@ipv6.social avatar

Just one of the many reasons why and NAT needs to go. Some of us still remember the good old days of the internet and networking before NAT. It seems like so many people now can't even comprehend how a network could possibly run without NAT.

Not only is it possible to have a no NAT network, it's actually really nice.

This quote is from the APNIC blog: https://blog.apnic.net/2024/01/17/ip-addresses-through-2023/

ALT
  • Reply
  • Expand (2)
  • Collapse (2)
  • Loading...
  • + xdydx
    doachs OP ,
    @doachs@ipv6.social avatar

    And it doesn't stop there. The blog post continues on with more excellent points.

    ALT
  • Reply
  • Loading...
  • markrprior , to Random stuff
    @markrprior@ohai.social avatar

    support for services doesn't appear to have changed in the last decade. ISPs may have deployed it in the plumbing but that hasn't translated to services.
    Domain name service does best because only one name server needs to be reachable via IPv6 to pass the test and a number of domains use a 3rd party that supports IPv6. Mail delivery and Web site have been largely static for a decade.
    is even worse than IPv6 and I suspect that DANE wouldn't be noticeable.

    doachs ,
    @doachs@ipv6.social avatar

    @markrprior Any idea why there is a big spike in the graphs just recently? Are you monitoring more domains?

  • All
  • Subscribed
  • Moderated
  • Favorites
  • supersentai
  • WatchParties
  • Rutgers
  • jeremy
  • Lexington
  • cragsand
  • mead
  • RetroGamingNetwork
  • loren
  • steinbach
  • xyz
  • PowerRangers
  • AnarchoCapitalism
  • kamenrider
  • Mordhau
  • WarhammerFantasy
  • itdept
  • AgeRegression
  • mauerstrassenwetten
  • MidnightClan
  • space_engine
  • learnviet
  • bjj
  • Teensy
  • khanate
  • electropalaeography
  • neondivide
  • fandic
  • All magazines