V4 only update URL?

is there an Update URL that only updates V4? because when v6 updates it obviously throws in the ipv6 of the router, which leads to all sorts of issues with devices behind NAT with portforwarding being reachable

Hi My1!

If you mean an update API that only changes the A record without modifying the AAAA record using a single HTTP GET, then no, I don’t think that exists.

If you provide only the IPv4 address then any IPv6 address will be removed.

See: IP Update API — deSEC DNS API documentation

NAT on IPv6? Seriously? What for?

Your router will generally never update the DDNS AAAA record for a LAN device. Doing so would seldom make sense. And it might be hard for the router to figure out which IPv6 address to use.

However your LAN device can update a DDNS AAAA record itself when its public IPv6 address changes. Just set up a different DDNS subdomain for this so there are no conflicts with what the router does.

The challenge is in detecting the change of the public IPv6 address on the device.

a) Normal devices generally have a whole bunch of IPv6 addresses. Not all are public in scope and some may be temporary. A server should use static IPv6 addresses but in a typical home/office setup this is probably not possible. The issue is in figuring out which IPv6 address to use.

b) Depending on setup, when the IPv6 prefix changes, the device Interface Identifier (IID) might change as well. (RFC 8981)

c) In some situations devices might have more than one public IPv6 address, even more than one public IPv6 prefix, at a time. Which one do you want to update DDNS with?

d) While your router probably triggers the DDNS update on changes, for devices there is generally no way to get notified about IPv6 address/prefix changes. You will probably need to poll at regular intervals. This will cause a delay between the time of the change and the update of the DDNS records.

e) In addition to the AAAA record for the LAN device, the router may need to have settings for allowing incoming connections to that device (on specified ports). Some routers identify the LAN devices by their IID. If that changes when the IPv6 prefix changes (see (b) above) the setting will no longer work. Also using SLAAC (RFC 4862) to update the IPv6 prefix while keeping a manually set IID will probably not work. EUI64s may help though.

The takeaway is: If you can, run servers/services on static IPv6 addresses, not on dynamic ones. If you have no choice then be aware that there are some drawbacks and quite a lot of complications.

HTH

fiwswe

My1, we have been planning to introduce a “preserve” parameter that can be included in the URL to disable updates of v4 and v6 addresses. We also have discussed adding “update4.dedyn.io”. Would either of them help?

in order to not need several completely isolated updaters that can each fail on their own, all need the token which have full control over everything rather than having one central updater from the router (also not all devices are capable of upgrading DDNS themselves)
it’s absolutely ridiculous, I am aware.

not every LAN device can, also it’s a pain to manage.

and at that point it’s just easier for now to just dump IPv6 for now.

Thanks for pointing out the obvious, problem is you dont always get a static prefix without pain cost or both. With a static IP one wouldnt need DynDNS in the first Place.

sounds very helpful, yes (providing preserve also means preserving emptiness)

Still not sure where NATv6/NAT66 becomes relevant here? You should need that only in very obscure situations.

But apart from that, either I’m missing something here or your comments indicate you don’t fully understand your IPv6 environment. Assuming you are in a typical home/office setup with an Internet provider that gives you 1 dynamic IPv4 address and 2 IPv6 prefixes things would look like this:
x.x.x.x/32 public dynamic IPv4 address
yyyy:yyyy:yyyy:yyyy::/64 public dynamic IPv6 address prefix for your router
zzzz:zzzz:zzzz:zz00::/56 public dynamic IPv6 address prefix for your LAN devices.

So your router knows its own public IPv4 and IPv6 addresses of course and can update DDNS with them. But it does not really know the full public /128 IPv6 addresses of the LAN devices. The IPv6 communication between router and LAN device will probably use only link local addresses, not the public ones. So the router has no way to update DDNS with the correct public IPv6 address of the LAN device.

Add to that, that a LAN device may have more than one public IPv6 address, potentially even using different IPv6 prefixes in a multihoming setup, and you can see that only the device can do the DDNS update for its own dynamic public IPv6 address.

And when the zzzz:zzzz:zzzz:zz00::/56 prefix changes, even if the router does not touch the DDNS AAAA record, someone has to update it to point to the new IPv6 address of the LAN device. Sure you could do that manually but that misses the point of this discussion.

Note: My example would be valid for a Telekom VDSL connection in Germany for example. Others are probably similar.

As you did not mention any details about the LAN device(s) in question, I can’t help you there. As for the management, once it’s set up, you should not need to touch it again.

I have done all this for OpenBSD hosts on the LAN. Steep learning curve, some things I wanted where not possible but it basically works. I am hosting e.g. a web server on one of these machines that listens on IPv6 only. It detects changes in the IPv6 prefix, updates DDNS and the httpd.conf, restarts the service and writes some logs. Oh and my router also updates DDNS A and AAAA records, but for a different hostname of course.

For me the proposed changes to the deSEC update API would not have helped because I am actually using more than one LAN host and hosts with multiple interfaces. (My reason for using IPv6 was that I wanted to avoid the limitations of IPv4 port forwarding to different hosts. I can’t run 2 services on different hosts on the same external port given only one IPv4 address.) Thus I need to be able to update multiple DDNS hostnames. Still, I can see that this change would help some people.

HTH
fiwswe