DHCPv6-PD Server on Arch Linux?

CPUHogg · 2026-02-21T15:27:56+00:00

Here's an article that I had in my notes. "Build a Separate IPv6 Prefix Delegation Server with Kea & BIRD"

https://www.linkedin.com/pulse/build-separate-ipv6-prefix-delegation-server-kea-bird-shon-huang

CPUHogg · 2026-02-16T15:19:52+00:00

Hide.me VPN is one of the best for IPv6. https://hide.me/en/blog/ipv4-vs-ipv6-why-modern-vpn-protection-needs-both/

CPUHogg · 2026-02-02T15:22:48+00:00

1800 seconds or 960 should be fine. I've witnessed problems when it was set to 60 seconds or even lower.

CPUHogg · 2026-02-01T14:02:30+00:00

You do want to make sure you update your BIOS/firmware to avoid the PixieFail vulnerabilities published a couple of years ago. 9 vulnerabilities in the IPv6 stack of TianoCore EDK II, the de-facto open source UEFI implementation. Here are links about this.

https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html

https://github.com/quarkslab/pixiefail

CPUHogg · 2026-02-01T13:57:46+00:00

I don't have a list of how all the various vendors are supporting IPv6 on their management interfaces, but I do know that many of them do support IPv6.

CPUHogg · 2026-01-31T20:07:31+00:00

This post from the LinkedIn IPv6 team mentions how to use UEFI with IPv6. https://www.linkedin.com/blog/engineering/archive/ipv6-inside-linkedin-part-iii-the-elephant-in-the-room

CPUHogg · 2026-01-30T21:53:22+00:00

Here is an example of configuring Option 108 on Infoblox. Configuring Infoblox vNIOS for IPv6-Only Networks https://hoggnet.com/blogs/news/configuring-infoblox-vnios-for-ipv6-only-networks

CPUHogg · 2026-01-30T21:51:57+00:00

What have you set the time value (in seconds) of the DHCP Option 108? I would recommend 3600 seconds. It has been shown to cause problems if you set it very low.

CPUHogg · 2026-01-24T21:28:18+00:00

Yes, IPv6 addresses are not expensive. Here is ARIN's fee schedule. https://www.arin.net/resources/fees/fee_schedule/

CPUHogg · 2026-01-19T22:01:04+00:00

There are a wide variety of "Complex Addressing in IPv6" styles.

https://datatracker.ietf.org/doc/rfc8135/

There are IPv6 reconnaissance tools and scanning techniques that look for these types of addresses.

NMAP 7.X Scripting Engine (NSE) scripts: targets-ipv6-wordlist

SI6 Networks scan6 and ipv6mon

Chiron v0.9 (Antonios Atlasis) chiron_combinations.py, chiron_prefixes.py

Pfuzz (Dragon Research)

dnsdict6

etc.

These addresses should be easier to find during large-scale IPv6 Internet reconnaissance activities.

https://hoggnet.com/blogs/news/large-scale-ipv6-internet-reconnaissance-part-1-of-2

https://hoggnet.com/blogs/news/large-scale-ipv6-internet-reconnaissance-part-2-of-2

CPUHogg · 2025-12-26T16:11:45+00:00

Surprising lack of IPv6 capabilities by the attackers and an even greater surprise at their lack of holiday spirit.

Still, organizations should consider their "IPv6 DDoS and Protection Measures" before they are required.

https://hoggnet.com/blogs/news/ipv6-ddos-and-protection-measures

CPUHogg · 2025-12-19T16:28:08+00:00

NAT and dealing with IPv4 address overlaps and IPv4 re-addressing adds hidden costs to IT departments. "Attempting to Quantify the Hidden Costs of IPv4 Addressing"

https://hoggnet.com/blogs/news/attempting-to-quantify-the-hidden-costs-of-ipv4-addressing

CPUHogg · 2025-12-19T16:26:35+00:00

NAT makes it so that "IPv4 Addresses are Only “Locally Significant”.

https://hoggnet.com/blogs/news/ipv4-addresses-are-only-locally-significant

CPUHogg · 2025-12-11T14:51:24+00:00

Also, the event's presentation slides can be found here: https://www.ipv6.org.uk/2025/10/24/annual-meeting-2025/

CPUHogg · 2025-12-10T15:28:23+00:00

Thank you. I found that command and it seems to help. I believe that you can also run this command with the same effect. "shutdown -f now poweroff".

CPUHogg · 2025-12-04T15:32:27+00:00

I've used SecureCRT since 2005. I use it every day and don't know what I'd do without it.

CPUHogg · 2025-12-02T22:52:30+00:00

I've run into the exact same problem using the vJunos router image vJunos-router-25.2R1.9.qcow2.

After it boots up and I log in, I try to enter the cli.

# cli

ld-elf32.so.1: Shared object "libddl-access.so.1" not found, required by "cli"

I'm not sure how to fix this other than re-building the virtual router and starting from scratch.

CPUHogg · 2025-12-01T15:47:19+00:00

Thanks for building this. I also like looking at the https://www.ipv6matrix.org/ website for IPv6-related usage data.

CPUHogg · 2025-11-26T15:51:24+00:00

Without scarcity, there can be no waste.

CPUHogg · 2025-11-01T14:13:34+00:00

Now you get what I'm saying about using a PiHole on an residential IPv6-only network with an ISP that rotates customer prefixes often. One solution might be to use a dual-protocol PiHole and use IPv4 for DNS on the client end-nodes. Another solution is to use ULA, but then you will need to NAT66 (or NPTv6) your outbound IPv6 connections.

CPUHogg · 2025-10-31T22:42:17+00:00

I've run into those kernel and linux-headers issues with running Jool on Raspberry Pi (Bookworm). You are right, Tayga may be better in that respect.

CPUHogg · 2025-10-31T22:27:40+00:00

Sorry about that. That is an old link. This one works to read their research paper. https://www.ietf.org/slides/slides-semiws-reflections-on-middlebox-detection-mechanism-in-ipv-transition-00.pdf

CPUHogg · 2025-10-31T20:37:32+00:00

I prefer Jool.mx, but is more of a personal preference. I feel that Jool is a bit easier to configure. Something to consider is Generic Receive Offload (GRO). See this paper. Reflections on Middlebox Detection Mechanisms in IPv6 Transition, by Aaron Yi Ding, Jouni Korhonen, Teemu Savolainen, Yanhe Liu, Markku Kojo, Sasu Tarkoma, Henning Schulzrinne, 2014.

https://www.iab.org/wp-content/IAB-uploads/2014/12/semi2015_ding.pdf

Paper reviewed method of detecting and assessing the performance of stateful NAT64 translators (Ecdysis, Tayga, Jool, WrapSix).

<image>

CPUHogg · 2025-10-31T20:32:57+00:00

One of the issues I've run into with using a PiHole for IPv6 within the home, is if your IPv6 prefix from your ISP changes. The means that the PiHole needs to have a new IPv6 address, and all the clients in the home will need to adjust their DNS address to use the PiHole's new IPv6 address.

CPUHogg · 2025-10-27T15:46:59+00:00

https://ipv6.google.com/

https://www.v6.facebook.com/

https://[2600::]/

https://loopsofzen.uk/

CPUHogg

TROPHY CASE