[dns-operations] Link-local IP addresses for a resolver?
warren at kumari.net
Thu Sep 26 02:05:18 UTC 2019
On Wed, Sep 25, 2019 at 6:33 PM Joe Abley <jabley at hopcount.ca> wrote:
> On 25 Sep 2019, at 18:18, Warren Kumari <warren at kumari.net> wrote:
> > Yes, the best practice and advice is to choose something random, but
> > network engineers are humans too, and if you had to remember and try
> > tell someone over the phone to use fd5a:8109:a679:180a:45d3:d653:22:1
> > or fd00:1::1 as the default gateway, which would you rather do?
> You could choose something random then give the end-user a DNSSEC-signed DNS name instead of the address.
That only works once they have a working network, which is why I used
the example of "default gateway" and not "browse to
fd5a:8109:a679:180a:45d3:d653:22:1". I've seen people encode the
building number / floor / VLAN / etc into the network address, when
you are configuring a router you almost always enter interface address
instead of using DNS, etc. Having a deterministic, and easy to
remember address is much much easier at 3AM, I'm less likely to typo
fd00:13:1 than fde3:783e:127d: , etc.
I personally don't use ULAs / site local, but I fully understand why
those who do use easy addresses...
Yup, let me know once that's done and I'll buy you dinner :-P
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
More information about the dns-operations