802.1x instead of switch ACLs SSSD (Linux) or Active Directory (Windows) or other more custom solutions for dynamic DNS Firewalls rules that use those dynamic DNS names

Bonus: the relatively recent RFC 9686 that I hope will get some good traction: https://datatracker.ietf.org/doc/rfc9686/

Dynamic DNS, DHCP, and static assignment are all still part of IPv6. Putting single IPs in switch ACLs is an anti pattern. Consider zero trust or working with whole subnets(they're plentiful in v6) instead.

Every IPv6 networker fan has rabidly torn me to pieces when I asked how to deploy DHCPv6.

Apparently it's "not how it's done" and we're "doing it wrong".

My SOHO equipment doesn't really support it either, so it's just as well, staying on IPv4 which does DHCP and solves that problem.

> DHCP

Not if you're on Android. https://issuetracker.google.com/issues/36949085

Bless them for not allowing it.

How do you setup dynamic dns in your network? Which software do you use?

Turn off temp addresses. If your prefix changes then use ULA addresses.

I suppose I could have said how.

Windows in powershell:

  SetNetIPv6Protocol -UseTemporaryAddresses Disabled
  SetNetIPv6Protocol -RandomizeIdentifiers Disabled

Linux:

  sysctl net.ipv6.conf.all.use_tempaddr=0

or in NetworkManager config file:

  ip6-privacy=0

OpenBSD:

  ifconfig em0 inet6 -temporary

Yeah. ULA and nat66 would work nicely. Except you would get murdered for asking about nat66.

I'm convinced half the ipv6 subreddit is made of people who don't actually like ipv6 and are trying to subvert it. The advice they give sometimes is just insane. "Just get a new ISP bro..."

I think a lot of people assume privacy addresses are required. You can just not mess with them. Privacy is dead anyway.

"Build yourself an IPAM solution, at great operational cost and complexity."