Which DNS Do You Use? And other newb queries.

heysoundude

Part of the Furniture
Why? With IPv6 enabled DNS filtering may not be as efficient or may not work at all; VPN in Asuswrt-Merlin may have IPv6 leaks. IPv6 doesn't improve speeds, just makes things more complicated and that's in case different firmware components and scripts support IPv6 at all.
yes, but I like the idea of being a grain of sand on a beach from the perspective of IP address, and OP did mention a concern for privacy. obfuscation/obscurity fits in nicely there...and there are IPv6 privacy extensions.
 

Tech9

Part of the Furniture
This grain of sand is not your network, but every device you have. It's easily identifiable by its IPv6 address alone. I prefer the old school way NAT as a shield. When you connect to Microsoft, Apple or Google with your single external IPv4 they don't know what device is making the requests. With IPv6 they see your iPad, Surface or Samsung phone. How is this helping with privacy?
 

Luciferikass

Occasional Visitor
I am going through the diversion install, is standard the better option? I understand what it does, but is it what most people use? Also, do I have to add blocklists after I start diversion on the router?

Thanks!
 

Tech9

Part of the Furniture
Diversion comes with pre-configured block lists for Lite, Standard, etc. settings. I don't know what most people use. I don't use Diversion.
 

AntonK

Very Senior Member
I am going through the diversion install, is standard the better option? I understand what it does, but is it what most people use? Also, do I have to add blocklists after I start diversion on the router?

Thanks!
You can learn more about Diversion at the developer's page(s) as well.
 

L&LD

Part of the Furniture
Older Asus routers with CTF NAT acceleration enabled aren't compatible with ntpd and chrony.

There, I fixed it for you. :)
 

heysoundude

Part of the Furniture
And that is it, right? A list of ellipes and my external IP? That is what I see. Thanks very much!
to reply to an earlier query, diversion Standard works pretty well. you can always increase it from there.
what about ipv6 on your connection?
This grain of sand is not your network, but every device you have. It's easily identifiable by its IPv6 address alone. I prefer the old school way NAT as a shield. When you connect to Microsoft, Apple or Google with your single external IPv4 they don't know what device is making the requests. With IPv6 they see your iPad, Surface or Samsung phone. How is this helping with privacy?
my understanding is SLAAC disassociates device MAC addresses from IP - that's the real key: scatter every grain of sand to the whirlwind of the interwebz; the more sand flying around, the harder it is to identify as a random target. So while it's not exactly private by the definition, there's no device identifier associated with an ipv6 address other than manufacturer/model, and you're flying around with a bunch of others...If someone is playing Where's Waldo? - you're not wearing a striped shirt...or was it his hat?
 

ColinTaylor

Part of the Furniture
my understanding is SLAAC disassociates device MAC addresses from IP - that's the real key: scatter every grain of sand to the whirlwind of the interwebz; the more sand flying around, the harder it is to identify as a random target. So while it's not exactly private by the definition, there's no device identifier associated with an ipv6 address other than manufacturer/model, and you're flying around with a bunch of others...If someone is playing Where's Waldo? - you're not wearing a striped shirt...or was it his hat?
IPv6 is intentionally non-private (if by private you mean anonymous) by design. It was only later that the blindingly obvious problem with this seems to have been realised. SLAAC is a belated attempt to stick a band-aid over this problem. At best it returns the level of anonymity back down to the network level (rather than host level), the same as a NATed IPv4 connection. So in short, no IPv6 doesn't improve privacy, it just adds another attack surface.
 
Last edited:

Tech9

Part of the Furniture
my understanding is SLAAC disassociates device MAC addresses from IP

The main problem with IPv6 is most DNS filtering services just can't do the job anymore. I keep it disabled for more control over my network. No popular website needs IPv6 exclusively. Some game consoles use it, but I have no gamers around. I don't need to enable features introducing more challenges to my network for no reason. Read around SNB how people don't realize they have IPv6 leak when using VPN. The moment you see >300Mbps OpenVPN on home router you know what's going on there. Most folks use Asuswrt-Merlin and RMerlin's ISP doesn't support IPv6 - he can't test anything IPv6 related.
 

heysoundude

Part of the Furniture
The main problem with IPv6 is most DNS filtering services just can't do the job anymore. I keep it disabled for more control over my network. No popular website needs IPv6 exclusively. Some game consoles use it, but I have no gamers around. I don't need to enable features introducing more challenges to my network for no reason. Read around SNB how people don't realize they have IPv6 leak when using VPN. The moment you see >300Mbps OpenVPN on home router you know what's going on there. Most folks use Asuswrt-Merlin and RMerlin's ISP doesn't support IPv6 - he can't test anything IPv6 related.
I don't recall the OP mentioning a VPN in play in their situation...I'd have to scroll back to confirm. And unbound's @Martineau is working on WireGuard for us, so I think your arguments will soon be moot, regardless of Merlin's connectivity.
IPv6 is intentionally non-private (if by private you mean anonymous) by design. It was only later that the blindly obvious problem with this seems to have been realised. SLAAC is a belated attempt to stick a band-aid over this problem. At best it returns the level of anonymity back down to the network level (rather than host level), the same as a NATed IPv4 connection. So in short, no IPv6 doesn't improve privacy, it just adds another attack surface.
I like how you always add your perspective/experience/opinion to my posts, CT - thank you.
 

Tech9

Part of the Furniture
What's your real benefit of using IPv6, @heysoundude? What's IPv6 "opens things up considerably" (quote from another thread)? I'm an old school networking guy, tell me what I'm missing with my IPv4 network with examples, of possible. It's a genuine question.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top