To IPV6 or not to IPV6 , that is the question?

C

calssifed user

Contributor
Recently i had enabled IPV6 on my router. All of the devices have a public IPV6 address. The experience is mixed. Noticing ads being pushed , though i have adblocker and devices are configured with proper DNS entries. If anyone of you have enabled IPV6 , would like to know your experience and best practices for Home devices w.r.t security, DNS etc. Or should I just stick to IPV4 for home devices.
 
Better to have v6 than v4 - there should be a small performance boost.

Coming back to security - there is NAT and then there is the firewall. For v6 you need to configure the firewall properly to allow outside access to your devices - if allowed. There is no NAT (usually) in v6.

Your devices have both v4 and v6 address. So you should be able to manage them with ease.

We had enabled v6 in our office. Did not find it of much use. @superczar is another with v6.
 
I have disabled ipv6 network wide. I read long time ago about the security implications, not sure and can't remember much details.
I would definitely want to know more if it's even needed and pros and cons. Personal experiences will be very helpful.
 
I noticed cold load time of pages were longer as I am running dual stack up and dns is on ipv4 . But the page navigation is super quick. On security I am using router firewall , but nothing fancy
 
For a home user, I don't see any reason to not use IPv6. Saying it's not secure is not accurate.

IPv4 is easier to wrap your head around. The way IPv6 addresses are assigned, its types and the idea of having multiple addresses for a single device/interface is unfamiliar to most people (even for the technically inclined). Having a public global IP for each devices makes people think their device is exposed to the internet without safeguards. That's not true. It just feels that way without NAT or Port forwarding.

The main thing is that some of the network security or administration techniques developed around IPv4 cannot be used with IPv6. This causes a headache in Corporate/Enterprise environments where they have to figure out new ways to achieve the same effect.

calssifed user said:
Recently i had enabled IPV6 on my router. All of the devices have a public IPV6 address. The experience is mixed. Noticing ads being pushed , though i have adblocker and devices are configured with proper DNS entries.
Click to expand...
Your ISP is assigning you one or more IPv6 DNS addresses via DHCP. You should manually set both IPv4 and IPv6 DNS addresses in this case. If it still happens, your ISP might be hijacking unencrypted DNS queries. To avoid that, use DNS over HTTPS.
 
calssifed user said:
The dns server has its own IPv6, but haven't figure out how to set static ipv6 . All my DNS requests are routed to IPv4
Click to expand...
Is your router assigning a link-local IPv6 address for the unbound server? It starts with "fe80". If so, you can consider that to be static as it's generated based on the MAC address of that particular interface. Only the global IPv6 addresses keep changing for privacy reasons.
 
vivek.krishnan said:
We had enabled v6 in our office. Did not find it of much use. @superczar is another with v6.
Click to expand...
This reminds me of an issue...
I have 1 v4 WAN @500mbps (WAN A) and 1 v4+v6 @300mbps (WAN B)
The problem that I face is that my load balancer , ends up preferring v6 on WAN B over WAN A most of the time
even though I would have preferred the higher weighted WAN A to be the highest priority


StygianClaw said:
For a home user, I don't see any reason to not use IPv6. Saying it's not secure is not accurate.
Click to expand...
Yes and No
v6 is not inherently more insecure by any means
But many consumer routers are not firewalls (some may have but most i have seen don't)

on v4, you get automatic security because of the NAT layer despite the lack of a firewall
On v6, you don't
 
Top Bottom