(Sorry if this is too off-topic:) ISPs seem designed to funnel people to capitalist cloud services, or at least I feel like that. And it endlessly frustrates me.
The reason is even though IPv6 addresses are widely available (unlike IPv4), most ISPs won’t allow consumers to request a static rather than a dynamic IPv6 prefix along with a couple of IPv6 reverse DNS entries.
Instead, this functionality is gatekept behind expensive premium or even business contracts, in many cases even requiring legal paperwork proving you have a registered business, so that the common user is completely unable to self-host e.g. a fully functional IPv6-only mail server with reverse DNS, even if they wanted to.
The common workaround is to suck up to the cloud, and rent a VPS, or some other foreign controlled machine that can be easily intercepted and messed with, and where the service can be surveilled better by big money.
I’m posting this since I hope more people will realize that this is going on, and both complain to their ISPs, but most notably to regulatory bodies and to generally spread the word. If we want true digital autonomy to be more common, I feel like this needs to be fixed for consumer landline contracts.
Or did I miss something that makes this make sense outside of a big money capitalist angle?
You must log in or register to comment.
Use hostnames and dynamic prefixes or addresses don’t really matter. Haven’t had an issue in years and my last isp changed prefixes multiple times a week. I mean technically it would not be available for five minutes when IP changes but never noticed.
It’s just one more bullshit thing to set up, but yeah I might be doing it soon.
Starlink gives me an ipv6 its not static as such but a dynamic DNS can solve that issue. My ISP issue is that my mobile provider doesn’t give me an ipv6 at all so I can’t route to my home server without a gateway to proxy.
Starlink is worse that many other options. I would avoid it if you can.
Except I’m in rural Australia. Star link is objectively the best option.
It sucks that rural Australia’s part of the NBN got kneecapped down to Skymuster. I’ve played with Starlink quite a while ago and unless it’s really heavy rain it works really well up to the point of being able to stream games on GeForce NOW. Obviously a fast wired connection is preferable but as you say Starlink really is the only good option for a lot of people.
My dynamic IPv6 prefix hasn’t changed in a couple of years. It only changed because I reset the router config and that changed my DUID. That’s good enough for everything I host. I don’t even bother with dynamic DNS anymore.
I wouldn’t bother with trying to host an email server from a residential connection though. Even if you can get your ISP to open port 25 for you, many email servers won’t accept mail from residential IP addresses.
Vodafone gave me an IPv4 in Germany no problem. I asked and they gave it to me. They said it’s not static, but it hasn’t changed for me in years.
Xfinity in the states is like that too. Technically I don’t have a static but it’s only changed twice in 4 years or so.
Once was during a really really bad storm which took power down in my state for days so I don’t blame them, and the other one was when they did work on my local node but they sent out an email and a letter before hand lol
I think there are still enough v4-only systems out there that you don’t really want to host a mail server on v6. You are right though that it would be nice to be able to get static v6 (or for that matter v4) addresses from home isp’s. Some do offer that of course.
Another issue can be that the average home internet user has no idea keep even a client system secure. So ISP’s might use NAT and default firewall configurations partly to stop incoming connections on the theory that they are likely to be malicious. On home routers you can usually open ports if you know what you’re doing. I don’t know if that’s even possible on mobile phones.
IP blocklisting is still very much a thing as well so you can expect any mail originating from a residential IP to be rejected due to their /24 or larger having previously sent spam, and that assumes you can send server-to-server mail (destination port 25/tcp) in the first place since many ISPs and server providers block traffic destined to that port by default to prevent users from getting their IP blocklists. My home ISP blocks outbound SNMP traffic (or at least did 10 years ago) presumably to also prevent abuse. That said, things like blocking inbound port 80/tcp and 443/tcp is purely a measure to prevent people running servers at home which I’m not a fan of.
Yes, that too. I hadn’t even thought about trying to send email from a home ISP. Everyone knows you basically can’t. I thought the idea was to receive email rather than send it, so you wouldn’t be relying on some bigtech company to store it for you.
If you’re looking for sympathy, you got it. Fuck the state.
If you’re looking for solutions, use a cheap $5/mo VPS that exists purely as your gateway host. Run everything you want on your home machines, then tunnel the traffic to your gateway and reverse-proxy it there. Your data stays in your hands, you can spin up and expose new services publicly in a matter of minutes, AND your home IP isn’t vulnerable to doxxing or DoS.
Thanks king, this actually makes sense!
@dgdft @ellie @selfhosted this is the way
While I agree on a practical level, and pragmatism sure is important, long term that workaround still keeps you paying for cloud services and gives cloud companies an easy way to directly man-in-the-middle your traffic. So I’m hoping one day the situation will improve.
@ellie @selfhosted what is the actual alternative? also, not all vps are offfered by megacorps.
The alternative is to get your ISP to offer you a static IPv6 and a reverse DNS PTR entry for your IPv6, like I asked for in the initial post. Some ISPs do if you offer them more money, some only do if you offer them more money and a legit business registration, apparently a few rare ones do it for free, and some never do it.
Once you got the static IP, you can point DNS directly to yourself, and there’s no VPS or anything in between. Browser traffic and so on directly comes to your machine.
@ellie @selfhosted I’ve never seen that from an ISP. 🤷♂️
use a cheap $5/mo VPS that exists purely as your gateway host
Now, why so expensive?
https://racknerdtracker.com/?sort=price
Disclaimer: I never used Racknerd (nor any other VPS).I’ve used them for years with literally zero issues. Performance a for a cheap VPS. And since all the real work happens on my machines, if they enshittify, I can easily move elsewhere.
“JUST $10.28/YEAR - WOW!!” Laughed out loud at that, and I’ll have to give this a look. Currently I just use nginx and duckdns to expose my home IP for my self hosted stuff.
Thank you sir!
Is there a more detailed guide to this practice and the pros/cons?
This is @[email protected]‘s work, not mine - but it’s pretty similar to how I’d set things up:
https://wiki.gardiol.org/doku.php?id=networking%3Assh_tunnel
Really appreciated the reference!
Good to know my wiki is of any use to somebody.
:)
I basically do exactly this, but I am running the reverse proxy on my home computer: the VPS is literally just acting as a proxy, for which I use wireguard to tunnel the connection. So far it’s worked great, though initial setup was a pain.
So you essentially have a DMZ between your VPS and home network that is divided by your reverse proxy?
This is a great suggestion!
Lest anyone miss the buried lede, this approach means that traffic is pre-encrypted as it passes through the gateway VPS - so even if your VPS gets hacked, it’s way harder to steal credentials and break into the services running on your home network.
I think you’re giving their ability to coordinate too much credit. Best guess the ISPs are just withholding anything that requires investment to deploy or that they can monetize themselves. Everybody else is just bottom-feeding by selling workarounds wherever the ISPs can’t or won’t.
The invisible hand of the market sucks at creating optimal solutions, but it does great at creating scammy crap that will take your money, no conspiracy necessary.
Yepp, Hanlon’s razor: they are mostly just lazy and maybe incompetent, not necessarily evil, that’s just a side effect. E.g. in my country if you call them that you want to get out of CGNAT they’ll just do that for you. My IP haven’t changed in years, but I don’t pay for fix IP. But it may be different in each country, I have mostly good experiences with local ISPs here.
I wonder how often the assigned prefix changes with most of the regular ISPs. I’d have to look someone else’s router since I’m still stuck on an old contract. But I believe what I saw with some of the regular consumer contracts: the prefixes stay the same for a long time. You could just slap a free DynDNS service on top and be done with it.
But yes, I think this used to be the promise… We’d all get IPv6 and a lot of gadgets like NAS systems, video cameras and a wifi kettle and they’d be accessible from outside. Instead of that we use big capitalist cloud services and all the data from the internet of things devices has some stopover in the China cloud.
My ISP seems to use just normal DHCP for assigning addresses and honors re-use requests. The only times my IP addresses have changed has been I’ve changed the MAC or UUID that connects. I’ve been off-line for a week, come back, and been given the same address. Both IPv4 and v6.
If one really wants their home systems to be publicly accessible, it’s easy enough to get a cheap vanity domain and point it at whatever address. rDNS won’t work, which would probably interfere with email, but most services don’t really need it. It’s a bit more complicated to detect when your IP changes and script a DNS update, but certainly do-able, if (like OP) one is hell bent on avoiding any off-site hardware.
My ISP is a local deal, well-known for protecting privacy, and run by an absolute nerd (in the best way possible, also outspoken about privacy, FOSS, and other such things). Their customer service is second-to-none; I had an issue with my static IP a couple years back, and had an actual engineer on the line within a few hours. On a weekend.
It’s XMission. I dropped Comcast for them once they were in my area. Comcast can climb up a cactus.
I’m jealous. Xmission is all around me but not in my area. Luckily I have another local ISP (and not Comcast) but they want $10 a month for a static IP.
I pay $89/mo total for symmetrical gigabit via UTOPIA, no monthly cap, and my static IP. I was paying Comcast a hair over $60/mo before this for 400/20 via cable w/1.2TB cap.
Absolutely worth it.
Pete Ashdown’s a badass. Big up XMission.
Hell yeah. I don’t normally simp for companies, but I will happily support locally owned alternatives to big, faceless corporations, even if it costs a bit more. Usually.
This is a huge problem. We need to start our own ISPS. Municipal owned or alongside a microgrid co-op are good options
The big issue is that your network provider is also the physical provider, and there’s no real competition as a result.
When most people got their Internet service over telephone lines, your ISP didn’t need to also own the telephone lines, they just needed some telephone numbers.
When the telcos themselves got into the business of providing internet access, they pushed out the competition.
The 1996 Telecommunications Act, written by a Republican Congress, and signed into law by a Democratic president (Clinton) is largely responsible for the current state of affairs.
The “Information Superhighway” is a toll road, built by taxes, but owned by private corporations.
What’s crazy is that the government paid these corporations to build this infrastructure.
When your government pays, say, a road building company to build roads, one doesn’t then grant the ownership of those roads to that company.
But that is EXACTLY what we did with our communications infrastructure.
Asymmetric bandwidth is literally designed to ensure you remain a consumer and is actively inhibiting the collaborative, communal web utopia we were told was going to be the future.
I think really it’s designed because you’re a consumer. Most people consume far more bandwidth than they upload, so asymmetry is more efficient.
is that because asymmetry is the norm due to these ISPs’ practices or because people just don’t upload things often as a common behavior?
i recall a lot of my peers hosting mail and web servers among other things when broadband started to become more common, before they started blocking common ports as “security” and “antivirus” measures designed to extract more money from you.
For shared lines like cable and wireless it is often asymmetrical so that everyone gets better speeds, not so they can hold you back.
For wireless service providers for instance let’s say you have 20 customers on a single access point. Like a walkie-talkie you can’t both transmit and receive at the same time, and no two customers can be transmitting at the same time either.
So to get around this problem TDMA (time division multiple access) is used. Basically time is split into slices and each user is given a certain percentage of those slices.
Since the AP is transmitting to everyone it usually gets the bulk of the slices like 60+%. This is the shared download speed for everyone in the network.
Most users don’t really upload much so giving the user radios equal slices to the AP would be a massive waste of air time, and since there are 20 customers on this theoretical AP every 1mbit cut off of each users upload speed is 20mbit added to the total download capability for anyone downloading on that AP.
So let’s say we have APs/clients capable of 1000mbit. With 20 users and 1AP if we wanted symmetrical speeds we need 40 equal slots, 20 slots on the AP one for each user to download and 1 slot for each user to upload back. Every user gets 25mbit download and 25mbit upload.
Contrast that to asymmetrical. Let’s say we do a 80/20 AP/client airtime split. We end up with 800mbit shared download amongst everyone and 10mbit upload per user.
In the worst case scenario every user is downloading at the same time meaning you get about 40mbit of that 800, still quite the improvement over 25mbit and if some of those people aren’t home or aren’t active at the time that means that much more for those who are active.
I think the size of the slices is a little more dynamic on more modern systems where AP adjusts the user radios slices on the fly so that idle clients don’t have a bunch of dead air but they still need to have a little time allocated to them for when data does start to flow.
A quick Google seems to show that DOCSIS cable modems use TDMA as well so this all likely applies to cable users as well.
It’s also self-reinforcing, by making that the norm it then shapes future development and expectations. :-\
If you have control over at least the root of your network you can totally get away with hosting in a dynamic pub ip. You just need to set up dynamicdns. There are other ways of handling this specific issue too. You can always go to a colocation and set up a server there if you want. You could also create your own reverse proxy tunnel in a place that is public then forward it. There are lots of work arounds really. Yeah, it sucks that American ISPs generally don’t support ipv6 but there are totally ways to work around it all.
What really gets me up in arms is when they advertise gigabit connections or 500mb speeds only to limit upload to 20mb/s. That is where they are actively inhibiting self hosting communities.
Even in an ideal DNS setup, you’re probably going to have downtimes whenever your dynamic IP changes. If only because some ISPs even force-disconnect you after a while to change your address.
I mean I’ll be real. Sure in some circumstances that could be an annoyance for 15 seconds for some software that might rely on a session whenever your ip changes like once a month if that. A rotating ip is probably one of the easiest things to work around amongst the plethora of challenges that ISPs present for those who want to self host.
I mean just take a look at what is involved if you are in a situation where cg-nat is implemented. You legitimately have no control over the root of your network at that point. I have that issue in particular with what is essentially a mobile hotspot as my failover for when my fiber fails. That being said I had to architect it in a way that took that took cg-nat into consideration. If I hadn’t then when fiber fails it would take down my services as a whole anyway.
My point is that those challenges have workarounds, you can solve those issues relatively easily and they even present a level of security. Where it is actively malicious is with restrictions to capacity such as upload limits in which they to a degree lie about their speeds and capacity. The terms of service stuff is just flat out awful too.
Some ISPs require changes ever 24 hours and will disconnect you if needed. Also, if you set DNS to cache such a short amount of time that you can react to that in 5 minutes, you will incur way more DNS traffic which can become a problem when your site is busier. Also, even if your DNS TTL is set to a super short value, a web search suggests to me in practice there will likely be downstream clients and networks that ignore it and won’t really update in such a short time frame.
What ISP are you referring to? I have genuinely never heard of an isp that takes 24 hours to rotate your IP. Also utilizing dynamicdns is not going to incur more dns traffic? Dynamic DNS updates your dns provider from a system on your local network that your pub ip has changed then your provider will start sending traffic to the new ip. Propagation used to take a while but I haven’t experienced propagation wait times of over 10 minutes in years. This all being said dynamic DNS isn’t exactly the most elegant solution. It is just one of the simplest that I mentioned. There are significantly better options overall that completely take the requirement of a static pubip completely out of the equation and can be built using all free open source tools relatively easily.
If you only care about having a static IPv6 address take a look at TunnelBroker by Hurricane Electric. They give you free /48 IPv6 blocks tunnelled through their network. Words of warning though: 1) some ISPs block using this service (prevent the tunnel from working), 2) in my experience I’ve seen high latency due to weird routing, 3) those IPs ending up on blocklists due to abuse and 4) the tunnel is unencrypted so traffic between you and Hurricane Electric is trivially intercepted, though if that was a problem in the first place then you wouldn’t be hosting from your home network anyway so this is mostly moot.
IPv6 costs money to implement so it doesn’t happen without good reason.
For ISPs you need many options so that one company can’t take all the business. In my area competition is steep so fiber is cheap. In rural areas I’m personally interested in community or small ISPs. Surely some people could get together and make something better.
rural ISPs still need a connection to the greater internet, what options are there when the closest non-shitty option is hundreds of miles away?
