JDPFu.com 2025

IPv4 – the old way

IPv4 is how the internet has worked since the beginning. An IP address is has 4 segments and looks like xxx.xxx.xxx.xxx with numbers. It is 32-bits long. For example, google.com has a few different IP addresses, but one of them is 74.125.45.105. Each part of the IP address is between 0 and 255. So, when you see an IP address on TV or in a move where any part is larger than 255, it is bogus. Some IPs are reserved for special uses. Check out the wikipedia article for more information.

IPv4 has a serious problem, address exhaustion. We are running out of IPv4 Network Addresses. The way that IP addresses must be assigned has to do with network routing, so even if you just want 1 IP address, you need to use at least 3 IP addresses and get a network, unless you are hosted with many other computers. Also, there are only a little over 4 billion addresses available in total, so as more and more people get more and more devices on the internet – home computer, cell phone, and work computer – that means 3 IPs for each are needed.

NAT, Network Address Translation, has helped tremendously to delay the public IP exhaustion issue, but in 2011, the delay will end and we will run out of free IPs to give away.

IPv6 – the new way

IPv6 was designed to replace and aid the transition from IPv4. IPv6 addresses are 128-bits long – four times as long as IPv4 addresses. The number of IPv6 addresses available is about 3.4×10^38, more than all the grains of sand on the Earth.

To understand how much larger this address space is … every additional bit used doubles the number of addresses available. So, if we add 1 more bit to the 32-bit – making them 33-bits, then there would be 8+billion addresses. Another bit, 34-bits makes 16+-billion addresses and so on. IPv6 addresses are split into 2 parts – the network and the machine with 32-bits allocated to each part.

I don’t want to get into the details of IPv6 and honestly, I’m not qualified to go much deeper, but IPv6 is designed to be backwards compatible for IPv4 buy reserving a single high level network that translates into the entire IPv4 address space. It also provides enough IP addresses for each organization that they basically get as many IPs internally that can be publicly routed as the entire internet provides today. This applies to Google AND to you and to me. We can have 4+ billion public IPs for our home network. I only use about 30 IPs today at home, so it appears that I have some room for growth. ;) IPv6 helps with privacy and the other protocols used by networking people like ICMP, ARP, and network setup have all been improved or made part of the core stack. ICMP and ARP are gone, but replaced with router discovery. Multi-casting, IPSec, and privacy IPs are all included in IPv6. This means that secure tunnels between any IPv6 devices is possible out of the box without any addons. For privacy lovers, every request made to an external address can change, randomly and automatically. This means that tracking you by IP becomes nearly impossible. It doesn’t mean that you can’t be tracked by network, however, but since your home and Google will appear as the same sized network, it becomes effectively useless for end user tracking.

So with all these great things included in IPv6, why aren’t we all using it already? There’s good news and bad news.
Good news – for the last 8+ years, every operating system released has been IPv6 ready. WinXP SP2, Linux, Mac, Solaris, and all the other UNIXen have had IPv6 built in for many years.
Bad news – network devices have not added IPv6 support universally until recently. Your home router probably does not natively support IPv6. Many business networks are using older routers and switches which do not support IPv6 either. For me, I’m mostly concerned about my cable modem. It is DOCSIS 2.0 and does not support IPv6. I need a DOCSIS v3 cable modem for IPv6 native support.
Good news – there is good news. IPv6 and be shoved inside IPv4 packets and tunneled. MS-Windows and Microsoft provide an automatic tunnel for this traffic. Your PC is probably already using IPv6 and you don’t know it.

Check out the wikipedia article on IPv6 for more information.

Ok, so back to the website information. The good news is that registrars, DNS, and web servers are already IPv6 compatible. As IPv4 becomes more and more limited, going with IPv6 will become more and more important AND less expensive.

Bundling – Easier

You can get all these things at 1 place bundled and it will be a little easier. I’m against doing that. Just like you bundle CableTV or Phone+cell+TV, eventually, you get ripped off. It is difficult to split these services apart later, should that be desired.

I’ve been lucky. The services that I use for all 4 of those things – registrar, DNS, hosting, and SSL Certs have been good enough. I’m not overly pleased with any of the services that I use, except the DNS service provider, dyndns.org. These folks rock, but I’m grandfathered with a fantastic deal – for life.

For free SSL certs, I’ve been using StartSSL.com for a few years. You need to know what you are doing and I recommend getting a test cert for a different domain before you request the real certificate for an important domain. 2 years ago, StartSSL was not listed in IE as a root-CA. That changed about a year ago. Firefox, Safari and Opera have had StartSSL as a root-CA for longer. A cert is a cert is a cert, just like DNS is DNS is DNS for 99% of us. There’s no need to pay more for these services. You just want a service that works all the time. I made a mistake requesting a cert once due to a very specific program’s requirements for the length of cert it supported. As a free cert user, StartSSL wasn’t able to help me, but they did offer alternatives which could easily have worked, if it were critical to me. It wasn’t.

Some Background

I’ve run all these services, except a registrar, inside companies and it really bothers me how much the public versions cost. To me, it seems like a racket. Running a Certificate Authority is included with every Linux installation so are web servers and DNS. Complex configurations do require some expertise, but the simple things that a single web server on the internet needs is trivial. Yes, trivial to setup and run.

Registrar – this service maintains a single record for each TLD – Top Level Domain. You can see the entire record using the ‘whois’ program or a ‘whois’ web interface. I’ve had domains for 15+ years and since they were purchased with 10 yr pricing, I’ve had to update the record just 3 times.

1. Initial record
2. Moved
3. Company took over a domain

That’s just 3 changes in 15 yrs, yet the registrar charges $7/yr. Seems a little excessive, doesn’t it? Any old computer can easily hold all the domain records for the entire internet. The registrar doesn’t know anything about IP addresses – don’t forget that. The amount of data is fairly insignificant. The parts that change all the time are from domain name churn and free trials used by get rich quick schemers and domain squatters. Domain names can be tried for 7 days for free. This seems like a really bad idea to me. For someone that just needs domains to control botnets, they can have hundreds of domains … for free and just change them every week – basically, a free, zero cost, way to be on the internet without accountability. I can’t think of any legitimate reason for 7 day free trials.

DNS – This is like the telephone book. Your domain name and IP address need to be connected, unless you want to always enter the IP address to find your server – which you can do just fine. DNS connects the IP address AND the registered domain name together. For fun, visit google.com, then enter this IP 74.125.45.105. For me, the web page provided looks the same. Google.com is easier for me to remember though just like remembering a persons name is easier than remembering their telephone numbers.

Private Domain Registration may not be worth it. This is a service where the company you pay for the domain does it as a proxy to you. They are the legal owner and you are paying to rent it. While it is true that this can save your privacy, it also means that if you bundle other services with this provider, then it may not be possible to split those services up later. You may be stuck paying whatever they demand to retain use of the domain. Again, wikipedia has an article on Domain Privacy that explains it nicely. Just be aware that not all domain privacy proxy services are created equal. Some appear to roll over with simple public scrutiny. Is that really what you want in a paid, privacy service? Seriously?