What IPv6 Should I use

Nathaniel Sturtz asked:

I have multiple IPv6s I need to know what works, on my network they all work, but I need to know what to use for my AAAA record.
ip address

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:23:24:08:58:1f brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.8/24 brd 192.168.1.255 scope global dynamic noprefixroute enp0s25
       valid_lft 81865sec preferred_lft 81865sec
    inet6 2604:99c0:8:2fe6:cff:f4b1:8ace:8064/64 scope global temporary dynamic 
       valid_lft 43189sec preferred_lft 26989sec
    inet6 2604:99c0:8:2fe6:223:24ff:fe08:581f/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 43189sec preferred_lft 26989sec
    inet6 fe80::223:24ff:fe08:581f/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:1b:21:bf:e7:28 brd ff:ff:ff:ff:ff:ff
    inet 169.254.38.166/16 brd 169.254.255.255 scope link noprefixroute ens2
       valid_lft forever preferred_lft forever
    inet6 2604:99c0:8:2fe6:287b:327f:9773:771f/64 scope global temporary dynamic 
       valid_lft 43189sec preferred_lft 26989sec
    inet6 2604:99c0:8:2fe6:21b:21ff:febf:e728/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 43189sec preferred_lft 26989sec
    inet6 fe80::21b:21ff:febf:e728/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

When I login I get

  IPv4 address for enp0s25: 192.168.1.8
  IPv6 address for enp0s25: 2604:99c0:8:2fe6:cff:f4b1:8ace:8064
  IPv6 address for enp0s25: 2604:99c0:8:2fe6:223:24ff:fe08:581f
  IPv4 address for ens2:    169.254.38.166
  IPv6 address for ens2:    2604:99c0:8:2fe6:287b:327f:9773:771f
  IPv6 address for ens2:    2604:99c0:8:2fe6:21b:21ff:febf:e728

New ip address

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:23:24:08:58:1f brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.8/24 brd 192.168.1.255 scope global dynamic noprefixroute enp0s25
       valid_lft 86396sec preferred_lft 86396sec
    inet6 2604:99c0:8:2fe6:cff:f4b1:8ace:8064/64 scope global temporary dynamic 
       valid_lft 43197sec preferred_lft 26997sec
    inet6 2604:99c0:8:2fe6:223:24ff:fe08:581f/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 43197sec preferred_lft 26997sec
    inet6 fe80::223:24ff:fe08:581f/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:1b:21:bf:e7:28 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::21b:21ff:febf:e728/64 scope link 
       valid_lft forever preferred_lft forever

My answer:


Your computer is obtaining both SLAAC and temporary privacy addresses from your router. The SLAAC address is fixed and based on the MAC address of your network card. This is what you will use for incoming connections.

The privacy addresses are preferentially used for outgoing connections, so that they are not associated with your incoming connections, or with each other when your computer gets a new one every 6-12 hours.

The privacy address is the one identified as temporary in your ip addr output, while the fixed SLAAC address is the other one, containing the ff:fe in the middle of the host part. Despite saying it’s dynamic it will not actually change unless you replace the NIC or fake its MAC address.


Note that your router still has a firewall problem affecting your incoming connections, and since the obvious stuff doesn’t seem to have helped, you may need to seek assistance with it from IMU.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.