[miller_joe]

I also ran into this with Comcast ipv6. It seemed to get better over the last couple years so maybe they change your PD less frequently now.

One solution I was considering, but never implemented, was to use a ULA addres range internally and doing 1:1 NAT mapping on the external delegation to the internal ULA range

[brian_cunnie]

I use Comcast IPv6. I've had the same IP address IPv6/60 for about six years now.

One gotcha is that when I replace the firewall, I gotta make sure I keep the same ethernet MAC address to avoid re-IPing on the IPv4 side (the line in my FreeBSD firewall's config is "ifconfig_ix0="DHCP ether 00:0d:b9:48:92:48".

The other gotcha, for IPv6, is I have to migrate my client DHCP Unique Identifier (DUID) (`/var/db/dhcp6c_duid`) to my new firewall to retain my existing IPv6 subnets.

[btgeekboy]

With IPv6, multiple addresses on a host are the norm. Just add a ULA network in addition to the public IPs you’re getting. No need to do NAT; your public stuff routes just fine using the public IPs and you can still contact internal resources on their ULA addresses as needed.

[apearson]

Why not have a ULA and an internal dns server that rewrites the dns to the ULA address and have the external dns dynamicly updated?

One great thing about ipv6 is your not limited to 1 IP address per interface

[bpye]

Doesn’t that have the same issues as IPv4 split horizon DNS? Cached DNS resolutions on a client would persist if you disconnected from the LAN - I guess you can set the TTL to be very low but I’m not sure what the right balance is there.

[dinosaurdynasty]

You aren't limited with IPv4, either (assuming you're using a capable OS)

[apearson]

True but it's much easier in IPv6 as it's the standard way of doing things

[xyse53]

I was annoyed by the PD churn on Comcast Business in principal but it didn't affect me too much in practice.

The internal lan issues didn't bother me because I still prefer a local fd##::/64.

For a few firewall rules that used the prefix, I noticed that the /56s I'd get weren't completely unbound so it was easy to keep a list in an nftables var.

For inbound access, I have DNS rfc2136 with frequent updates for IPv4 so adding v6 was trivial.