This article is currently an experimental machine translation and may contain errors. If anything is unclear, please refer to the original Chinese version. I am continuously working to improve the translation.
Exploring IPv6 & Configuring IPv6 DDNS on Synology.
IPv6 isn’t exactly a new concept, but I’ve just been too lazy to look into it.
Now seemed like a good time to finally dive in—while setting up DDNS, no less.
(Not that I had a choice—couldn’t get a public IPv4 from China Mobile…)
0x00 Understanding IPv6
From a user’s perspective, IPv6 differs from IPv4 in several noticeable ways:
- Different address format
- Different address allocation method
- No need for NAT—every device can have a public IP
- Enhanced security (IPv6 addresses are harder to scan)
How IPv6 works: After dialing in, your ISP assigns your router an IPv6 prefix.
For example: IPv6-PD: 2409:8a20:xxxx:xxxx::/60
China Mobile gave me a /60 prefix. For details on allocation planning, check out this article.
This means I can freely assign the last 68 bits (since 128 - 60 = 68), and every resulting IP is a public, globally routable address (global unicast address).
The router then distributes this prefix to all connected clients via Router Advertisement (RA).
Clients determine the last 68 bits in one of three ways:
- Stateless (SLAAC): EUI64 or random generation
- Stateful DHCPv6: DHCP server assigns full IPv6 address and DNS
- Stateless DHCPv6: DHCP server provides DNS only; IPv6 address assigned via SLAAC
Once a client has an IPv6 address and DNS, it can access IPv6 services.
0x01 Setting Up DDNS
First, purchase a domain on Alibaba Cloud (requires real-name verification).
Synology’s built-in DDNS doesn’t support Alibaba Cloud DNS. Recommended solution: use the Docker container jeessy/ddns-go.
After launching the container, access the Web UI at [your-ip]:9876.
Select Alibaba Cloud as the DNS provider. Click here to create a sub-user AccessKey, and assign the AliyunDNSFullAccess policy to it.
Enter the AccessKey ID and AccessKey Secret into the web interface.
Uncheck IPv4 DDNS, check IPv6 DDNS, and set it to obtain IP via network interface.
Save the settings.
But here’s a small catch: by default, Synology is configured to obtain IPv6 addresses via both stateful and stateless methods, resulting in two IPv6 addresses. DDNS will keep switching between them, making firewall rules a pain.
To fix this, go to Control Panel > Network > Network Interface > LAN1 > IPv6 settings, and change it to DHCP-PD (i.e., stateless DHCPv6).
This ensures only one IPv6 address is assigned via SLAAC—no more bouncing between addresses.
0x02 Firewall Rules
Using OpenWRT as an example.
Go to Network > Firewall > Traffic Rules, and create a new rule.
Keep all defaults, but change the destination address to ::[Synology EUI]/::ffff:ffff:ffff:ffff
The Synology EUI is derived from the MAC address of its network interface and remains constant.
You can find it directly in Synology’s network settings.
For example, if your Synology IPv6 address is fe80::233:2345:6789:abcd/64, then enter ::233:2345:6789:abcd/::ffff:ffff:ffff:ffff
Open the ports you need under “Destination Port”. Save and apply.
0x03 Testing
After DNS propagates, you should now be able to access your Synology from outside your network.
This article is licensed under the CC BY-NC-SA 4.0 license.
Author: lyc8503, Article link: https://blog.lyc8503.net/en/post/9-syno-ipv6-ddns/
If this article was helpful or interesting to you, consider buy me a coffee¬_¬
Feel free to comment in English below o/