I'd like to be able to use Back to My Mac over the IPv6 internet. I've already got IPv6 access (i.e. My Airport is assigned a /64 block from my ISP and sends out RAs so everyone on the network can autoconfigure their own public IPv6 addresses. My computer assigns itself both an address based on its MAC address, and a temporary address. I can visit ipv6.google.com and everything.) but for some reason a useless loopback IPv6 address is getting registered with Back to My Mac instead of a useful address.
Here what I get using dns-sd:
dns-sd -F
Timestamp Recommended Browsing domain
0:15:52.133 Added (More) local
0:15:52.134 Added icloud.com
- > btmm
- - > members
- - - > 12345678
dns-sd -B _services._dns-sd._udp 12345678.members.btmm.icloud.com
Browsing for _services._dns-sd._udp.12345678.members.btmm.icloud.com
Timestamp A/R Flags if Domain Service Type Instance Name
0:23:19.685 Add 3 0 . _tcp.local. _rfb
0:23:19.686 Add 3 0 . _tcp.local. _ssh
0:23:19.686 Add 3 0 . _tcp.local. _sftp-ssh
0:23:19.686 Add 2 0 . _tcp.local. _airvideoserver
dns-sd -B _rfb 12345678.members.btmm.icloud.com
Browsing for _rfb._tcp.12345678.members.btmm.icloud.com
Timestamp A/R Flags if Domain Service Type Instance Name
0:25:02.255 Add 2 0 12345678.members.btmm.icloud.com. _rfb._tcp. Mac
dns-sd -L Mac _rfb 12345678.members.btmm.icloud.com
Lookup Mac._rfb._tcp.12345678.members.btmm.icloud.com
0:26:33.431 Mac._rfb._tcp.12345678.members.btmm.icloud.com. can be reached at Mac.12345678.members.btmm.icloud.com.:5900 (interface 0)
dns-sd -G v6 Mac.12345678.members.btmm.icloud.com.
Timestamp A/R Flags if Hostname Address TTL
0:27:45.201 Add 2 0 Mac.12345678.members.btmm.icloud.com. FDDC:DBC8:58A7:8322:021F:5BFF:FE3E:3C44%<0> 152
The IPv6 address registered is for ln0, the loopback interface that is useless to anything but the computer running the services. ifconfig lists my IPv6 addresses, including an autoconfigured, temporary, public IPv6 address on my system's real network interface, which would be perfect. Why does dns-sd not register services using this address, and how can I make it do so?
An additional note, my router supports NAT-PMP so even though my computer doesn't directly have a public IPv4 address I'd expect it to use NAT-PMP to make sure services I've enabled are available over IPv4, but this doesn't seem to be the case. When I look up a service instance in the 12345678.members.btmm.icloud.com
domain and then use dns-sd -G v4 to resolve the given hostname it says there's no IPv4 record.
Best Answer
It sounds like what you're really looking for is Wide-Area Bonjour (henceforth "WAB"), which is a system where Bonjour-capable clients, in addition to registering their services on the local network via multicast DNS, also use Dynamic DNS Updates (the scheme in the process of being standardized by the IETF in RFC2136), to register not only their IP addresses but also available service records with a traditional unicast DNS server.
See dns-sd.org for instructions on how to configure your Mac to use WAB. They even have a System Preferences panel you can download and install to make it easy. I believe they also have instructions for how to configure WAB to work with some well-known dynamic DNS service providers that support it, such as dyn.com (a.k.a. dyndns.com). If you run your own DNS server somewhere, you can also find instructions on dns-sd.org for how to set up your DNS server to act as a WAB server. For best results, it may need to be running BIND.
Using WAB-supporting dynamic DNS services, or running your own WAB-supporting DNS server, are your only choices. iCloud's BTMM servers do not support full WAB.
Back to My Mac makes use of some of the software infrastructure of Wide-Area Bonjour, but the iCloud BTMM servers don't provide full WAB service, just the parts needed for the particular way BTMM uses it. As you discovered, BTMM client machines put an IPv6 "unique local address" (ULA) on their loopback interfaces, and register that ULA with BTMM's servers. Connections between those ULA's are handled by IPsec-secured, typically IPv6-in-IPv4, tunnels between your BTMM Macs. It's intentional that you cannot connect to those services directly. This forces the connections to go through the IPsec-secured BTMM tunnel. The BTMM software on your Macs handles authenticating your Macs with BTMM and using that to make sure only machines signed into your own BTMM account can establish the BTMM IPsec tunnels.
Update: A couple more thoughts: