[Dnsmasq-discuss] Cunning plan, or hideous hack?

[Vladislav Grishenko]

Hi Simon,
With enabled IPv6 privacy extensions, the OS generates address by combining
advertised prefix and random host id, definitely not MAC-derived.
So, there's no any way to know host address, even if a "server" knows prefix
and client's MAC, and any attempts to do this is a kind of hack, which is
not supposed to work.

Best Regards, Vladislav Grishenko


> -----Original Message-----
> From: dnsmasq-discuss-bounces at lists.thekelleys.org.uk [mailto:dnsmasq-
> discuss-bounces at lists.thekelleys.org.uk] On Behalf Of Simon Kelley
> Sent: Thursday, March 08, 2012 5:09 PM
> To: Dnsmasq-discuss at lists.thekelleys.org.uk
> Subject: [Dnsmasq-discuss] Cunning plan, or hideous hack?
> 
> As part the DHCPv6 work, I've fully enabled my home network for IPv6.
> The workstation machines on my wired subnet are now running DHCPv6 and
> get leases from dnsmasq. Their IPv6 addresses are now in the local DNS in
> just the same way as has always worked with DHCPv4 DNS and DHCP.
> 
> I also have a wireless network, and on that I've not enabled DHCPv6, just
> Router Advertisements, via the "ra-only" keyword. Hence, clients on that
> network get a SLAAC, MAC-derived IPv6 address which is not in the DNS.
> 
> Since all these clients are dual-stack or IPv4-only, they do get DHCPv4
leases
> and names in the IPv4-DNS.
> 
> It occurs to me that dnsmasq has all the information it needs to put the
> SLAAC addresses into the DNS. From the IPv4 DHCP lease it knows the name
> of the client, which network segment it's on and it's MAC address. The
"ra-
> only" DHCP ranges tell dnsmasq the IPv6 subnet(s) corresponding to the
> network segment, so combining this with the MAC address gives the SLAAC
> address, ready to put into the DNS as an AAAA record along with the name.
> 
> I've implemented this, and it works well: my Ubuntu netbook and Android
> phone now have IPv6 names. (Andoid 2 has no DHCPv6 support.)
> 
> The downside is for clients which don't do IPv6 at all, or use privacy
> extensions. They end up with AAAA records pointing to the SLAAC address,
> which is wrong and could end-up delaying fall-back to IPv4. This has not
yet
> been a problem in practise.
> 
> I don't want to enable this by default, so I've added a new keyword, "ra-
> names" to enable RA on a subnet plus the SLAAC names hack, thus
> 
> --dhcp-range=1234::1, ra-names
> 
> Is this a good idea, or am I blinded by my own idea into implementing a
nasty
> hack? Opinions?
> 
> Cheers,
> 
> Simon.
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss