[Dnsmasq-discuss] Multiple IPv6 Global addresses being assigned when using Router Advertisement

Simon Kelley simon at thekelleys.org.uk
Wed Jun 20 11:48:38 BST 2012

On 20/06/12 10:33, Chris O'Shea wrote:
> Good Morning all,
> I have noticed some behaviour with assigning IPv6 using dnsmasq which
> to me seems a bit strange and I wanted to bring it to your attention
> in case it is not meant to be as such.
> If I am running IPv6 DHCP range with ra-stateless and I have the
> ra-enable option set my client machine is assigned two seperate IPv6
> addresses from the same prefix.
> for example:
> domain-needed
> no-resolv
> local=/me.com/
> domain=me.com
> no-dhcp-interface=eth0
> no-dhcp-interface=eth2
> expand-hosts
> dhcp-range=fd00:ead5:c0a8:103::,ra-stateless
> ra-enable
> dhcp-option=option6:dns-server,[::]
> log-queries
> log-dhcp
> A client machine would then receive the a Global IPv6 address on the
> correct prefix comprising of its MAC address (with the obligatory
> FFFE), but it would also be assigned a secondary Global IPv6 address
> on the same prefix - although this one appears to be randomly
> generated.
> Even though both ra-stateless and ra-enable are set I would only
> expect a single address to be assigned to anyone client.

My guess is that the host has IPv6 privacy extensions enabled and the
second address is a privacy address, designed to stop tracking of
clients via the use of a global address with an even-more-global MAC
address embedded in it. The machine will accept connections on both
addresses, but use the privacy address in preference for outgoing
connections. It will also generate a new privacy address every few hours.

Configuring this off is a client thing: there's nothing in the
router-advertisement that can be used to disable it, AFAIK.



More information about the Dnsmasq-discuss mailing list