[Dnsmasq-discuss] Clarification of prefix length field in dhcp-range

Sun Oct 6 09:28:12 BST 2013

On 05/10/2013 22:43, Quintus wrote:
> Am Sat, 5 Oct 2013 14:21:26 +0100
> schrieb Kevin Darbyshire-Bryant <kevin at darbyshire-bryant.me.uk>:
>
>> Hi All,
> Hi Kevin,
>
>> dnsmasq2.67rc3 - possibly odd behaviour, probably I misunderstand :-)
>>
>> I have an interface that has a /64 on it.  dnsmasq.conf has amongst
>> other things
>> "
>> dhcp-range=::100, ::F:FFFF:FFFF, constructor:br0, ra-names, 64, 12h
>> enable-ra
>> "
> ra-names is useless in a DHCPv6 context as it tells clients to use
> SLAAC (IPv6 stateless autoconfiguration) and *not* DHCPv6. You probably
> want to remove it (enable-ra does the router advertisements for you).

Not all clients support DHCPv6 and do SLAAC instead, so in that case AND
assuming they're dual stack and use DHCPv4 to obtain an IPv4 address,
I'd quite like dnsmasq to see if they're using a non-privacy obscured
SLAAC IPv6 address and make a note of it in DNS if they are. So I'll
keep my 'ra-names' if that's ok with you :-)

>
>> Now, if I change said interface to be a /48 (restarting dnsmasq), the
>> logfile says it's built a constructed range as before, but it no
>> longer does RA and in fact DHCPv6 requests get rebuffed with a 'no
>> valid range'.  Shouldn't the ', 64' force this to behave as a /64 for
>> the constructed range?  And shouldn't it do RA?
> If you want dnsmasq to serve IPs from a /48 net, your *interface* needs
> to have a /48 address assigned. You can’t have your network interface
> have a /64 address and have dnsmasq delivering addresses with a
> different prefix.
I've not been clear. Provider has given me a /48 prefix. If I
artificially subnet that /48 to a /64 on the interface, and the 'subnet'
uses all zeros, then 1111:2222:3333:0000::/64 is functionally equivalent
to 1111:2222:3333::/48 that the ISP gave me, from their perspective at
least. Dnsmasq works fine when the interface is set to /64. Where it
doesn't work fine is if I keep the /48 prefix length on the interface.
The man page implies I can tell dnsmasq to use a different prefix length
for the leases, and in fact the logfile entries suggest dnsmasq is happy
with the syntax, has found a suitable prefix, says it's going to do
RA's, says it's going to do DHCPv6 but actually does none of those things.

So to clarify, I don't want to advertise a /48 from a /64, rather I want
to advertise a /64 from a /48 (ie in IPv4 terms a subnet)

With a /64 assigned to the interface (so logically 2001:470:6b99:0000::)
Works
Oct 4 19:41:26 Router daemon.info dnsmasq-dhcp[4518]: DHCPv6, IP range
2001:470:6b99::100 -- 2001:470:6b99::f:ffff:ffff, lease time
12h,constructed for br0
Oct 4 19:41:26 Router daemon.info dnsmasq-dhcp[4518]: DHCPv4-derived
IPv6 names on 2001:470:6b99::, constructed for br0
Oct 4 19:41:26 Router daemon.info dnsmasq-dhcp[4518]: router
advertisement on 2001:470:6b99::, constructed for br0

With a /48 assigned to the interface: Doesn't work (2000:470:6b99::)
Oct 6 09:18:12 Router daemon.info dnsmasq-dhcp[25953]: DHCPv6, IP range
2001:470:6b99::100 -- 2001:470:6b99::f:ffff:ffff, lease time 12h,
constructed for br0
Oct 6 09:18:12 Router daemon.info dnsmasq-dhcp[25953]: DHCPv4-derived
IPv6 names on 2001:470:6b99::, constructed for br0
Oct 6 09:18:12 Router daemon.info dnsmasq-dhcp[25953]: router
advertisement on 2001:470:6b99::, constructed for br0

Spot the difference 'cos I can't :-) Hopefully that's explained it better.

Cheers,

Kevin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3768 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20131006/7a47dd8f/attachment-0001.bin>