[Dnsmasq-discuss] Random IP leases?
simon at thekelleys.org.uk
Sun Jan 26 21:01:57 GMT 2014
On 26/01/14 10:26, Quintus wrote:
> Hi there,
> is it possible to have dnsmasq serve the IP(v6) addresses in a given
> range randomly, i.e. not based on the MAC address or sequentially as
> outlined in the manpage?
> That is, if I specify
> in the configuration (stateful DHCPv6) I want dnsmasq to randomly grant
> IPv6 addresses from the given range. When a lease expires, I want the
> client to get another IP on his next query.
> Background: For reasons beyond my human understanding, SLAAC is only
> possible with /64 prefixes as per the RFC, requiring me to make each of
> my subnets a /64 if I want to use SLAAC and its privacy extensions.
> Stateful DHCPv6 does not suffer from this ridiculuous limitation and
> allows me to define the size of subnets the way I want it. A /64 holds a
> giant number (far more than a billion) of possible addresses, and
> considering that to be some kind of "basic networking unit" does not
> make any sense to me. Looks to me like we’re back in the 90ies and
> happily distributing class-A nets until we don’t have any more.
> So long story short, I want a /80 subnet (which still is far too large,
> but anyway) where dnsmasq grants leases randomly from, so that clients
> which I don’t configure statically will not always be given the exact
> same IP for the sake of privacy.
This sounds like a use for DHCPv6 temporary addresses. The DHCPv6 client
can request either a temporary or non-temporary address, and almost
always it requests a non-temporary address. I think temporary addresses
are intended to be like privacy addresses in SLAAC-land, ie, the address
has a limited lifetime and is periodically replaced by a new one. All
versions of dnsmasq will issue DHCPv6 temporary addresses, but the
latest release, 2.68, tries to things properly, and issues random addresses.
Of course this just changes the problem into "how do I tell my DHCPv6
client to request a DHCPv6 temporary address", for ISC dhclient, there's
a "-T" flag that does it.
You well be the first person to try this dnsmasq facility, so feedback
on how you get on would be very valuable.
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
More information about the Dnsmasq-discuss