[Dnsmasq-discuss] IPv6: Router with RA + static DHCPv6 from dnsmasq on separate host

M. Buecher maddes+dnsmasq at maddes.net
Sun Aug 20 14:36:31 BST 2017


On 2017-08-20 14:06, M. Buecher wrote:

> On 2017-08-18 15:38, M. Buecher wrote:
> 
>> Hello dnsmasq fellows,
>> Hello Simon,
>> 
>> I want to assign additional static DHCPv6 global unicast addresses 
>> (GUA) to some machines (mainly servers).
>> Yet I have failed to do so with dnsmasq.
> 
> Got it working. Indeed it was working.
> 
>> The GUA prefix [1] is advertised by my router "AVM FRITZ!Box 7490" 
>> [3].
>> Its Router Advertisement (RA) has M-, O- and A-flag set. Priority is 
>> middle.
>> And it is the standard gateway for Internet connections.
>> 
>> dnsmasq 2.76 is running on a Raspberry with Raspbian 8 "Jessie" [4].
>> It is the only DNSv4/v6 server in the LAN and serves the local domain.
>> All other requests are forwarded by dnsmasq via IPv4 to the DNS relay 
>> of the router, this way those requests are resolved by the ISP's DNS 
>> servers.
>> It also advertises the Unique Local Addresses (ULA) [2] for the LAN 
>> via RA and assigns addresses via DHCPv6 only.
>> The host with dnsmasq (Raspberry) has a GUA via SLAAC by the router's 
>> RA.
>> 
>> Test machine is Windows 10 with latest updates.
>> It got its ULA via DHCPv6 from dnsmasq and has a GUA via SLAAC by the 
>> router's RA.
>> Additionally a second GUA is present due to Windows' IPv6 privacy 
>> extensions for outgoing connections.
>> *But* it doesn't have it's static GUA from dnsmasq!
>> 
>> Am I missing something in my dnsmasq configuration (see below)?
>> Or do I have to configure the clients in another way?
>> Any other enhancements for my configuration?
> 
> If you run "ipconfig /renew6 <interface>" on Windows (here 10), then 
> Windows only requests the existing IPv6 addresses to be renewed.
> To also get new addresses for the Windows you have to release all IPv6 
> addresses before with "ipconfig /release6 <interface>".
> 
> So on Windows always do the following for testing in an admin/elevated 
> command prompt or Powershell:
> ipconfig /release [Name Pattern]
> ipconfig /renew [Name Pattern]

Sorry, had copied the IPv4 instrcutions to the mail.
Of course it should be:

ipconfig /release6 [Name Pattern]
ipconfig /renew6 [Name Pattern]

> If this doesn't help, then deactivate and re-activate the interface via 
> netsh to start afresh:
> netsh interface set interface <Name> admin=disabled
> netsh interface set interface <Name> admin=enabled
> 
>> By the way:
>> Does dnsmasq also send a RA for the second/GUA dhcp range? How can I 
>> avoid this?
>> I would prefer to handle RA settings per dhcp-range via tags.
> 
> Yes, sends RA for each IPv6 DHCP range it manages. Couldn't find an 
> option to disable or enable it for a specific dhcp range.
> Additionally if a dhcp range is defined multiple times, it also sends 
> the RA multiple times.
> Will create to feature requests for these issues in separate posts.
> 
>> Configuration:
>> 1. File /etc/default/dnsmasq (Debian specific)
>> #DOMAIN_SUFFIX=`dnsdomainname`
>> #DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt"
>> ENABLED=1
>> CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new
>> IGNORE_RESOLVCONF=yes
>> 
>> 2. dnsmasq configuration
>> # IPv4 options: router, dns, ntp
>> dhcp-option=tag:lan4,3,10.0.0.254
>> dhcp-option=tag:lan4,6,0.0.0.0
>> dhcp-option=tag:lan4,42,10.0.0.254
>> 
>> # IPv6 options: dns, domain
>> dhcp-option=option6:dns-server,[fd00::]
>> dhcp-option=tag:ula6,option6:domain-search,local.domain
>> 
>> dhcp-authoritative
>> domain-needed
>> strict-order
>> no-resolv
>> localise-queries
>> bogus-priv
>> expand-hosts
>> local-service
>> domain=local.domain
>> local=/local.domain/
>> addn-hosts=/etc/hosts.static
>> addn-hosts=/etc/hosts.block
>> stop-dns-rebind
>> rebind-localhost-ok
>> dhcp-broadcast=tag:needs-broadcast
>> 
>> server=10.0.0.254
>> 
>> ### IPv4 range
>> dhcp-range=set:lan4,10.0.0.100,10.0.0.199,255.255.255.0,12h
>> 
>> ### IPv6 ranges
>> dhcp-range=set:ula6,fd7a:d:e:f::1:0,fd7a:d:e:f::1:ffff,64,12h
>> dhcp-range=set:gua6,2003:a:b:c00::1:0,2003:a:b:c00::1:ffff,static,64,12h
>> enable-ra
>> 
>> dhcp-host=00:50:56:39:1d:3e,10.0.0.50,[::32],test-machine
>> 
>> Kind regards
>> Maddes
>> 
>> [1] Telekom native IPv6 Internet connection
>> IPv6 prefix: 2003:a:b:c00::/56 (c|00 = 256 subnets possible)
>> IPv6 adresses: 2003:a:x:y:1:2:3:4 (External IPv6 address from ISP 
>> subnet)
>> 
>> [2] Unique Local Addresses
>> ULA: fd7a:d:e:f::/64
>> 
>> [3] Router AVM FRITZ!Box 7490
>> FRITZ!OS: 06.83 (German)
>> DHCPv6 for LAN: Off
>> Standard-Gateway for Internet: On
>> DNS via RA: Off (RFC 5006)
>> RA: Enabled with M and O flag, SLAAC allowed (=A flag); DNS not 
>> advertised
>> https://en.avm.de/service/fritzbox/fritzbox-7490/overview/
>> https://en.avm.de/products/fritzbox/fritzbox-7490/
>> 
>> [4] Raspberry Pi 2
>> OS: Raspbian, Derivative of Debian 8 "Jessie", build from Raspberry Pi 
>> Foundation
>> https://www.raspberrypi.org/products/raspberry-pi-2-model-b/
>> https://www.raspberrypi.org/downloads/raspbian/
>> https://www.raspbian.org/
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss



More information about the Dnsmasq-discuss mailing list