[Dnsmasq-discuss] Feature Request: IPv6: Enable RA and set its options per dhcp-range

M. Buecher maddes+dnsmasq at maddes.net
Sun Aug 20 14:49:53 BST 2017


dnsmasq 2.76 (Debian 8 "Jessie" package) enables RA for all dhcp-ranges, 
even if a subnet that dnsmasq got from the dhcp-range constructor method 
is handled by a different router.
This creates multiple RAs for the same subnet, which may cause routing 
issues.
Current workaround is to set the router's priority to high, so that its 
RA superseeds then one of dnsmasq.

Therefore this feature request for an option to enable/disable RA per 
dhcp-range configuration (either explicitly or via tagging).
Additionally it would be great to specify the RA options per dhcp-range 
configuration too.


Easiest way to reproduce is to assign an ULA and a GUA from your other 
router via RA on the NIC (here eth0).
Then use the "constructor" on your NIC.

Example config:
## Unique Local Addresses (ULA) with dynamic+static DHCPv6, no SLAAC 
(="no mode" specified)
dhcp-range=set:ula6,fd7a:d:e:f::1:0,fd7a:d:e:f::1:ffff,64,12h
## sent Router Advertisments (with M[anaged] flag) so that all clients 
create routing information for the ULA; necessary for Windows, most 
Linux clients will automatically create the route via DHCPv6
enable-ra

## Global Unicast Addresses (GUA) and other subnets only with static 
DHCPv6, no SLAAC
dhcp-range=set:gua6,::1:0,::1:ffff,constructor:eth0,static,64,12h

Results:
Aug 20 14:02:36 dnsmasq-dhcp[22348]: DHCPv6, static leases only on 
::0.1.255.255, lease time 12h, template for eth0
Aug 20 14:02:36 dnsmasq-dhcp[22348]: router advertisement on eth0
Aug 20 14:02:36 dnsmasq-dhcp[22348]: DHCPv6, IP range fd7a:d:e:f::1:0 -- 
fd7a:d:e:f::1:ffff, lease time 12h
Aug 20 14:02:36 dnsmasq-dhcp[22348]: router advertisement on 
fd7a:d:e:f::
Aug 20 14:02:36 dnsmasq-dhcp[22348]: DHCPv6, static leases only on 
2003:a:b:c::1:ffff, lease time 12h, constructed for eth0
Aug 20 14:02:36 dnsmasq-dhcp[22348]: router advertisement on 
2003:a:b:c::, constructed for eth0
Aug 20 14:02:36 dnsmasq-dhcp[22348]: DHCPv6, static leases only on 
fd7a:d:e:f::1:ffff, lease time 12h, constructed for eth0
Aug 20 14:02:36 dnsmasq-dhcp[22348]: router advertisement on 
fd7a:d:e:f::, constructed for eth0
Aug 20 14:02:36 dnsmasq-dhcp[22348]: RTR-ADVERT(eth0) 2003:a:b:c::
Aug 20 14:02:36 dnsmasq-dhcp[22348]: RTR-ADVERT(eth0) fd7a:d:e:f::
Aug 20 14:02:36 dnsmasq-dhcp[22348]: IPv6 router advertisement enabled


Kind regards
Matthias Bücher


On 2017-08-20 14:06, M. Buecher wrote:

> On 2017-08-18 15:38, M. Buecher wrote:
> 
>> Hello dnsmasq fellows,
>> Hello Simon,
>> 
>> I want to assign additional static DHCPv6 global unicast addresses 
>> (GUA) to some machines (mainly servers).
>> Yet I have failed to do so with dnsmasq.
> 
> Got it working. Indeed it was working.
> 
>> The GUA prefix [1] is advertised by my router "AVM FRITZ!Box 7490" 
>> [3].
>> Its Router Advertisement (RA) has M-, O- and A-flag set. Priority is 
>> middle.
>> And it is the standard gateway for Internet connections.
>> 
>> dnsmasq 2.76 is running on a Raspberry with Raspbian 8 "Jessie" [4].
>> It is the only DNSv4/v6 server in the LAN and serves the local domain.
>> All other requests are forwarded by dnsmasq via IPv4 to the DNS relay 
>> of the router, this way those requests are resolved by the ISP's DNS 
>> servers.
>> It also advertises the Unique Local Addresses (ULA) [2] for the LAN 
>> via RA and assigns addresses via DHCPv6 only.
>> The host with dnsmasq (Raspberry) has a GUA via SLAAC by the router's 
>> RA.
>> 
>> Test machine is Windows 10 with latest updates.
>> It got its ULA via DHCPv6 from dnsmasq and has a GUA via SLAAC by the 
>> router's RA.
>> Additionally a second GUA is present due to Windows' IPv6 privacy 
>> extensions for outgoing connections.
>> *But* it doesn't have it's static GUA from dnsmasq!
>> 
>> Am I missing something in my dnsmasq configuration (see below)?
>> Or do I have to configure the clients in another way?
>> Any other enhancements for my configuration?
> 
> If you run "ipconfig /renew6 <interface>" on Windows (here 10), then 
> Windows only requests the existing IPv6 addresses to be renewed.
> To also get new addresses for the Windows you have to release all IPv6 
> addresses before with "ipconfig /release6 <interface>".
> 
> So on Windows always do the following for testing in an admin/elevated 
> command prompt or Powershell:
> ipconfig /release [Name Pattern]
> ipconfig /renew [Name Pattern]
> 
> If this doesn't help, then deactivate and re-activate the interface via 
> netsh to start afresh:
> netsh interface set interface <Name> admin=disabled
> netsh interface set interface <Name> admin=enabled
> 
>> By the way:
>> Does dnsmasq also send a RA for the second/GUA dhcp range? How can I 
>> avoid this?
>> I would prefer to handle RA settings per dhcp-range via tags.
> 
> Yes, sends RA for each IPv6 DHCP range it manages. Couldn't find an 
> option to disable or enable it for a specific dhcp range.
> Additionally if a dhcp range is defined multiple times, it also sends 
> the RA multiple times.
> Will create to feature requests for these issues in separate posts.
> 
>> Configuration:
>> 1. File /etc/default/dnsmasq (Debian specific)
>> #DOMAIN_SUFFIX=`dnsdomainname`
>> #DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt"
>> ENABLED=1
>> CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new
>> IGNORE_RESOLVCONF=yes
>> 
>> 2. dnsmasq configuration
>> # IPv4 options: router, dns, ntp
>> dhcp-option=tag:lan4,3,10.0.0.254
>> dhcp-option=tag:lan4,6,0.0.0.0
>> dhcp-option=tag:lan4,42,10.0.0.254
>> 
>> # IPv6 options: dns, domain
>> dhcp-option=option6:dns-server,[fd00::]
>> dhcp-option=tag:ula6,option6:domain-search,local.domain
>> 
>> dhcp-authoritative
>> domain-needed
>> strict-order
>> no-resolv
>> localise-queries
>> bogus-priv
>> expand-hosts
>> local-service
>> domain=local.domain
>> local=/local.domain/
>> addn-hosts=/etc/hosts.static
>> addn-hosts=/etc/hosts.block
>> stop-dns-rebind
>> rebind-localhost-ok
>> dhcp-broadcast=tag:needs-broadcast
>> 
>> server=10.0.0.254
>> 
>> ### IPv4 range
>> dhcp-range=set:lan4,10.0.0.100,10.0.0.199,255.255.255.0,12h
>> 
>> ### IPv6 ranges
>> dhcp-range=set:ula6,fd7a:d:e:f::1:0,fd7a:d:e:f::1:ffff,64,12h
>> dhcp-range=set:gua6,2003:a:b:c00::1:0,2003:a:b:c00::1:ffff,static,64,12h
>> enable-ra
>> 
>> dhcp-host=00:50:56:39:1d:3e,10.0.0.50,[::32],test-machine
>> 
>> Kind regards
>> Maddes
>> 
>> [1] Telekom native IPv6 Internet connection
>> IPv6 prefix: 2003:a:b:c00::/56 (c|00 = 256 subnets possible)
>> IPv6 adresses: 2003:a:x:y:1:2:3:4 (External IPv6 address from ISP 
>> subnet)
>> 
>> [2] Unique Local Addresses
>> ULA: fd7a:d:e:f::/64
>> 
>> [3] Router AVM FRITZ!Box 7490
>> FRITZ!OS: 06.83 (German)
>> DHCPv6 for LAN: Off
>> Standard-Gateway for Internet: On
>> DNS via RA: Off (RFC 5006)
>> RA: Enabled with M and O flag, SLAAC allowed (=A flag); DNS not 
>> advertised
>> https://en.avm.de/service/fritzbox/fritzbox-7490/overview/
>> https://en.avm.de/products/fritzbox/fritzbox-7490/
>> 
>> [4] Raspberry Pi 2
>> OS: Raspbian, Derivative of Debian 8 "Jessie", build from Raspberry Pi 
>> Foundation
>> https://www.raspberrypi.org/products/raspberry-pi-2-model-b/
>> https://www.raspberrypi.org/downloads/raspbian/
>> https://www.raspbian.org/




More information about the Dnsmasq-discuss mailing list