[Dnsmasq-discuss] IPv6 setup for internal network

Knud knud.skrald at guldberg.info
Tue Aug 6 17:47:21 BST 2019 

Hi Michal

Thanks for replying

Sorry for late response...some how I have problems sending til the 
list..takes forever before my mails arrives

See my replies below
Knud


On 05/08/2019 22.40, Michal Zatloukal wrote:
> Hi there.
> 
> On Fri, 2 Aug 2019 at 18:21, Knud <knud.skrald at guldberg.info> wrote:
>>
>> Hi
>>
>> I have tried to get IPv6 setup running for my internal LAN (at home)
>>
>> With a lot of tries and no really luck.
>>
>> What do I want:
>>
>> Have dnsmasq running on a server (Linux fedora f30), do Ipv6 DHCP/DNS
>> with local names.
> 
> Where is the DHCPv4 server running? ra-names assumes the same instance
> of dnsmasq is running both DHCPv4 and v6.
> Personally, I haven't been able to get local names to work with IPv6
> even in that configuration. The assumption of hosts using EUI-64 is
> not met too often these days.

On a local server


> 
>> Want to proceed that for IPv6, let my router make a IPv6 tunnel to a HE
>> tunnelbrooker.
> 
> Are server (DHCPv6) and router (6-in-4 tunnel) 2 different hosts? RAs
> must be sent by the host acting as the gateway, there's no way around
> this in IPv6 AFAIK. You must configure the gateways's RAs to enable
> clients to look for DHCPv6 server (M, O bits set to 1).

yes dnsmasq on one machine router is a physical other box doing only 
IPv4 routing/NAT and IPv6 tunnel 6rd4

> 
>>
>> Right now I how made a test setup consisting of 2 Vbox guest (Fedora
>> F30) running in internal network on the Vbox host just to get things
>> working and learn.
>>
>> So first step is get dnsmasq hand out a IP address and register it in
>> the DNS.
> 
> Hold it - Do you have an address from the specified range (fd17:...)
> manually assigned to the interface on the DHCP server? (Not sure if
> it's necessary, but that's what I did) - if you don't, I could see how
> dnsmasq would consider the range non-local (see below)

Yes fixed address with /64

> 
>> 1st problem: Client get correct address from dnsmasq but not the right
>> mask eg. it get's an IP /128
>> enable-ra is there
> 
> IIRC "/128" happens when the prefix is not flagged as on-link in its
> options. Check the advertisements with tcpdump/wireshark/rdisc6. As
> for cause, you config doesn't specify prefix length so the correct
> length must be set on the interface.
> 
>> 2nd problem: Client get DNS ip from the fe80::  adress range
> 
> If you mean "the DNS server address the client gets is in the
> fe80::/10 range", then this is normal.
> 
>> 3th problem: the adress which registered in the dns is the fe80:: adress
> 
> Not sure where this comes from (are you sure this is provided by
> dnsmasq, rather than avahi/mDNS/LLMNR?). If I'm reading the manual
> correctly - ra-name only intended for SLAAC-enabled networks, and even
> then only works with hosts that don't do private interface
> identifiers. So you won't get name resolution to your fd17... range
> regardless. Just to check - set loq-query and see if it's actually
> dnsmasq responding to the query. The leases file might also be
> helpful.
> 
>> I could write a long story about what I have tried....
>>
>> Please advise..
> 
> OK. From your config:
> 
>> dhcp-range=fd17:625c:f037:a80f::10, fd17:625c:f037:a80f::ffff, ra-names
> 
> According to the manual, omitting the prefix length will cause dnsmasq
> to use prefixlen of the interface. As noted above - is this set?

yes

> 
> As for me - I'm still on debian with ifupdown, so I do it this way (my
> HE tunnel endpoint is on a host behind NAT, rather than on the v4
> router, but that host also does DHCPv4 so I can do ra-names; 6in4
> requires that router is configured to treat this host as DMZ):
> 
> 1. /e/n/i for eth0:
> iface eth0 inet static
>    ... # Private IPv4 config
>    up ifup 6in4
>    down ifdown 6in4
> iface eth0 inet6 manual
> 
> 2. /e/n/i for the tunnel:
> iface 6in4 inet6 v4tunnel
>    ... # Endpoint addresses
>    up ip route add ::/0 dev 6in4
>    up ip add add 2001:.../64 dev eth0 # internal ip6 range
>    down ip route del ::/0 dev 6in4
>    down ip add del 2001:../64 dev eth0
> 
> 3. dnsmasq for v6:
> dhcp-range=::,constructor:eth0,ra-names
> ra-param=eth0,mtu:6in4,0
> 
> I'm not sure how/if dnsmasq can do DHCPv6-only assignment, but google
> search results suggest a range like this should get you going:
> dhcp-range=::1, ::FFFF:FFFF, constructor:br*, 64, 12h
> 
> I would suggest you start with the easier SLAAC setup, then tweak it
> once you have that running.

In my test environment I start with DHCP and DNS registre names
Otherwise is everything else use less.


On my "production LAN I can get the 6rd4 tunnel working with I guess 
SLAAC  (the router does advertising) and get the clients to connect to 
IPv6 host on internet...but I am missing the my local DNS registration.

I shifted to the test environment due to the impact of playing around 
with "production" LAN

> 
> MZ
> 
>> Knud
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>

More information about the Dnsmasq-discuss mailing list