[Dnsmasq-discuss] IPv6 setup for internal network

Knud knud.skrald at guldberg.info
Tue Aug 6 22:26:16 BST 2019 

Right now is it working (seems)

client get 2 address
1 in /64 range og 1 in /128 were the last gets regstirered in dns

Knud

On 06/08/2019 18.47, Knud wrote:
> Hi Michal
> 
> Thanks for replying
> 
> Sorry for late response...some how I have problems sending til the 
> list..takes forever before my mails arrives
> 
> See my replies below
> Knud
> 
> 
> On 05/08/2019 22.40, Michal Zatloukal wrote:
>> Hi there.
>>
>> On Fri, 2 Aug 2019 at 18:21, Knud <knud.skrald at guldberg.info> wrote:
>>>
>>> Hi
>>>
>>> I have tried to get IPv6 setup running for my internal LAN (at home)
>>>
>>> With a lot of tries and no really luck.
>>>
>>> What do I want:
>>>
>>> Have dnsmasq running on a server (Linux fedora f30), do Ipv6 DHCP/DNS
>>> with local names.
>>
>> Where is the DHCPv4 server running? ra-names assumes the same instance
>> of dnsmasq is running both DHCPv4 and v6.
>> Personally, I haven't been able to get local names to work with IPv6
>> even in that configuration. The assumption of hosts using EUI-64 is
>> not met too often these days.
> 
> On a local server
> 
> 
>>
>>> Want to proceed that for IPv6, let my router make a IPv6 tunnel to a HE
>>> tunnelbrooker.
>>
>> Are server (DHCPv6) and router (6-in-4 tunnel) 2 different hosts? RAs
>> must be sent by the host acting as the gateway, there's no way around
>> this in IPv6 AFAIK. You must configure the gateways's RAs to enable
>> clients to look for DHCPv6 server (M, O bits set to 1).
> 
> yes dnsmasq on one machine router is a physical other box doing only 
> IPv4 routing/NAT and IPv6 tunnel 6rd4
> 
>>
>>>
>>> Right now I how made a test setup consisting of 2 Vbox guest (Fedora
>>> F30) running in internal network on the Vbox host just to get things
>>> working and learn.
>>>
>>> So first step is get dnsmasq hand out a IP address and register it in
>>> the DNS.
>>
>> Hold it - Do you have an address from the specified range (fd17:...)
>> manually assigned to the interface on the DHCP server? (Not sure if
>> it's necessary, but that's what I did) - if you don't, I could see how
>> dnsmasq would consider the range non-local (see below)
> 
> Yes fixed address with /64
> 
>>
>>> 1st problem: Client get correct address from dnsmasq but not the right
>>> mask eg. it get's an IP /128
>>> enable-ra is there
>>
>> IIRC "/128" happens when the prefix is not flagged as on-link in its
>> options. Check the advertisements with tcpdump/wireshark/rdisc6. As
>> for cause, you config doesn't specify prefix length so the correct
>> length must be set on the interface.
>>
>>> 2nd problem: Client get DNS ip from the fe80::  adress range
>>
>> If you mean "the DNS server address the client gets is in the
>> fe80::/10 range", then this is normal.
>>
>>> 3th problem: the adress which registered in the dns is the fe80:: adress
>>
>> Not sure where this comes from (are you sure this is provided by
>> dnsmasq, rather than avahi/mDNS/LLMNR?). If I'm reading the manual
>> correctly - ra-name only intended for SLAAC-enabled networks, and even
>> then only works with hosts that don't do private interface
>> identifiers. So you won't get name resolution to your fd17... range
>> regardless. Just to check - set loq-query and see if it's actually
>> dnsmasq responding to the query. The leases file might also be
>> helpful.
>>
>>> I could write a long story about what I have tried....
>>>
>>> Please advise..
>>
>> OK. From your config:
>>
>>> dhcp-range=fd17:625c:f037:a80f::10, fd17:625c:f037:a80f::ffff, ra-names
>>
>> According to the manual, omitting the prefix length will cause dnsmasq
>> to use prefixlen of the interface. As noted above - is this set?
> 
> yes
> 
>>
>> As for me - I'm still on debian with ifupdown, so I do it this way (my
>> HE tunnel endpoint is on a host behind NAT, rather than on the v4
>> router, but that host also does DHCPv4 so I can do ra-names; 6in4
>> requires that router is configured to treat this host as DMZ):
>>
>> 1. /e/n/i for eth0:
>> iface eth0 inet static
>>    ... # Private IPv4 config
>>    up ifup 6in4
>>    down ifdown 6in4
>> iface eth0 inet6 manual
>>
>> 2. /e/n/i for the tunnel:
>> iface 6in4 inet6 v4tunnel
>>    ... # Endpoint addresses
>>    up ip route add ::/0 dev 6in4
>>    up ip add add 2001:.../64 dev eth0 # internal ip6 range
>>    down ip route del ::/0 dev 6in4
>>    down ip add del 2001:../64 dev eth0
>>
>> 3. dnsmasq for v6:
>> dhcp-range=::,constructor:eth0,ra-names
>> ra-param=eth0,mtu:6in4,0
>>
>> I'm not sure how/if dnsmasq can do DHCPv6-only assignment, but google
>> search results suggest a range like this should get you going:
>> dhcp-range=::1, ::FFFF:FFFF, constructor:br*, 64, 12h
>>
>> I would suggest you start with the easier SLAAC setup, then tweak it
>> once you have that running.
> 
> In my test environment I start with DHCP and DNS registre names
> Otherwise is everything else use less.
> 
> 
> On my "production LAN I can get the 6rd4 tunnel working with I guess 
> SLAAC  (the router does advertising) and get the clients to connect to 
> IPv6 host on internet...but I am missing the my local DNS registration.
> 
> I shifted to the test environment due to the impact of playing around 
> with "production" LAN
> 
>>
>> MZ
>>
>>> Knud
>>> _______________________________________________
>>> Dnsmasq-discuss mailing list
>>> Dnsmasq-discuss at lists.thekelleys.org.uk
>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>

More information about the Dnsmasq-discuss mailing list