[Dnsmasq-discuss] No IPv6

Kevin Darbyshire-Bryant kevin at darbyshire-bryant.me.uk
Thu Sep 17 10:30:19 BST 2015



On 16/09/15 15:48, Nickolai Dobrynin wrote:
> Hello world!
>
> I can't get IPv6 working with dnsmasq.  My ISP supports IPv6 "natively",
> but when I run 'ping6 -c 1 google.com' on a client, I get "Network unreachable".
> When I ping a host that's IPv4-only, the message becomes "unknown host".  My
> router (with dnsmasq atop) sits between the modem and the rest of the network.
>
> I do see some DNS queries (see below) logged from the pings (I assume) I just
> mentioned, but I'm not sure what to make of these logs since I don't know how
> healthy ones look.
>
> 'ifconfig' shows one IPv6 address (for that particular network
> interface), and it
> starts with f80::.  Not terribly useful.
>
> Many thanks,
> Nickolai Dobrynin
>
Hi Nickolai,

It sounds to me like your client doesn't have a world routable ipv6
address.  In ipv6 land, network/network prefixes are handed out by
'Router Advertisements' with optionally additional info by DHCPv6. 
dnsmasq can handle the RA/DHCPv6 requirement very well indeed,
alternately another common tool is 'radvd' which may already be running
on your router.

Check out the 'enable-ra' and 'dhcp-range' options of dnsmasq.  As a
brief and probably too specific example, I've the following on my
openwrt based router:

dhcp-range=::2, ::FFFF:FFFF, constructor:br-lan,64, 12h
enable-ra
ra-param=br-lan,high,0

The br-lan interface is my bridge lan interface with wifi radios &
ethernet switch, this has a world routable ipv6 prefix allocated to it
(in my case by an ipv6 tunneling mechanism..no native yet)  A dhcpv6
range based on this prefix is constructed and the ipv6 prefix is
advertised as well as the instruction to use stateful dhcpv6.

You may find these additional options useful:

dhcp-option=option6:dns-server,[fe80::]
dhcp-option=option6:domain-search,your.local.domain.here
dhcp-option=option6:sntp-server,[fe80::]

These advertise the local ipv6 dns & ntp server to be the link-local
address of the machine running dnsmasq.  Also they advertise the local
dns domain name.

Finally, recently I've taken to using the following:

server=/0.in-addr.arpa/
server=/127.in-addr.arpa/
server=/254.169.in-addr.arpa/
server=/2.0.192.in-addr.arpa/
server=/100.51.198.in-addr.arpa/
server=/113.0.203.in-addr.arpa/
server=/255.255.255.255.in-addr.arpa/

server=/d.f.ip6.arpa/
server=/8.e.f.ip6.arpa/
server=/9.e.f.ip6.arpa/
server=/a.e.f.ip6.arpa/
server=/b.e.f.ip6.arpa/

For the purposes of trying to be a good netizen the above lines prevent
dnsmasq from forwarding reverse lookups (address to name) for address
ranges that really should be handled locally (my ISP really doesn't know
about my link-local address range, so I don't ask, which means it
doesn't ask the root servers either!)

Maybe some of this helps.

Kevin




-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4816 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20150917/afaa817f/attachment.bin>


More information about the Dnsmasq-discuss mailing list