[Dnsmasq-discuss] IPv6 setup for internal network

Michal Zatloukal myxal.mxl at gmail.com
Mon Aug 5 21:40:55 BST 2019

Hi there.

On Fri, 2 Aug 2019 at 18:21, Knud <knud.skrald at guldberg.info> wrote:
> Hi
> I have tried to get IPv6 setup running for my internal LAN (at home)
> With a lot of tries and no really luck.
> What do I want:
> Have dnsmasq running on a server (Linux fedora f30), do Ipv6 DHCP/DNS
> with local names.

Where is the DHCPv4 server running? ra-names assumes the same instance
of dnsmasq is running both DHCPv4 and v6.
Personally, I haven't been able to get local names to work with IPv6
even in that configuration. The assumption of hosts using EUI-64 is
not met too often these days.

> Want to proceed that for IPv6, let my router make a IPv6 tunnel to a HE
> tunnelbrooker.

Are server (DHCPv6) and router (6-in-4 tunnel) 2 different hosts? RAs
must be sent by the host acting as the gateway, there's no way around
this in IPv6 AFAIK. You must configure the gateways's RAs to enable
clients to look for DHCPv6 server (M, O bits set to 1).

> Right now I how made a test setup consisting of 2 Vbox guest (Fedora
> F30) running in internal network on the Vbox host just to get things
> working and learn.
> So first step is get dnsmasq hand out a IP address and register it in
> the DNS.

Hold it - Do you have an address from the specified range (fd17:...)
manually assigned to the interface on the DHCP server? (Not sure if
it's necessary, but that's what I did) - if you don't, I could see how
dnsmasq would consider the range non-local (see below)

> 1st problem: Client get correct address from dnsmasq but not the right
> mask eg. it get's an IP /128
> enable-ra is there

IIRC "/128" happens when the prefix is not flagged as on-link in its
options. Check the advertisements with tcpdump/wireshark/rdisc6. As
for cause, you config doesn't specify prefix length so the correct
length must be set on the interface.

> 2nd problem: Client get DNS ip from the fe80::  adress range

If you mean "the DNS server address the client gets is in the
fe80::/10 range", then this is normal.

> 3th problem: the adress which registered in the dns is the fe80:: adress

Not sure where this comes from (are you sure this is provided by
dnsmasq, rather than avahi/mDNS/LLMNR?). If I'm reading the manual
correctly - ra-name only intended for SLAAC-enabled networks, and even
then only works with hosts that don't do private interface
identifiers. So you won't get name resolution to your fd17... range
regardless. Just to check - set loq-query and see if it's actually
dnsmasq responding to the query. The leases file might also be

> I could write a long story about what I have tried....
> Please advise..

OK. From your config:

> dhcp-range=fd17:625c:f037:a80f::10, fd17:625c:f037:a80f::ffff, ra-names

According to the manual, omitting the prefix length will cause dnsmasq
to use prefixlen of the interface. As noted above - is this set?

As for me - I'm still on debian with ifupdown, so I do it this way (my
HE tunnel endpoint is on a host behind NAT, rather than on the v4
router, but that host also does DHCPv4 so I can do ra-names; 6in4
requires that router is configured to treat this host as DMZ):

1. /e/n/i for eth0:
iface eth0 inet static
  ... # Private IPv4 config
  up ifup 6in4
  down ifdown 6in4
iface eth0 inet6 manual

2. /e/n/i for the tunnel:
iface 6in4 inet6 v4tunnel
  ... # Endpoint addresses
  up ip route add ::/0 dev 6in4
  up ip add add 2001:.../64 dev eth0 # internal ip6 range
  down ip route del ::/0 dev 6in4
  down ip add del 2001:../64 dev eth0

3. dnsmasq for v6:

I'm not sure how/if dnsmasq can do DHCPv6-only assignment, but google
search results suggest a range like this should get you going:
dhcp-range=::1, ::FFFF:FFFF, constructor:br*, 64, 12h

I would suggest you start with the easier SLAAC setup, then tweak it
once you have that running.


> Knud
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

More information about the Dnsmasq-discuss mailing list