[Dnsmasq-discuss] IPv6 setup for internal network

Michal Zatloukal myxal.mxl at gmail.com
Mon Aug 5 22:05:30 BST 2019 

Whoops, some of my example config was wrong.

ra-param=eth0,mtu:6in4,60 # "0" would disable periodic sending, and
Apple's OSes would drop the address without soliciting for the router
again.

MZ

On Mon, 5 Aug 2019 at 22:40, Michal Zatloukal <myxal.mxl at gmail.com> wrote:
>
> Hi there.
>
> On Fri, 2 Aug 2019 at 18:21, Knud <knud.skrald at guldberg.info> wrote:
> >
> > Hi
> >
> > I have tried to get IPv6 setup running for my internal LAN (at home)
> >
> > With a lot of tries and no really luck.
> >
> > What do I want:
> >
> > Have dnsmasq running on a server (Linux fedora f30), do Ipv6 DHCP/DNS
> > with local names.
>
> Where is the DHCPv4 server running? ra-names assumes the same instance
> of dnsmasq is running both DHCPv4 and v6.
> Personally, I haven't been able to get local names to work with IPv6
> even in that configuration. The assumption of hosts using EUI-64 is
> not met too often these days.
>
> > Want to proceed that for IPv6, let my router make a IPv6 tunnel to a HE
> > tunnelbrooker.
>
> Are server (DHCPv6) and router (6-in-4 tunnel) 2 different hosts? RAs
> must be sent by the host acting as the gateway, there's no way around
> this in IPv6 AFAIK. You must configure the gateways's RAs to enable
> clients to look for DHCPv6 server (M, O bits set to 1).
>
> >
> > Right now I how made a test setup consisting of 2 Vbox guest (Fedora
> > F30) running in internal network on the Vbox host just to get things
> > working and learn.
> >
> > So first step is get dnsmasq hand out a IP address and register it in
> > the DNS.
>
> Hold it - Do you have an address from the specified range (fd17:...)
> manually assigned to the interface on the DHCP server? (Not sure if
> it's necessary, but that's what I did) - if you don't, I could see how
> dnsmasq would consider the range non-local (see below)
>
> > 1st problem: Client get correct address from dnsmasq but not the right
> > mask eg. it get's an IP /128
> > enable-ra is there
>
> IIRC "/128" happens when the prefix is not flagged as on-link in its
> options. Check the advertisements with tcpdump/wireshark/rdisc6. As
> for cause, you config doesn't specify prefix length so the correct
> length must be set on the interface.
>
> > 2nd problem: Client get DNS ip from the fe80::  adress range
>
> If you mean "the DNS server address the client gets is in the
> fe80::/10 range", then this is normal.
>
> > 3th problem: the adress which registered in the dns is the fe80:: adress
>
> Not sure where this comes from (are you sure this is provided by
> dnsmasq, rather than avahi/mDNS/LLMNR?). If I'm reading the manual
> correctly - ra-name only intended for SLAAC-enabled networks, and even
> then only works with hosts that don't do private interface
> identifiers. So you won't get name resolution to your fd17... range
> regardless. Just to check - set loq-query and see if it's actually
> dnsmasq responding to the query. The leases file might also be
> helpful.
>
> > I could write a long story about what I have tried....
> >
> > Please advise..
>
> OK. From your config:
>
> > dhcp-range=fd17:625c:f037:a80f::10, fd17:625c:f037:a80f::ffff, ra-names
>
> According to the manual, omitting the prefix length will cause dnsmasq
> to use prefixlen of the interface. As noted above - is this set?
>
> As for me - I'm still on debian with ifupdown, so I do it this way (my
> HE tunnel endpoint is on a host behind NAT, rather than on the v4
> router, but that host also does DHCPv4 so I can do ra-names; 6in4
> requires that router is configured to treat this host as DMZ):
>
> 1. /e/n/i for eth0:
> iface eth0 inet static
>   ... # Private IPv4 config
>   up ifup 6in4
>   down ifdown 6in4
> iface eth0 inet6 manual
>
> 2. /e/n/i for the tunnel:
> iface 6in4 inet6 v4tunnel
>   ... # Endpoint addresses
>   up ip route add ::/0 dev 6in4
>   up ip add add 2001:.../64 dev eth0 # internal ip6 range
>   down ip route del ::/0 dev 6in4
>   down ip add del 2001:../64 dev eth0
>
> 3. dnsmasq for v6:
> dhcp-range=::,constructor:eth0,ra-names
> ra-param=eth0,mtu:6in4,0
>
> I'm not sure how/if dnsmasq can do DHCPv6-only assignment, but google
> search results suggest a range like this should get you going:
> dhcp-range=::1, ::FFFF:FFFF, constructor:br*, 64, 12h
>
> I would suggest you start with the easier SLAAC setup, then tweak it
> once you have that running.
>
> MZ
>
> > Knud
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

More information about the Dnsmasq-discuss mailing list