[Dnsmasq-discuss] dnsmasq can be tricked to send invalid RAs

Michal Zatloukal myxal.mxl at gmail.com
Sun Jan 5 13:25:51 GMT 2020


Hello.
I recently decided to move my dnsmasq+6in4 tunnel setup from Raspbian
to the latest Ubuntu. To keep a long story short, after some
(mis)configuration I ended up with an interface with an IPv6 GUA, but
with no LLA [0] (a bug/oversight in netplan, I guess [1]). dnsmasq
does not protest this and will send RAs sourced with GUA, which will
fail validation according to RFC 4861, section 6.1.2.
Not really a problem for my case (AFAIK, an interface should never
lose/stay without its LLA) , just thought you should know.

Cheers,
MZ

[0] Should be reproducible by:
ip addr add dev <device> 2001:db8::1/64
ip -6 addr flush dev <device> scope link
Then for dnsmasq config, use
dhcp-range=::,constructor:<device>,ra-names
[1] https://bugs.launchpad.net/ubuntu/+source/netplan.io/+bug/1810971



More information about the Dnsmasq-discuss mailing list