[Dnsmasq-discuss] Prefix delegation with DNSmasq
    Simon Kelley 
    simon at thekelleys.org.uk
       
    Sun Apr 12 18:25:30 BST 2020
    
    
  
I'd split your /56 into as many /64s as you need, and set up routing as
required (either static or using some routing daemon). Run dnsmasq
centrally, and use DHCpv6 relays to proxy DHCPv6 requests from the
router on each /64 network back to the central dnsmasq instance.
Simon.
On 12/04/2020 18:20, Oliver Freyermuth wrote:
> Am 12.04.20 um 19:01 schrieb Simon Kelley:
>> The first question is, how static are your global addresses? Making a
>> network which can survive renumbering is a lot more difficult than one
>> with known and fixed addresses.
> 
> Luckily, they are completely static :-). 
> 
> Cheers,
> 	Oliver
> 
>>
>>
>> Simon.
>>
>>
>>
>> On 12/04/2020 17:20, Oliver Freyermuth wrote:
>>> Dear DNSmasqers,
>>>
>>> I have a setup in mind and wonder whether dnsmasq is the correct tool (since I have not found the necessary functionality in the documentation yet). 
>>>
>>> We have a /56 IPv6 network, and plan to use pure DHCPv6 (no stateless autoconfiguration) in several /64 networks. 
>>> There are several subnets (currently NATed IPv4), such as — for example — a WireGuard VPN network, or a local isolated subnet. 
>>> While with IPv4, the answer was the use of private addresses and NAT every time, potentially using a DHCP fowarder, for IPv6, the answer should be to use Global Unicast addresses everywhere (right?). 
>>> How do I approach this correctly? 
>>>
>>> Three options come to mind to handle such subnets:
>>> - Use ULAs and NAT (but that does not feel like IPv6...). 
>>> - Delegate a prefix from the large network (where we'd use dnsmasq) to the "gateway" machine, which then would be a router. 
>>>   However, I am not aware if dnsmasq can delegate prefixes? 
>>> - Use ProxyNDP (via npdpd or Linux kernel functionality). But I'm not sure if that scales well to a larger number of machines? 
>>> - Use static routes on the central machine which send the /64 subnet to the "gateways" and use dnsmasq on the gateways. 
>>>   Am I missing something here, or should that "just work"?
>>>
>>> Is anybody aware of a best-practice guide here (please RTFM me)? Is dnsmasq the correct tool? 
>>>
>>> Cheers and thanks for any guidance,
>>> 	Oliver
>>>
>>> _______________________________________________
>>> Dnsmasq-discuss mailing list
>>> Dnsmasq-discuss at lists.thekelleys.org.uk
>>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>>
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>>
> 
    
    
More information about the Dnsmasq-discuss
mailing list