[Dnsmasq-discuss] [PATCH v2] DHCPv6: Honor assigning IPv6 address based on MAC address

Pali Rohár pali.rohar at gmail.com
Thu Jul 23 14:11:59 BST 2020 

On Thursday 23 July 2020 12:43:03 Kevin 'ldir' Darbyshire-Bryant wrote:
> > On 23 Jul 2020, at 09:35, Pali Rohár <pali.rohar at gmail.com> wrote:
> > 
> > So finally something relevant to this patch...
> > 
> > On Wednesday 22 July 2020 23:48:19 Petr Menšík wrote:
> >> On 7/22/20 3:44 PM, Pali Rohár wrote:
> >>> I do not see any benefit why to complicate things just because "IPv6
> >>> addresses are many". I do not see nothing wrong on simple setup where
> >>> device has one IPv6 address assigned by DHCPv6 server.
> >> I think you are requesting breaking of DHCP definition RFCs. I see
> >> nothing wrong with IPv6 assigned to MAC address. I think it is wrong, if
> >> there are existing leases for the same address with different IAID.
> > 
> > The whole point of this patch is to make MAC --> IPv6 address assigning
> > working. It means that IPv6 address must be leased to MAC address if
> > assigning is based on MAC address and not on DUID/IAID.
> > 
> > If user set in configure file that for MAC address AB:CD:EF:AB:CD:EF
> > must be assigned IPv6 address FD::1 then user would expect that host
> > with address AB:CD:EF:AB:CD:EF would get IPv6 address FD::1.
> <snippage>
> 
> If I may proffer this real life use case/scenario as found in my very own home:
> 
> I have a couple of Qnap NAS boxes.  They speak legacy IP and IPv6.  These boxes sometimes offer services such as bittorrent to the Internet. They live behind an Openwrt router/firewall, the very device that runs dnsmasq offering DHCPv4/v6 leases.  For purposes of my own sanity I lock the IPv4 address to the qnap devices MAC addresses, thus I can enter unchanging and consistent entries in the firewall for relevant hosts/ports.  I have an identical requirement for IPv6.  I need to be sure that these Qnap devices will land at a known, consistent, effectively static IPv4/v6 address.
> 
> The IPv4 case is easily solved and supported.  The IPv6 case (until recently..qnap changed something..and I don’t reboot as much) was more challenging in that dnsmasq ignores the MAC address.  The DUID/IAID would change at different stages of the boot, leading to dnsmasq thinking the address requested was being requested for a new client as opposed to the same client simply rebooting.
> 
> There is a use case for locking/mapping IPv6 to MAC address whether it violates RFCs or not.  For reasons of firewall pinholes I need certain machines to land at certain addresses.  For ‘fun’ we can discuss if this is a problem with/for upnp/natpnp

Hello Kevin! So you basically have similar/same feature request.

Could you test this dnsmasq patch if it helps with your setup?

-- 
Pali Rohár
pali.rohar at gmail.com

More information about the Dnsmasq-discuss mailing list