[Dnsmasq-discuss] How to add AAAA record for host with dynamic prefix?
Fred F
frederik.vogelsang at gmail.com
Fri Feb 26 15:59:33 UTC 2021
Hi Matthias,
unfortunately I need the global addresses in DNS, as that's the only
way for me to reference the hosts in firewall rules (FreeBSD's packet
filter supports DNS aliases natively). So unfortunately ULA does not
help in this situation. I need global IPv6 addresses (with dynamic
prefixes) in DNS.
Thanks and best regards,
Frederik
On Fri, 19 Feb 2021 at 23:58, M. Buecher <maddes+debian at maddes.net> wrote:
> Hello Frederik,
>
> IPv4 and IPv6 have different philosophies and you may get seduced to
> adopt your IPv4 knowledge to IPv6.
> Took me some time to get this sorted out myself.
> Actually your question is about IPv6 in general and not really dnsmasq
> specific.
>
> IPv6 is by default multi-homed with multiple IPv6 addresses (SLAAC,
> temporary private, DHCPv6, etc.) of multiple IPv6 networks (GUA, ULA,
> LLA).
> In general GUAs are for WAN communications, ULAs for LAN/VPN
> communications and LLA for configuration less on-link communication.
> * LLA; Prefix fe80::/10; RFC 4291<3513<2373<1884
> * ULA; Prefix fc00::/7 typcially fd00::/8; RFC 4193
> * Side note: SLAs are deprecated and superseeded by ULAs.
> * GUA; Prefix 2000::/3; RFC 4291<3513<2373<1884
>
> For local IPv6 addresses define yourself a random(!) ULA network
> (fdxx:xxxx:xxxx:xxxx::/64) and assign static IPv6 addresses to your
> services/servers (SLAAC, temporary private, DHCPv6 in addition as it
> fits your needs).
> ULAs allow you to route traffic from/to ULAs (LAN/VPN) and also from/to
> GUAs without having a WAN connection on the servers/services, while LLA
> is not routed by design.
> Even if you want the service to be reachable from outside via its GUA
> address, then you should still define static ULA addresses to be locally
> independent from your ISP service.
> Static addresses also allow you to contact your services/servers even
> when DHCP is down.
> I myself additionally setup a DHCP entry for them with their static IP
> addresses, so that they get their usual/planned IPv6 addresses during
> their setup or when running a live system from USB/CD/DVD.
>
> My private local home office setup has 2 ULAs (one "production" ULA from
> my dnsmasq server, one fallback ULA from my FritzBox router) plus 1 GUA
> (from my Fritzbox router). dnsmasq serves the static addresses from its
> /etc/hosts. But these are just my personal preferences.
>
> Hope this points you to the right directions.
>
> Kind regards
> Matthias Bücher
>
More information about the Dnsmasq-discuss
mailing list