[Dnsmasq-discuss] How to add AAAA record for host with dynamic prefix?

Sat Feb 27 04:18:30 UTC 2021

Fred,

Which firewall are you using on FreeBSD? I know for sure that ipfw 
allows defining rules referring to a NIC, rather than having to specify 
the IP address (e.g. "deny tcp from any to any in via igb1 setup"). I'd 
be surprised if the other firewalls didn't allow the same. So, maybe you 
don't need to know the address.

Graham

On 27/02/2021 2:54 am, Fred F wrote:
> Hi Simon,
>
> thanks for your reply. Unfortunately ULA does not solve my problem, as
> this host needs to be reachable through that address from the outside
> world. And I'd like to use the DNS name as an alias in the firewall
> (FreeBSD). So right now I am stuck with the following situation:
>
> - My IPv6 prefix changes every 24 hours
> - My machines change their global addresses every 24 hours
> - I need to reference some of the machine's global addresses in
> firewall rules (allow access from the outside)
> - FreeBSD's packet filter does support DNS aliases in firewall rules
> - dnsmasq is my primary DNS server but it does not seem to have any
> option to statically define host records with dynamic IPv6 prefixes,
> which would be super handy for firewall rules
>
> Does this use-case sound legit to you? Maybe a feature like this
> (semi-static host records with prefix from interface constructor) can
> be considered?
>
>
> Thanks and best regards,
> Frederik
>
> On Fri, 19 Feb 2021 at 01:06, Simon Kelley <simon at thekelleys.org.uk> 
> wrote:
>> There's a way to do this with DHCPv6-assigned addresses, bit not
>> arbitrary DNS records setup using --host-record.
>>
>> If it was me, I'd use ULA to have an unchanging IPv6 address for each
>> host, as well as the dynamically assigned prefix.
> On Fri, 19 Feb 2021 at 01:06, Simon Kelley <simon at thekelleys.org.uk> 
> wrote:
>> On 13/02/2021 19:22, Fred F wrote:
>>> Dear all,
>>>
>>> I'd like to bump this question. Isn't there anybody who is using
>>> dnsmasq in IPv6 networks with dynamic prefixes?
>>>
>>> Regards,
>>> Frederik
>>>
>>> On Sat, 10 Oct 2020 at 16:59, Fred F <frederik.vogelsang at gmail.com> 
>>> wrote:
>>>> Hi,
>>>>
>>>> I am using dnsmasq in an environment with a dynamic IPv6 prefix. On a
>>>> few of my servers I am using statically assigned IP addresses for IPv4
>>>> and static interface tokens for IPv6 (through systemd-networkd). This
>>>> way the machines will always have predictable v4 and v6 addresses
>>>> without DHCP or SLAAC in the following format:
>>>>
>>>> v4: 192:168.1.1
>>>> v6: dead::beef:192:168:1:1 (where dead::beef if the current IPv6 
>>>> prefix).
>>>>
>>>> Now I'd like to add AAAA records for these hostnames in dnsmasq. When
>>>> defining DHCP/SLAAC ranges in dnsmasq there is the
>>>> "constructor:infname" syntax which automagically uses the interface's
>>>> current IPv6 prefix. Is there something like that for host records?
>>>>
>>>> Something like this would be super cool, but I cannot get it to work:
>>>>
>>>> host-record=laptop,laptop.thekelleys.org,192.168.1.1,::192.168.1.1,constructor:eth0
>>>>
>>>> Is there any other way to do what I am doing? I know about the
>>>> "ra-names" feature but unfortunately it's not compatible with IPv6
>>>> interface tokens other than the MAC address (a.k.a. default SLAAC).
>>>>
>>>>
>> There's a way to do this with DHCPv6-assigned addresses, bit not
>> arbitrary DNS records setup using --host-record.
>>
>> If it was me, I'd use ULA to have an unchanging IPv6 address for each
>> host, as well as the dynamically assigned prefix.
>>
>>
>> Cheers,
>>
>> SImon.
>>
>>
>> _______________________________________________
>> Dnsmasq-discuss mailing list
>> Dnsmasq-discuss at lists.thekelleys.org.uk
>> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>