[Dnsmasq-discuss] How to add AAAA record for host with dynamic prefix?

[Simon Kelley]

On 26/02/2021 15:54, Fred F wrote:
> Hi Simon,
> 
> thanks for your reply. Unfortunately ULA does not solve my problem, as
> this host needs to be reachable through that address from the outside
> world. And I'd like to use the DNS name as an alias in the firewall
> (FreeBSD). So right now I am stuck with the following situation:
> 
> - My IPv6 prefix changes every 24 hours
> - My machines change their global addresses every 24 hours
> - I need to reference some of the machine's global addresses in
> firewall rules (allow access from the outside)
> - FreeBSD's packet filter does support DNS aliases in firewall rules
> - dnsmasq is my primary DNS server but it does not seem to have any
> option to statically define host records with dynamic IPv6 prefixes,
> which would be super handy for firewall rules
> 
> Does this use-case sound legit to you? Maybe a feature like this
> (semi-static host records with prefix from interface constructor) can
> be considered?
> 
> 

The guts of this actually exists already with the --interface-name
option. That puts a name into the DNS with the exact address(es) of an
interface, so if you have an interface eth0 with address 1:2:3:4::1 than

interface-name=laptop.thekelleys.org.uk,eth0/6

will give you an AAAA record for laptop.thekelleys.org.uk and 1:2:3:4::1

It's actually rather easy to add an address field, such that


interface-name=laptop.thekelleys.org.uk,[::2],eth0/6

and eth0 having 1:2:3:4::1, as before, yields an
a AAAA record for address 1234::2. The combination of the prefix and the
address being controlled by the prefix-length of the address.

extended like this, --interface-name is not particularly descriptive
option name, but there's nothing to preclude a better alias to the same
function.


Comments, list members?

Simon.