[Dnsmasq-discuss] How to add AAAA record for host with dynamic prefix?
Geert Stappers
stappers at stappers.nl
Tue Mar 2 07:14:18 UTC 2021
On Mon, Mar 01, 2021 at 09:40:04PM +0100, Fred F wrote:
> On Sun, 28 Feb 2021 at 18:07, Simon Kelley <simon at thekelleys.org.uk> wrote:
> > It's actually rather easy to add an address field, such that
> >
> > interface-name=laptop.thekelleys.org.uk,[::2],eth0/6
> >
> > and eth0 having 1:2:3:4::1, as before, yields an
> > a AAAA record for address 1234::2. The combination of the prefix and the
> > address being controlled by the prefix-length of the address.
>
> that sounds great. My guess is that this would also greatly help the
> OPNsense project, as they have been struggling with IPv6 firewall
> rules with dynamic prefixes for quite some time now. If people were
> able to use DNS names then these kind of problems would be solved.
And even documented in https://tools.ietf.org/html/rfc1925
as fundamental truth number six:
(6) It is easier to move a problem around (for example, by moving
the problem to a different part of the overall network
architecture) than it is to solve it.
(6a) (corollary). It is always possible to add another level of
indirection.
> But I agree that the option naming ("interface-name") is not ideal.
>
> Option-wise I think the "host-record" directive would also be
> suitable, but I guess there is more work to be done there for
> supporting the "constructor:ifname" statements like this:
>
> host-record=laptop,laptop.thekelleys.org,192.168.1.1,::192.168.1.1,constructor:eth0
>
> And yeah, it's a bit clumsy. So if extending the "interface-name"
> option is quick and easy this would be fine I guess, as this is not a
> feature which is required by the majority of users (yet). But it would
> definitely be a unique feature of dnsmasq.
> > Comments, list members?
Firewall rules should be on network blocks.
IPv4 /32 blocks are valid network blocks,
rendering then to hosts is understandable.
But it defeats "firewall rules should be on network blocks".
DNS is unaware of network blocks.
Groeten
Geert Stappers
--
Silence is hard to parse
More information about the Dnsmasq-discuss
mailing list