[Dnsmasq-discuss] Stateful DHCP and DNS for both IPv4 and IPv6

Simon Kelley simon at thekelleys.org.uk
Fri Apr 9 17:16:40 UTC 2021


On 03/04/2021 10:22, Guillermo López Alejos via Dnsmasq-discuss wrote:
> Hi!,
> 
> I'm working on a dockerized deployment of dnsmasq for my local network
> (the base image is Debian 10.8-slim). My goal is to achieve stateful
> DHCP and DNS for both IPv4 and IPv6.
                  ^^^^^^^^^^^^^^^^^^^^


Your configuration sets up stateless address autoconfiguration for IPv6,
not DHCPv6. It doesn't seem to be working, but that's irrelevant if you
want DHCPv6.

Background: there are two completely different ways ofdoing automatic
address config in IPv6. One is SLAAC, where a router just advertises the
available prefixes, and the hosts pick their own addresses within those
prefixes, collisions are dealt with. the other is DHCPv6 which is like
DHCPv4, but much more complicated (inevitably). These are often referred
to as stateless and statefull (but there's a version of DHCPv6 which is
stateless as well, confusingly)

For doing the trick that dnsmasq does in DHCPv4, where hosts getting an
address send their name in the DHCP request and then the name,address
pair gets inserted into the DNS, works on DHCPv6 too, but not SLAAC.
Dnsmasq has a nasty hack, which you've enabled with ra-names, where it
uses the name information from a DHCPv4 lease to name hosts which get
addresses from SLAAC. If you can use DHCPv6 instead, that's much better.

So, first decide if you're using SLAAC or DHCPv6, if at all possible use
DHCPv6. Then make sure your clients know to use DHCPv6, and go from there.

IPv6 is the second-system-effect times 1000.


Simon.

> 
> At this point IPv4 DHCP and DNS is working fine, and I'm getting some
> IPv6 DNS resolution for static entries in the "/etc/hosts" file. I'm,
> however, struggling with IPv6 DNS resolution. At the end of the message
> are the involved configuration files, and a sample of the logs produced
> by dnsmasq (I'm omitting Docker-related files since I believe that it is
> safe to assume that that configuration is correct). dnsmasq is running
> in the domctr.ewlan.es host.
> 
> If I do "ping -6 domctr" from another host, then I get a reply from the
> "domctr" server (this is the only host with an IPv6 address in the
> /etc/hosts file). For any other host I get an "No address associated
> with hostname" error. dnsmasq logs seem healthy.
> 
> This is almost the first time I deal with dnsmasq and IPv6, and I'm
> discovering that IPv6 concepts go far beyond the IPv4 concepts I'm used
> to... Perhaps I should start there...
> 
> Any help would be very much appreciated.
> 
> Thanks in advance,
> 
> Guillermo
> 
> 
> ---- /etc/network/interfaces (Docker host)
> ------------------------------------
> 
> # The loopback network interface
> auto lo
> iface lo inet loopback
> 
> allow-hotplug eth0
> iface eth0 inet static
>     address 192.168.1.4
>     netmask 255.255.255.0
>     broadcast 192.168.1.255
>     gateway 192.168.1.1
> 
> ---- /etc/hosts (Docker container)
> --------------------------------------------
> 
> 192.168.1.2            ewnas.ewlan.es     ewnas
> 192.168.1.3            mykvm.ewlan.es        mykvm
> 192.168.1.4            domctr.ewlan.es        domctr
> fe80::5054:ff:fe13:29e6        domctr.ewlan.es        domctr
> 
> ---- dnsmasq.conf (Docker container)
> ------------------------------------------
> 
> # Don't use and don't poll /etc/resolv.conf or other resolv files for
> changes.
> no-resolv
> no-poll
> 
> # Name servers to use
> server=62.14.2.1
> server=62.14.63.145
> 
> # Set the dnsmasq domain
> domain=ewlan.es
> 
> # Local domains. Queries in these domains are answered from /etc/hosts
> or DHCP
> # only
> local=/ewlan.es/
> 
> # Only listen for DHCP and DNS requests on the following interfaces
> interface=eth0
> 
> # Define the DHCP range with the following format:
> # <start IP address>,<end IP address>,[lease time]
> dhcp-range=192.168.1.200,192.168.1.250,12h
> dhcp-range=::fe13:1,::fe13:ffff,constructor:eth0,ra-names,slaac,12h
> 
> # Enable dnsmasq's IPv6 Router Advertisement feature.
> enable-ra
> 
> # Mark created RA with high priority and specify 0 for router lifetime
> # to specify the Dnsmasq address should not be used as a gateway
> ra-param=eth0,high,0,0
> 
> # Set the gateway
> dhcp-option=option:router,192.168.1.1
> 
> # Set the ntp server
> dhcp-option=option:ntp-server,192.168.1.4
> # Use 'ip address' command to determine the IPv6 address of the interface.
> dhcp-option=option6:dns-server,[fe80::5054:ff:fe13:29e6]
> dhcp-option=option6:ntp-server,[fe80::5054:ff:fe13:29e6]
> 
> # Increase the cache size
> cache-size=1500
> 
> ---- Logs
> ---------------------------------------------------------------------
> 
> dnsmasq    | dnsmasq[9]: started, version 2.80 cachesize 1500
> dnsmasq    | dnsmasq[9]: compile time options: IPv6 GNU-getopt DBus i18n
> IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect
> inotify dumpfile
> dnsmasq    | dnsmasq-dhcp[9]: DHCP, IP range 192.168.1.200 --
> 192.168.1.250, lease time 12h
> dnsmasq    | dnsmasq-dhcp[9]: DHCPv6, IP range ::254.19.0.1 --
> ::254.19.255.255, lease time 12h, template for eth0
> dnsmasq    | dnsmasq-dhcp[9]: DHCPv4-derived IPv6 names on eth0
> dnsmasq    | dnsmasq-dhcp[9]: router advertisement on eth0
> dnsmasq    | dnsmasq-dhcp[9]: IPv6 router advertisement enabled
> dnsmasq    | dnsmasq[9]: using local addresses only for domain ewlan.es
> dnsmasq    | dnsmasq[9]: using nameserver 62.14.63.145#53
> dnsmasq    | dnsmasq[9]: using nameserver 62.14.2.1#53
> dnsmasq    | dnsmasq[9]: read /etc/hosts - 4 addresses
> dnsmasq    | dnsmasq-dhcp[9]: DHCPRELEASE(eth0) 192.168.1.209
> 52:54:00:1a:99:1b
> dnsmasq    | dnsmasq-dhcp[9]: RTR-SOLICIT(eth0) 52:54:00:1a:99:1b
> dnsmasq    | dnsmasq-dhcp[9]: DHCPDISCOVER(eth0) 192.168.1.209
> 52:54:00:1a:99:1b
> dnsmasq    | dnsmasq-dhcp[9]: DHCPOFFER(eth0) 192.168.1.209
> 52:54:00:1a:99:1b
> dnsmasq    | dnsmasq-dhcp[9]: DHCPREQUEST(eth0) 192.168.1.209
> 52:54:00:1a:99:1b
> dnsmasq    | dnsmasq-dhcp[9]: DHCPACK(eth0) 192.168.1.209
> 52:54:00:1a:99:1b sabredav
> dnsmasq    | dnsmasq-dhcp[9]: DHCPDISCOVER(eth0) 192.168.1.132
> 52:54:00:76:2a:ec
> dnsmasq    | dnsmasq-dhcp[9]: DHCPOFFER(eth0) 192.168.1.203
> 52:54:00:76:2a:ec
> dnsmasq    | dnsmasq-dhcp[9]: DHCPDISCOVER(eth0) 192.168.1.132
> 52:54:00:76:2a:ec
> dnsmasq    | dnsmasq-dhcp[9]: DHCPOFFER(eth0) 192.168.1.203
> 52:54:00:76:2a:ec
> dnsmasq    | dnsmasq-dhcp[9]: DHCPDISCOVER(eth0) 192.168.1.132
> 52:54:00:76:2a:ec
> dnsmasq    | dnsmasq-dhcp[9]: DHCPOFFER(eth0) 192.168.1.203
> 52:54:00:76:2a:ec
> dnsmasq    | dnsmasq-dhcp[9]: DHCPDISCOVER(eth0) 192.168.1.132
> 52:54:00:76:2a:ec
> dnsmasq    | dnsmasq-dhcp[9]: DHCPOFFER(eth0) 192.168.1.203
> 52:54:00:76:2a:ec
> dnsmasq    | dnsmasq-dhcp[9]: DHCPDISCOVER(eth0) 192.168.1.132
> 52:54:00:76:2a:ec
> dnsmasq    | dnsmasq-dhcp[9]: DHCPOFFER(eth0) 192.168.1.203
> 52:54:00:76:2a:ec
> dnsmasq    | dnsmasq-dhcp[9]: DHCPDISCOVER(eth0) 192.168.1.132
> 52:54:00:76:2a:ec
> dnsmasq    | dnsmasq-dhcp[9]: DHCPOFFER(eth0) 192.168.1.203
> 52:54:00:76:2a:ec
> dnsmasq    | dnsmasq-dhcp[9]: DHCPDISCOVER(eth0) 192.168.1.132
> 52:54:00:76:2a:ec
> dnsmasq    | dnsmasq-dhcp[9]: DHCPOFFER(eth0) 192.168.1.203
> 52:54:00:76:2a:ec
> dnsmasq    | dnsmasq-dhcp[9]: DHCPDISCOVER(eth0) 192.168.1.132
> 52:54:00:76:2a:ec
> dnsmasq    | dnsmasq-dhcp[9]: DHCPOFFER(eth0) 192.168.1.203
> 52:54:00:76:2a:ec
> ...
> 
> 
> 
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss




More information about the Dnsmasq-discuss mailing list