[Dnsmasq-discuss] DHCPv6 Not Working on Linux 6.6.13

Simon Kelley simon at thekelleys.org.uk
Sat Mar 2 16:29:13 UTC 2024 


On 28/02/2024 10:29, Robert Sharp wrote:
> I have been using Dnsmasq for many years and I am now trying to include 
> ipv6. Unfortunately, I cannot seem to get DHCPv6 to work, which I 
> believe I need in order to be able to look up hosts using DNS.
> 
> My ISP has allocated me with a /48 prefix and I am using dhcpcd to 
> delegate a /64 prefix to the LAN interface. This all seems to work fine. 
> My dnsmasq.conf settings are:
> 
> ----------------------
> 
> filterwin2k
> domain-needed
> bogus-priv
> 
> #ipv6 stuff
> 
> enable-ra
> dhcp-range=::1,constructor:enp3s0,24h
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

> dhcp-host=fc:aa:14:c8:9c:3e,hadrian,[::5]
> 
> except-interface=ppp0
> except-interface=enp4s0
> interface=enp3s0
> expand-hosts
> bind-interfaces
> domain=osburn-sharp.ath.cx
> local=/osburn-sharp.ath.cx/
> no-resolv
> server=127.0.0.1#553
> address=...
> cname=...
> dhcp-range=192.168.0.64,192.168.0.127,24h
> read-ethers
> bogus-nxdomain=212.82.32.48
> dhcp-option=252,"\n"
> dhcp-option=121,...
> dhcp-option=3,192.168.0.1
> mx-host=...
> 
> ------------------------
> 
> I have included everything but truncated some entries where the info is 
> unlikely to be relevant. Some things are historical and probably could 
> be removed but they are not the issue.
> 
> I have tried various combinations of dhcp-range and dhcp-host and I have 
> tried it without the enable-ra.
> 
> I have a firewall in place that allows ipv6 on 546/7, which is needed 
> anyway for the ISP side to work. I log dropped packets. I do have a rule 
> for accepting broadcast packets for dhcpv4 but I am not sure if it is 
> needed, given that 67/8 are open anyway:
> 
> ---------------------
> 
> -A INPUT -i enp3s0 -p udp -m addrtype --src-type UNSPEC --dst-type 
> BROADCAST --dport 67 -j ACCEPT
> -A In-from-main-lan -i enp3s0 -s 192.168.0.0/24 -p tcp -m multiport 
> --dports 53,67,68,123 -j ACCEPT
> 
> ---------------------
> 
> The dhcpcd on a client logs that it is soliciting a DHCPv6 lease but all 
> I get is either a SLAAC address or just local link if I have disabled 
> slaac. Using tcpdump I can see the dhcpv6 requests on the router's LAN 
> interface but there is no response. There are no dropped packets either. 
> Using lsof I cannot see that dnsmasq is listening on 547 but then I 
> cannot see it listening for DHCPv4 either.
> 
> My instinct suggests a routing problem? I know this can cause packets to 
> simply disappear. The DHCPv6 request appears to be multicast to ff08. 
> The routing table on the router is:
> 
> ---------------------
> 
> 2001:8b0:17a2::/64 dev enp3s0 proto dhcp metric 1002 pref medium
> unreachable 2001:8b0:17a2::/48 dev lo proto dhcp metric 1001 pref medium
> fe80::203:97ff:fe41:c000 dev ppp0 proto kernel metric 256 pref medium
> fe80::b47c:2ce7:fc94:2eb0 dev ppp0 proto kernel metric 256 pref medium
> fe80::/64 dev enp3s0 proto kernel metric 256 pref medium
> fe80::/64 dev enp4s0 proto kernel metric 256 pref medium
> default via fe80::203:97ff:fe41:c000 dev ppp0 proto ra metric 1006 pref 
> medium
> 
> --------------------
> 
> I don't have multicast forwarding enabled but I dont think that is 
> relevant. I am not doing anything explicit with the ipv6 routes - as I 
> understand it, they sort themselves out?
> 
> I would be very grateful if anyone can help. I have been searching 
> google for clues for weeks now to little avail. If you need any more 
> info I can provide it.
> 
> Thanks,
> 
> Robert Sharp
> 
> 
> 


I think you probably need start and end addresses in the dhcp range

dhcp-range=::1,::400,constructor:enp3s0,24h

without a range of addresses, dnsmasq can't lease addresses and will 
only do stateless DHCPv6 and RA.

There's loads more information out there that will help if you set 
--log-dhcp in your dnsmasq config and look in the syslog. That will tell 
you is dnsmasq has managed to construct an actual dhcp range from the 
address on enp3s0 and allow you to see if it's getting SOLICIT packets 
and what it's doing in response.

The output from ip addr show dev enp3s0 would be useful too. Look at the 
address, prefix length and lifetimes.


Simon.
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>

More information about the Dnsmasq-discuss mailing list