Discussion:
[Dnsmasq-discuss] IPv6: Router with RA + static DHCPv6 from dnsmasq on separate host
M. Buecher
2017-08-18 13:38:56 UTC
Permalink
Hello dnsmasq fellows,
Hello Simon,

I want to assign additional static DHCPv6 global unicast addresses (GUA)
to some machines (mainly servers).
Yet I have failed to do so with dnsmasq.

The GUA prefix [1] is advertised by my router "AVM FRITZ!Box 7490" [3].
Its Router Advertisement (RA) has M-, O- and A-flag set. Priority is
middle.
And it is the standard gateway for Internet connections.

dnsmasq 2.76 is running on a Raspberry with Raspbian 8 "Jessie" [4].
It is the only DNSv4/v6 server in the LAN and serves the local domain.
All other requests are forwarded by dnsmasq via IPv4 to the DNS relay of
the router, this way those requests are resolved by the ISP's DNS
servers.
It also advertises the Unique Local Addresses (ULA) [2] for the LAN via
RA and assigns addresses via DHCPv6 only.
The host with dnsmasq (Raspberry) has a GUA via SLAAC by the router's
RA.

Test machine is Windows 10 with latest updates.
It got its ULA via DHCPv6 from dnsmasq and has a GUA via SLAAC by the
router's RA.
Additionally a second GUA is present due to Windows' IPv6 privacy
extensions for outgoing connections.
*But* it doesn't have it's static GUA from dnsmasq!

Am I missing something in my dnsmasq configuration (see below)?
Or do I have to configure the clients in another way?
Any other enhancements for my configuration?


By the way:
Does dnsmasq also send a RA for the second/GUA dhcp range? How can I
avoid this?
I would prefer to handle RA settings per dhcp-range via tags.


Configuration:
1. File /etc/default/dnsmasq (Debian specific)
#DOMAIN_SUFFIX=`dnsdomainname`
#DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt"
ENABLED=1
CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new
IGNORE_RESOLVCONF=yes

2. dnsmasq configuration
# IPv4 options: router, dns, ntp
dhcp-option=tag:lan4,3,10.0.0.254
dhcp-option=tag:lan4,6,0.0.0.0
dhcp-option=tag:lan4,42,10.0.0.254

# IPv6 options: dns, domain
dhcp-option=option6:dns-server,[fd00::]
dhcp-option=tag:ula6,option6:domain-search,local.domain

dhcp-authoritative
domain-needed
strict-order
no-resolv
localise-queries
bogus-priv
expand-hosts
local-service
domain=local.domain
local=/local.domain/
addn-hosts=/etc/hosts.static
addn-hosts=/etc/hosts.block
stop-dns-rebind
rebind-localhost-ok
dhcp-broadcast=tag:needs-broadcast

server=10.0.0.254

### IPv4 range
dhcp-range=set:lan4,10.0.0.100,10.0.0.199,255.255.255.0,12h

### IPv6 ranges
dhcp-range=set:ula6,fd7a:d:e:f::1:0,fd7a:d:e:f::1:ffff,64,12h
dhcp-range=set:gua6,2003:a:b:c00::1:0,2003:a:b:c00::1:ffff,static,64,12h
enable-ra

dhcp-host=00:50:56:39:1d:3e,10.0.0.50,[::32],test-machine


Kind regards
Maddes


[1] Telekom native IPv6 Internet connection
IPv6 prefix: 2003:a:b:c00::/56 (c|00 = 256 subnets possible)
IPv6 adresses: 2003:a:x:y:1:2:3:4 (External IPv6 address from ISP
subnet)

[2] Unique Local Addresses
ULA: fd7a:d:e:f::/64

[3] Router AVM FRITZ!Box 7490
FRITZ!OS: 06.83 (German)
DHCPv6 for LAN: Off
Standard-Gateway for Internet: On
DNS via RA: Off (RFC 5006)
RA: Enabled with M and O flag, SLAAC allowed (=A flag); DNS not
advertised
https://en.avm.de/service/fritzbox/fritzbox-7490/overview/
https://en.avm.de/products/fritzbox/fritzbox-7490/

[4] Raspberry Pi 2
OS: Raspbian, Derivative of Debian 8 "Jessie", build from Raspberry Pi
Foundation
https://www.raspberrypi.org/products/raspberry-pi-2-model-b/
https://www.raspberrypi.org/downloads/raspbian/
https://www.raspbian.org/
David Kerr
2017-08-18 18:54:17 UTC
Permalink
Maddes,
This looks very similar to a question I asked a few days ago...
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q3/011677.html

dnsmasq DHCPv6 server only seems to be issuing leases on the ULA prefix and
not on the GUA prefix when both types of addresses are configured on an
interface. If I remove the ULA from the network interface then leases are
issued from the GUA range.

I am awaiting a reply to my question.

David
Post by M. Buecher
Hello dnsmasq fellows,
Hello Simon,
I want to assign additional static DHCPv6 global unicast addresses (GUA)
to some machines (mainly servers).
Yet I have failed to do so with dnsmasq.
The GUA prefix [1] is advertised by my router "AVM FRITZ!Box 7490" [3].
Its Router Advertisement (RA) has M-, O- and A-flag set. Priority is
middle.
And it is the standard gateway for Internet connections.
dnsmasq 2.76 is running on a Raspberry with Raspbian 8 "Jessie" [4].
It is the only DNSv4/v6 server in the LAN and serves the local domain.
All other requests are forwarded by dnsmasq via IPv4 to the DNS relay of
the router, this way those requests are resolved by the ISP's DNS servers.
It also advertises the Unique Local Addresses (ULA) [2] for the LAN via RA
and assigns addresses via DHCPv6 only.
The host with dnsmasq (Raspberry) has a GUA via SLAAC by the router's RA.
Test machine is Windows 10 with latest updates.
It got its ULA via DHCPv6 from dnsmasq and has a GUA via SLAAC by the
router's RA.
Additionally a second GUA is present due to Windows' IPv6 privacy
extensions for outgoing connections.
*But* it doesn't have it's static GUA from dnsmasq!
Am I missing something in my dnsmasq configuration (see below)?
Or do I have to configure the clients in another way?
Any other enhancements for my configuration?
Does dnsmasq also send a RA for the second/GUA dhcp range? How can I avoid
this?
I would prefer to handle RA settings per dhcp-range via tags.
1. File /etc/default/dnsmasq (Debian specific)
#DOMAIN_SUFFIX=`dnsdomainname`
#DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt"
ENABLED=1
CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new
IGNORE_RESOLVCONF=yes
2. dnsmasq configuration
# IPv4 options: router, dns, ntp
dhcp-option=tag:lan4,3,10.0.0.254
dhcp-option=tag:lan4,6,0.0.0.0
dhcp-option=tag:lan4,42,10.0.0.254
# IPv6 options: dns, domain
dhcp-option=option6:dns-server,[fd00::]
dhcp-option=tag:ula6,option6:domain-search,local.domain
dhcp-authoritative
domain-needed
strict-order
no-resolv
localise-queries
bogus-priv
expand-hosts
local-service
domain=local.domain
local=/local.domain/
addn-hosts=/etc/hosts.static
addn-hosts=/etc/hosts.block
stop-dns-rebind
rebind-localhost-ok
dhcp-broadcast=tag:needs-broadcast
server=10.0.0.254
### IPv4 range
dhcp-range=set:lan4,10.0.0.100,10.0.0.199,255.255.255.0,12h
### IPv6 ranges
dhcp-range=set:ula6,fd7a:d:e:f::1:0,fd7a:d:e:f::1:ffff,64,12h
dhcp-range=set:gua6,2003:a:b:c00::1:0,2003:a:b:c00::1:ffff,static,64,12h
enable-ra
dhcp-host=00:50:56:39:1d:3e,10.0.0.50,[::32],test-machine
Kind regards
Maddes
[1] Telekom native IPv6 Internet connection
IPv6 prefix: 2003:a:b:c00::/56 (c|00 = 256 subnets possible)
IPv6 adresses: 2003:a:x:y:1:2:3:4 (External IPv6 address from ISP subnet)
[2] Unique Local Addresses
ULA: fd7a:d:e:f::/64
[3] Router AVM FRITZ!Box 7490
FRITZ!OS: 06.83 (German)
DHCPv6 for LAN: Off
Standard-Gateway for Internet: On
DNS via RA: Off (RFC 5006)
RA: Enabled with M and O flag, SLAAC allowed (=A flag); DNS not advertised
https://en.avm.de/service/fritzbox/fritzbox-7490/overview/
https://en.avm.de/products/fritzbox/fritzbox-7490/
[4] Raspberry Pi 2
OS: Raspbian, Derivative of Debian 8 "Jessie", build from Raspberry Pi
Foundation
https://www.raspberrypi.org/products/raspberry-pi-2-model-b/
https://www.raspberrypi.org/downloads/raspbian/
https://www.raspbian.org/
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Kevin Darbyshire-Bryant
2017-08-19 08:26:10 UTC
Permalink
Post by David Kerr
Maddes,
This looks very similar to a question I asked a few days ago...
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q3/011677.html
<http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q3/011677.html>
dnsmasq DHCPv6 server only seems to be issuing leases on the ULA prefix
and not on the GUA prefix when both types of addresses are configured on
an interface. If I remove the ULA from the network interface then
leases are issued from the GUA range.
I am awaiting a reply to my question.
It might be worth adding 'log-dhcp' to your dnsmasq config files and get
a bit more info as to what options dnsmasq is replying with on dhcpv6
requests...if it's replying!

Also, a packet capture on the client machine/s provides the ultimate
source of info on what is actually received. Many times I've used
'wireshark' and gone 'ohhhhh! - ooops!"

Cheers,

Kevin
M. Buecher
2017-08-20 12:06:28 UTC
Permalink
Post by M. Buecher
Hello dnsmasq fellows,
Hello Simon,
I want to assign additional static DHCPv6 global unicast addresses
(GUA) to some machines (mainly servers).
Yet I have failed to do so with dnsmasq.
Got it working. Indeed it was working.
Post by M. Buecher
The GUA prefix [1] is advertised by my router "AVM FRITZ!Box 7490" [3].
Its Router Advertisement (RA) has M-, O- and A-flag set. Priority is
middle.
And it is the standard gateway for Internet connections.
dnsmasq 2.76 is running on a Raspberry with Raspbian 8 "Jessie" [4].
It is the only DNSv4/v6 server in the LAN and serves the local domain.
All other requests are forwarded by dnsmasq via IPv4 to the DNS relay
of the router, this way those requests are resolved by the ISP's DNS
servers.
It also advertises the Unique Local Addresses (ULA) [2] for the LAN via
RA and assigns addresses via DHCPv6 only.
The host with dnsmasq (Raspberry) has a GUA via SLAAC by the router's
RA.
Test machine is Windows 10 with latest updates.
It got its ULA via DHCPv6 from dnsmasq and has a GUA via SLAAC by the
router's RA.
Additionally a second GUA is present due to Windows' IPv6 privacy
extensions for outgoing connections.
*But* it doesn't have it's static GUA from dnsmasq!
Am I missing something in my dnsmasq configuration (see below)?
Or do I have to configure the clients in another way?
Any other enhancements for my configuration?
If you run "ipconfig /renew6 <interface>" on Windows (here 10), then
Windows only requests the existing IPv6 addresses to be renewed.
To also get new addresses for the Windows you have to release all IPv6
addresses before with "ipconfig /release6 <interface>".

So on Windows always do the following for testing in an admin/elevated
command prompt or Powershell:
ipconfig /release [Name Pattern]
ipconfig /renew [Name Pattern]

If this doesn't help, then deactivate and re-activate the interface via
netsh to start afresh:
netsh interface set interface <Name> admin=disabled
netsh interface set interface <Name> admin=enabled
Post by M. Buecher
Does dnsmasq also send a RA for the second/GUA dhcp range? How can I
avoid this?
I would prefer to handle RA settings per dhcp-range via tags.
Yes, sends RA for each IPv6 DHCP range it manages. Couldn't find an
option to disable or enable it for a specific dhcp range.
Additionally if a dhcp range is defined multiple times, it also sends
the RA multiple times.
Will create to feature requests for these issues in separate posts.
Post by M. Buecher
1. File /etc/default/dnsmasq (Debian specific)
#DOMAIN_SUFFIX=`dnsdomainname`
#DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt"
ENABLED=1
CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new
IGNORE_RESOLVCONF=yes
2. dnsmasq configuration
# IPv4 options: router, dns, ntp
dhcp-option=tag:lan4,3,10.0.0.254
dhcp-option=tag:lan4,6,0.0.0.0
dhcp-option=tag:lan4,42,10.0.0.254
# IPv6 options: dns, domain
dhcp-option=option6:dns-server,[fd00::]
dhcp-option=tag:ula6,option6:domain-search,local.domain
dhcp-authoritative
domain-needed
strict-order
no-resolv
localise-queries
bogus-priv
expand-hosts
local-service
domain=local.domain
local=/local.domain/
addn-hosts=/etc/hosts.static
addn-hosts=/etc/hosts.block
stop-dns-rebind
rebind-localhost-ok
dhcp-broadcast=tag:needs-broadcast
server=10.0.0.254
### IPv4 range
dhcp-range=set:lan4,10.0.0.100,10.0.0.199,255.255.255.0,12h
### IPv6 ranges
dhcp-range=set:ula6,fd7a:d:e:f::1:0,fd7a:d:e:f::1:ffff,64,12h
dhcp-range=set:gua6,2003:a:b:c00::1:0,2003:a:b:c00::1:ffff,static,64,12h
enable-ra
dhcp-host=00:50:56:39:1d:3e,10.0.0.50,[::32],test-machine
Kind regards
Maddes
[1] Telekom native IPv6 Internet connection
IPv6 prefix: 2003:a:b:c00::/56 (c|00 = 256 subnets possible)
IPv6 adresses: 2003:a:x:y:1:2:3:4 (External IPv6 address from ISP
subnet)
[2] Unique Local Addresses
ULA: fd7a:d:e:f::/64
[3] Router AVM FRITZ!Box 7490
FRITZ!OS: 06.83 (German)
DHCPv6 for LAN: Off
Standard-Gateway for Internet: On
DNS via RA: Off (RFC 5006)
RA: Enabled with M and O flag, SLAAC allowed (=A flag); DNS not
advertised
https://en.avm.de/service/fritzbox/fritzbox-7490/overview/
https://en.avm.de/products/fritzbox/fritzbox-7490/
[4] Raspberry Pi 2
OS: Raspbian, Derivative of Debian 8 "Jessie", build from Raspberry Pi
Foundation
https://www.raspberrypi.org/products/raspberry-pi-2-model-b/
https://www.raspberrypi.org/downloads/raspbian/
https://www.raspbian.org/
M. Buecher
2017-08-20 13:33:35 UTC
Permalink
dnsmasq 2.76 (Debian 8 "Jessie" package) doesn't recognize if a prefix
has already been specified explicitly and handles it multiple times.
I don't know if this behaviour is useful in other situations, then this
would be a feature request for a new option of the dhcp-range
constructor method to ignore already defined dhcp ranges (either
explicitly or via tagging).
In my case this is unwanted due to different modes (dynamic+static
leases for ULA vs. static leases only for GUA and other subnets).


Easiest way to reproduce is to assign an ULA and GUA on the NIC (here
eth0).
Explicitly specify the ULA DHCPv6 range in dnsmasq and then use the
"constructor" method on the NIC (here eth0).

Example config:
## Unique Local Addresses (ULA) with dynamic+static DHCPv6, no SLAAC
(="no mode" specified)
dhcp-range=set:ula6,fd7a:d:e:f::1:0,fd7a:d:e:f::1:ffff,64,12h
## sent Router Advertisments (with M[anaged] flag) so that all clients
create routing information for the ULA; necessary for Windows, most
Linux clients will automatically create the route via DHCPv6
enable-ra

## Global Unicast Addresses (GUA) and other subnets only with static
DHCPv6, no SLAAC
dhcp-range=set:gua6,::1:0,::1:ffff,constructor:eth0,static,64,12h

Results:
Aug 20 14:02:36 dnsmasq-dhcp[22348]: DHCPv6, static leases only on
::0.1.255.255, lease time 12h, template for eth0
Aug 20 14:02:36 dnsmasq-dhcp[22348]: router advertisement on eth0
Aug 20 14:02:36 dnsmasq-dhcp[22348]: DHCPv6, IP range fd7a:d:e:f::1:0 --
fd7a:d:e:f::1:ffff, lease time 12h
Aug 20 14:02:36 dnsmasq-dhcp[22348]: router advertisement on
fd7a:d:e:f::
Aug 20 14:02:36 dnsmasq-dhcp[22348]: DHCPv6, static leases only on
2003:a:b:c::1:ffff, lease time 12h, constructed for eth0
Aug 20 14:02:36 dnsmasq-dhcp[22348]: router advertisement on
2003:a:b:c::, constructed for eth0
Aug 20 14:02:36 dnsmasq-dhcp[22348]: DHCPv6, static leases only on
fd7a:d:e:f::1:ffff, lease time 12h, constructed for eth0
Aug 20 14:02:36 dnsmasq-dhcp[22348]: router advertisement on
fd7a:d:e:f::, constructed for eth0
Aug 20 14:02:36 dnsmasq-dhcp[22348]: RTR-ADVERT(eth0) 2003:a:b:c::
Aug 20 14:02:36 dnsmasq-dhcp[22348]: RTR-ADVERT(eth0) fd7a:d:e:f::
Aug 20 14:02:36 dnsmasq-dhcp[22348]: IPv6 router advertisement enabled


Kind regards
Matthias Bücher
Post by M. Buecher
Post by M. Buecher
Hello dnsmasq fellows,
Hello Simon,
I want to assign additional static DHCPv6 global unicast addresses
(GUA) to some machines (mainly servers).
Yet I have failed to do so with dnsmasq.
Got it working. Indeed it was working.
Post by M. Buecher
The GUA prefix [1] is advertised by my router "AVM FRITZ!Box 7490" [3].
Its Router Advertisement (RA) has M-, O- and A-flag set. Priority is
middle.
And it is the standard gateway for Internet connections.
dnsmasq 2.76 is running on a Raspberry with Raspbian 8 "Jessie" [4].
It is the only DNSv4/v6 server in the LAN and serves the local domain.
All other requests are forwarded by dnsmasq via IPv4 to the DNS relay
of the router, this way those requests are resolved by the ISP's DNS
servers.
It also advertises the Unique Local Addresses (ULA) [2] for the LAN
via RA and assigns addresses via DHCPv6 only.
The host with dnsmasq (Raspberry) has a GUA via SLAAC by the router's
RA.
Test machine is Windows 10 with latest updates.
It got its ULA via DHCPv6 from dnsmasq and has a GUA via SLAAC by the
router's RA.
Additionally a second GUA is present due to Windows' IPv6 privacy
extensions for outgoing connections.
*But* it doesn't have it's static GUA from dnsmasq!
Am I missing something in my dnsmasq configuration (see below)?
Or do I have to configure the clients in another way?
Any other enhancements for my configuration?
If you run "ipconfig /renew6 <interface>" on Windows (here 10), then
Windows only requests the existing IPv6 addresses to be renewed.
To also get new addresses for the Windows you have to release all IPv6
addresses before with "ipconfig /release6 <interface>".
So on Windows always do the following for testing in an admin/elevated
ipconfig /release [Name Pattern]
ipconfig /renew [Name Pattern]
If this doesn't help, then deactivate and re-activate the interface via
netsh interface set interface <Name> admin=disabled
netsh interface set interface <Name> admin=enabled
Post by M. Buecher
Does dnsmasq also send a RA for the second/GUA dhcp range? How can I
avoid this?
I would prefer to handle RA settings per dhcp-range via tags.
Yes, sends RA for each IPv6 DHCP range it manages. Couldn't find an
option to disable or enable it for a specific dhcp range.
Additionally if a dhcp range is defined multiple times, it also sends
the RA multiple times.
Will create to feature requests for these issues in separate posts.
Post by M. Buecher
1. File /etc/default/dnsmasq (Debian specific)
#DOMAIN_SUFFIX=`dnsdomainname`
#DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt"
ENABLED=1
CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new
IGNORE_RESOLVCONF=yes
2. dnsmasq configuration
# IPv4 options: router, dns, ntp
dhcp-option=tag:lan4,3,10.0.0.254
dhcp-option=tag:lan4,6,0.0.0.0
dhcp-option=tag:lan4,42,10.0.0.254
# IPv6 options: dns, domain
dhcp-option=option6:dns-server,[fd00::]
dhcp-option=tag:ula6,option6:domain-search,local.domain
dhcp-authoritative
domain-needed
strict-order
no-resolv
localise-queries
bogus-priv
expand-hosts
local-service
domain=local.domain
local=/local.domain/
addn-hosts=/etc/hosts.static
addn-hosts=/etc/hosts.block
stop-dns-rebind
rebind-localhost-ok
dhcp-broadcast=tag:needs-broadcast
server=10.0.0.254
### IPv4 range
dhcp-range=set:lan4,10.0.0.100,10.0.0.199,255.255.255.0,12h
### IPv6 ranges
dhcp-range=set:ula6,fd7a:d:e:f::1:0,fd7a:d:e:f::1:ffff,64,12h
dhcp-range=set:gua6,2003:a:b:c00::1:0,2003:a:b:c00::1:ffff,static,64,12h
enable-ra
dhcp-host=00:50:56:39:1d:3e,10.0.0.50,[::32],test-machine
Kind regards
Maddes
[1] Telekom native IPv6 Internet connection
IPv6 prefix: 2003:a:b:c00::/56 (c|00 = 256 subnets possible)
IPv6 adresses: 2003:a:x:y:1:2:3:4 (External IPv6 address from ISP
subnet)
[2] Unique Local Addresses
ULA: fd7a:d:e:f::/64
[3] Router AVM FRITZ!Box 7490
FRITZ!OS: 06.83 (German)
DHCPv6 for LAN: Off
Standard-Gateway for Internet: On
DNS via RA: Off (RFC 5006)
RA: Enabled with M and O flag, SLAAC allowed (=A flag); DNS not
advertised
https://en.avm.de/service/fritzbox/fritzbox-7490/overview/
https://en.avm.de/products/fritzbox/fritzbox-7490/
[4] Raspberry Pi 2
OS: Raspbian, Derivative of Debian 8 "Jessie", build from Raspberry Pi
Foundation
https://www.raspberrypi.org/products/raspberry-pi-2-model-b/
https://www.raspberrypi.org/downloads/raspbian/
https://www.raspbian.org/
M. Buecher
2017-08-20 13:36:31 UTC
Permalink
Post by M. Buecher
Post by M. Buecher
Hello dnsmasq fellows,
Hello Simon,
I want to assign additional static DHCPv6 global unicast addresses
(GUA) to some machines (mainly servers).
Yet I have failed to do so with dnsmasq.
Got it working. Indeed it was working.
Post by M. Buecher
The GUA prefix [1] is advertised by my router "AVM FRITZ!Box 7490" [3].
Its Router Advertisement (RA) has M-, O- and A-flag set. Priority is
middle.
And it is the standard gateway for Internet connections.
dnsmasq 2.76 is running on a Raspberry with Raspbian 8 "Jessie" [4].
It is the only DNSv4/v6 server in the LAN and serves the local domain.
All other requests are forwarded by dnsmasq via IPv4 to the DNS relay
of the router, this way those requests are resolved by the ISP's DNS
servers.
It also advertises the Unique Local Addresses (ULA) [2] for the LAN
via RA and assigns addresses via DHCPv6 only.
The host with dnsmasq (Raspberry) has a GUA via SLAAC by the router's
RA.
Test machine is Windows 10 with latest updates.
It got its ULA via DHCPv6 from dnsmasq and has a GUA via SLAAC by the
router's RA.
Additionally a second GUA is present due to Windows' IPv6 privacy
extensions for outgoing connections.
*But* it doesn't have it's static GUA from dnsmasq!
Am I missing something in my dnsmasq configuration (see below)?
Or do I have to configure the clients in another way?
Any other enhancements for my configuration?
If you run "ipconfig /renew6 <interface>" on Windows (here 10), then
Windows only requests the existing IPv6 addresses to be renewed.
To also get new addresses for the Windows you have to release all IPv6
addresses before with "ipconfig /release6 <interface>".
So on Windows always do the following for testing in an admin/elevated
ipconfig /release [Name Pattern]
ipconfig /renew [Name Pattern]
Sorry, had copied the IPv4 instrcutions to the mail.
Of course it should be:

ipconfig /release6 [Name Pattern]
ipconfig /renew6 [Name Pattern]
Post by M. Buecher
If this doesn't help, then deactivate and re-activate the interface via
netsh interface set interface <Name> admin=disabled
netsh interface set interface <Name> admin=enabled
Post by M. Buecher
Does dnsmasq also send a RA for the second/GUA dhcp range? How can I
avoid this?
I would prefer to handle RA settings per dhcp-range via tags.
Yes, sends RA for each IPv6 DHCP range it manages. Couldn't find an
option to disable or enable it for a specific dhcp range.
Additionally if a dhcp range is defined multiple times, it also sends
the RA multiple times.
Will create to feature requests for these issues in separate posts.
Post by M. Buecher
1. File /etc/default/dnsmasq (Debian specific)
#DOMAIN_SUFFIX=`dnsdomainname`
#DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt"
ENABLED=1
CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new
IGNORE_RESOLVCONF=yes
2. dnsmasq configuration
# IPv4 options: router, dns, ntp
dhcp-option=tag:lan4,3,10.0.0.254
dhcp-option=tag:lan4,6,0.0.0.0
dhcp-option=tag:lan4,42,10.0.0.254
# IPv6 options: dns, domain
dhcp-option=option6:dns-server,[fd00::]
dhcp-option=tag:ula6,option6:domain-search,local.domain
dhcp-authoritative
domain-needed
strict-order
no-resolv
localise-queries
bogus-priv
expand-hosts
local-service
domain=local.domain
local=/local.domain/
addn-hosts=/etc/hosts.static
addn-hosts=/etc/hosts.block
stop-dns-rebind
rebind-localhost-ok
dhcp-broadcast=tag:needs-broadcast
server=10.0.0.254
### IPv4 range
dhcp-range=set:lan4,10.0.0.100,10.0.0.199,255.255.255.0,12h
### IPv6 ranges
dhcp-range=set:ula6,fd7a:d:e:f::1:0,fd7a:d:e:f::1:ffff,64,12h
dhcp-range=set:gua6,2003:a:b:c00::1:0,2003:a:b:c00::1:ffff,static,64,12h
enable-ra
dhcp-host=00:50:56:39:1d:3e,10.0.0.50,[::32],test-machine
Kind regards
Maddes
[1] Telekom native IPv6 Internet connection
IPv6 prefix: 2003:a:b:c00::/56 (c|00 = 256 subnets possible)
IPv6 adresses: 2003:a:x:y:1:2:3:4 (External IPv6 address from ISP
subnet)
[2] Unique Local Addresses
ULA: fd7a:d:e:f::/64
[3] Router AVM FRITZ!Box 7490
FRITZ!OS: 06.83 (German)
DHCPv6 for LAN: Off
Standard-Gateway for Internet: On
DNS via RA: Off (RFC 5006)
RA: Enabled with M and O flag, SLAAC allowed (=A flag); DNS not
advertised
https://en.avm.de/service/fritzbox/fritzbox-7490/overview/
https://en.avm.de/products/fritzbox/fritzbox-7490/
[4] Raspberry Pi 2
OS: Raspbian, Derivative of Debian 8 "Jessie", build from Raspberry Pi
Foundation
https://www.raspberrypi.org/products/raspberry-pi-2-model-b/
https://www.raspberrypi.org/downloads/raspbian/
https://www.raspbian.org/
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
M. Buecher
2017-08-20 13:49:53 UTC
Permalink
dnsmasq 2.76 (Debian 8 "Jessie" package) enables RA for all dhcp-ranges,
even if a subnet that dnsmasq got from the dhcp-range constructor method
is handled by a different router.
This creates multiple RAs for the same subnet, which may cause routing
issues.
Current workaround is to set the router's priority to high, so that its
RA superseeds then one of dnsmasq.

Therefore this feature request for an option to enable/disable RA per
dhcp-range configuration (either explicitly or via tagging).
Additionally it would be great to specify the RA options per dhcp-range
configuration too.


Easiest way to reproduce is to assign an ULA and a GUA from your other
router via RA on the NIC (here eth0).
Then use the "constructor" on your NIC.

Example config:
## Unique Local Addresses (ULA) with dynamic+static DHCPv6, no SLAAC
(="no mode" specified)
dhcp-range=set:ula6,fd7a:d:e:f::1:0,fd7a:d:e:f::1:ffff,64,12h
## sent Router Advertisments (with M[anaged] flag) so that all clients
create routing information for the ULA; necessary for Windows, most
Linux clients will automatically create the route via DHCPv6
enable-ra

## Global Unicast Addresses (GUA) and other subnets only with static
DHCPv6, no SLAAC
dhcp-range=set:gua6,::1:0,::1:ffff,constructor:eth0,static,64,12h

Results:
Aug 20 14:02:36 dnsmasq-dhcp[22348]: DHCPv6, static leases only on
::0.1.255.255, lease time 12h, template for eth0
Aug 20 14:02:36 dnsmasq-dhcp[22348]: router advertisement on eth0
Aug 20 14:02:36 dnsmasq-dhcp[22348]: DHCPv6, IP range fd7a:d:e:f::1:0 --
fd7a:d:e:f::1:ffff, lease time 12h
Aug 20 14:02:36 dnsmasq-dhcp[22348]: router advertisement on
fd7a:d:e:f::
Aug 20 14:02:36 dnsmasq-dhcp[22348]: DHCPv6, static leases only on
2003:a:b:c::1:ffff, lease time 12h, constructed for eth0
Aug 20 14:02:36 dnsmasq-dhcp[22348]: router advertisement on
2003:a:b:c::, constructed for eth0
Aug 20 14:02:36 dnsmasq-dhcp[22348]: DHCPv6, static leases only on
fd7a:d:e:f::1:ffff, lease time 12h, constructed for eth0
Aug 20 14:02:36 dnsmasq-dhcp[22348]: router advertisement on
fd7a:d:e:f::, constructed for eth0
Aug 20 14:02:36 dnsmasq-dhcp[22348]: RTR-ADVERT(eth0) 2003:a:b:c::
Aug 20 14:02:36 dnsmasq-dhcp[22348]: RTR-ADVERT(eth0) fd7a:d:e:f::
Aug 20 14:02:36 dnsmasq-dhcp[22348]: IPv6 router advertisement enabled


Kind regards
Matthias Bücher
Post by M. Buecher
Post by M. Buecher
Hello dnsmasq fellows,
Hello Simon,
I want to assign additional static DHCPv6 global unicast addresses
(GUA) to some machines (mainly servers).
Yet I have failed to do so with dnsmasq.
Got it working. Indeed it was working.
Post by M. Buecher
The GUA prefix [1] is advertised by my router "AVM FRITZ!Box 7490" [3].
Its Router Advertisement (RA) has M-, O- and A-flag set. Priority is
middle.
And it is the standard gateway for Internet connections.
dnsmasq 2.76 is running on a Raspberry with Raspbian 8 "Jessie" [4].
It is the only DNSv4/v6 server in the LAN and serves the local domain.
All other requests are forwarded by dnsmasq via IPv4 to the DNS relay
of the router, this way those requests are resolved by the ISP's DNS
servers.
It also advertises the Unique Local Addresses (ULA) [2] for the LAN
via RA and assigns addresses via DHCPv6 only.
The host with dnsmasq (Raspberry) has a GUA via SLAAC by the router's
RA.
Test machine is Windows 10 with latest updates.
It got its ULA via DHCPv6 from dnsmasq and has a GUA via SLAAC by the
router's RA.
Additionally a second GUA is present due to Windows' IPv6 privacy
extensions for outgoing connections.
*But* it doesn't have it's static GUA from dnsmasq!
Am I missing something in my dnsmasq configuration (see below)?
Or do I have to configure the clients in another way?
Any other enhancements for my configuration?
If you run "ipconfig /renew6 <interface>" on Windows (here 10), then
Windows only requests the existing IPv6 addresses to be renewed.
To also get new addresses for the Windows you have to release all IPv6
addresses before with "ipconfig /release6 <interface>".
So on Windows always do the following for testing in an admin/elevated
ipconfig /release [Name Pattern]
ipconfig /renew [Name Pattern]
If this doesn't help, then deactivate and re-activate the interface via
netsh interface set interface <Name> admin=disabled
netsh interface set interface <Name> admin=enabled
Post by M. Buecher
Does dnsmasq also send a RA for the second/GUA dhcp range? How can I
avoid this?
I would prefer to handle RA settings per dhcp-range via tags.
Yes, sends RA for each IPv6 DHCP range it manages. Couldn't find an
option to disable or enable it for a specific dhcp range.
Additionally if a dhcp range is defined multiple times, it also sends
the RA multiple times.
Will create to feature requests for these issues in separate posts.
Post by M. Buecher
1. File /etc/default/dnsmasq (Debian specific)
#DOMAIN_SUFFIX=`dnsdomainname`
#DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt"
ENABLED=1
CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new
IGNORE_RESOLVCONF=yes
2. dnsmasq configuration
# IPv4 options: router, dns, ntp
dhcp-option=tag:lan4,3,10.0.0.254
dhcp-option=tag:lan4,6,0.0.0.0
dhcp-option=tag:lan4,42,10.0.0.254
# IPv6 options: dns, domain
dhcp-option=option6:dns-server,[fd00::]
dhcp-option=tag:ula6,option6:domain-search,local.domain
dhcp-authoritative
domain-needed
strict-order
no-resolv
localise-queries
bogus-priv
expand-hosts
local-service
domain=local.domain
local=/local.domain/
addn-hosts=/etc/hosts.static
addn-hosts=/etc/hosts.block
stop-dns-rebind
rebind-localhost-ok
dhcp-broadcast=tag:needs-broadcast
server=10.0.0.254
### IPv4 range
dhcp-range=set:lan4,10.0.0.100,10.0.0.199,255.255.255.0,12h
### IPv6 ranges
dhcp-range=set:ula6,fd7a:d:e:f::1:0,fd7a:d:e:f::1:ffff,64,12h
dhcp-range=set:gua6,2003:a:b:c00::1:0,2003:a:b:c00::1:ffff,static,64,12h
enable-ra
dhcp-host=00:50:56:39:1d:3e,10.0.0.50,[::32],test-machine
Kind regards
Maddes
[1] Telekom native IPv6 Internet connection
IPv6 prefix: 2003:a:b:c00::/56 (c|00 = 256 subnets possible)
IPv6 adresses: 2003:a:x:y:1:2:3:4 (External IPv6 address from ISP
subnet)
[2] Unique Local Addresses
ULA: fd7a:d:e:f::/64
[3] Router AVM FRITZ!Box 7490
FRITZ!OS: 06.83 (German)
DHCPv6 for LAN: Off
Standard-Gateway for Internet: On
DNS via RA: Off (RFC 5006)
RA: Enabled with M and O flag, SLAAC allowed (=A flag); DNS not
advertised
https://en.avm.de/service/fritzbox/fritzbox-7490/overview/
https://en.avm.de/products/fritzbox/fritzbox-7490/
[4] Raspberry Pi 2
OS: Raspbian, Derivative of Debian 8 "Jessie", build from Raspberry Pi
Foundation
https://www.raspberrypi.org/products/raspberry-pi-2-model-b/
https://www.raspberrypi.org/downloads/raspbian/
https://www.raspbian.org/
Loading...