Discussion:
[Dnsmasq-discuss] Router Advertisement: Prefix-Specific Options?
Luis Marsano
2018-04-16 13:46:04 UTC
Permalink
Hi,



Apologies if this was answered before.

In router advertisements, is there a way to declare one prefix deprecated without deprecating the others?



Here’s my situation.

I’ve been using the dnsmasq option

dhcp-range=set:lan,::,constructor:br-lan,ra-stateless,ra-names,12h

to announce a dynamic IPv6 prefix delegated from an ISP, and life was beautiful ever since.

However, my ISP doesn’t delegate reverse DNS, so I obtained an additional IPv6 prefix delegated from a tunnel broker.

Since certain online services block connections from the tunnel broker, I’ll need systems to avoid selecting addresses in that prefix as the source address when initiating connections.

According to RFC 6724 <https://tools.ietf.org/html/rfc6724#section-5> , announcing addresses in that prefix as deprecated will cause an appropriate selection.

I don’t see an obvious way to selectively deprecate one prefix and not others in the manual <http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html> .

I’ve tried adding the line

dhcp-range=set:lan,2001:db8::,ra-stateless,ra-names,deprecated

where 2001:db8:: would be the prefix delegated from the tunnel broker.

However,

* the router advertises twice, differently

router advertisement on 2001:db8::

router advertisement on 2001:db8::, constructed for br-lan

* DNS records list addresses from that prefix twice.

$ dig hostname any

;; ANSWER SECTION:

hostname. 0 IN A 192.168.0.39

hostname. 0 IN AAAA fd64:cd08:2045::2

hostname. 0 IN AAAA 2001:db8::2

hostname. 0 IN AAAA 2001:db8::2



Is there a way to control advertisement options on 1 prefix without affecting the others?

Thanks.
Simon Kelley
2018-04-16 22:00:25 UTC
Permalink
Post by Luis Marsano
Hi,
 
Apologies if this was answered before.
In router advertisements, is there a way to declare one prefix
deprecated without deprecating the others?
 
Here’s my situation.
I’ve been using the dnsmasq option
dhcp-range=set:lan,::,constructor:br-lan,ra-stateless,ra-names,12h
to announce a dynamic IPv6 prefix delegated from an ISP, and life was beautiful ever since.
However, my ISP doesn’t delegate reverse DNS, so I obtained an
additional IPv6 prefix delegated from a tunnel broker.
Since certain online services block connections from the tunnel broker,
I’ll need systems to avoid selecting addresses in that prefix as the
source address when initiating connections.
According to RFC 6724 <https://tools.ietf.org/html/rfc6724#section-5>,
announcing addresses in that prefix as deprecated will cause an
appropriate selection.
I don’t see an obvious way to selectively deprecate one prefix and not
others in the manual
<http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html>.
I’ve tried adding the line
dhcp-range=set:lan,2001:db8::,ra-stateless,ra-names,deprecated
where /2001:db8::/ would be the prefix delegated from the tunnel broker.
However,
* the router advertises twice, differently
router advertisement on 2001:db8::, constructed for br-lan
* DNS records list addresses from that prefix twice.
$ dig hostname any
hostname.           0       IN      A       192.168.0.39
hostname.           0       IN      AAAA    fd64:cd08:2045::2
hostname.           0       IN      AAAA    2001:db8::2
hostname.           0       IN      AAAA    2001:db8::2
 
Is there a way to control advertisement options on 1 prefix without affecting the others?
Thanks.
Would this be solved by not constructing a prefix advertisement for
2001:db8:: when it's already explicitly configured?


Cheers,

Simon.
Post by Luis Marsano
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Luis Marsano
1970-01-01 00:00:00 UTC
Permalink
Apologies, there's no way to sue the solution I suggested in current
dnsmasq, it was a possible future enhancement.
Yes, I’d expect that to work, though I’d only know after testing.
Is there a way to do that?
I was using the constructor option to handle dynamic prefixes, which
also need to be advertised.
The option
Post by Luis Marsano
dhcp-range=set:lan,::,constructor:br-lan,ra-stateless,ra-names,12h
advertises dynamic prefixes **and** static prefixes: whatever is bound
to the interface, which seems an all or none proposition to me.
If I could exclude the static prefix from the constructed
advertisements, that would work.
How would you tell which prefixes were static, and which dynamic?
I'd know from having to explicitly setup the static prefixes myself rather than getting them automatically.
IPv6 prefixes from the 6in4 tunnel broker are static: 6in4 is a static mechanism and the tunnel broker gave me static addresses and prefixes to set up.
The other global IPv6 addresses and prefixes are potentially dynamic, and automatically appear by enabling IPv6 on the WAN interface: DHCPv6-PD gets a prefix from my ISP, and the openWRT/LEDE router automatically assigns a subnet from that to its LAN interfaces.
Though I could write out the current prefixes, I have no assurance they'll remain the same later.
If I could simply pass an additional option for the static prefix, that
would also work.
Is there a way to do either?
I’m sorry if I missed it in the manual.
You didn't. I don't think there's any way to do what you want in the
current release of dnsmasq. We have to invent a new function to do it.
With the approach you postulated, I might try something like

dhcp-range=set:lan,::,constructor:br-lan,exclude:2001:db8::,ra-stateless,ra-names,12h
dhcp-range=set:lan,2001:db8::,ra-stateless,ra-names,deprecated

I was imagining an approach like

dhcp-range=set:lan,::,constructor:br-lan,ra-stateless,ra-names,12h
dhcp-range=set:lan,2001:db8::,ra-stateless,ra-names,deprecated

that merges options and overrides according to some precedence like order or specificity.
I'm not sure about the best design for a new feature: according to https://tools.ietf.org/html/rfc4861#section-6.2.3 router advertisements allow each prefix to have its own options, so either design might suffice.
I was also considering an alternative based on the tag system, though I'm not sure it's meant for that.

Your project is great: whatever solution you think is best is probably a good one.
Cheers,
Simon.
Thanks
Thanks,
Luis
*Sent: *Monday, April 16, 2018 6:37 PM
*Subject: *Re: [Dnsmasq-discuss] Router Advertisement: Prefix-Specific
Options?
 
Would this be solved by not constructing a prefix advertisement for
2001:db8:: when it's already explicitly configured?
 
 
Cheers,
 
Simon.
Simon Kelley
2018-06-02 12:35:16 UTC
Permalink
I just committed

http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=c488b68e75ee5304007eef37203c4fc10193d191

which suppresses construction of a dhcp-range if there's an explict
dhcp-range already.

Testing would be very useful.


Cheers,

Simon.
Post by Luis Marsano
Apologies, there's no way to sue the solution I suggested in current
dnsmasq, it was a possible future enhancement.
Yes, I’d expect that to work, though I’d only know after testing.
Is there a way to do that?
I was using the constructor option to handle dynamic prefixes, which
also need to be advertised.
The option
Post by Luis Marsano
dhcp-range=set:lan,::,constructor:br-lan,ra-stateless,ra-names,12h
advertises dynamic prefixes **and** static prefixes: whatever is bound
to the interface, which seems an all or none proposition to me.
If I could exclude the static prefix from the constructed
advertisements, that would work.
How would you tell which prefixes were static, and which dynamic?
I'd know from having to explicitly setup the static prefixes myself rather than getting them automatically.
IPv6 prefixes from the 6in4 tunnel broker are static: 6in4 is a static mechanism and the tunnel broker gave me static addresses and prefixes to set up.
The other global IPv6 addresses and prefixes are potentially dynamic, and automatically appear by enabling IPv6 on the WAN interface: DHCPv6-PD gets a prefix from my ISP, and the openWRT/LEDE router automatically assigns a subnet from that to its LAN interfaces.
Though I could write out the current prefixes, I have no assurance they'll remain the same later.
If I could simply pass an additional option for the static prefix, that
would also work.
Is there a way to do either?
I’m sorry if I missed it in the manual.
You didn't. I don't think there's any way to do what you want in the
current release of dnsmasq. We have to invent a new function to do it.
With the approach you postulated, I might try something like
dhcp-range=set:lan,::,constructor:br-lan,exclude:2001:db8::,ra-stateless,ra-names,12h
dhcp-range=set:lan,2001:db8::,ra-stateless,ra-names,deprecated
I was imagining an approach like
dhcp-range=set:lan,::,constructor:br-lan,ra-stateless,ra-names,12h
dhcp-range=set:lan,2001:db8::,ra-stateless,ra-names,deprecated
that merges options and overrides according to some precedence like order or specificity.
I'm not sure about the best design for a new feature: according to https://tools.ietf.org/html/rfc4861#section-6.2.3 router advertisements allow each prefix to have its own options, so either design might suffice.
I was also considering an alternative based on the tag system, though I'm not sure it's meant for that.
Your project is great: whatever solution you think is best is probably a good one.
Cheers,
Simon.
Thanks
Thanks,
Luis
*Sent: *Monday, April 16, 2018 6:37 PM
*Subject: *Re: [Dnsmasq-discuss] Router Advertisement: Prefix-Specific
Options?
 
Would this be solved by not constructing a prefix advertisement for
2001:db8:: when it's already explicitly configured?
 
 
Cheers,
 
Simon.
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Loading...