Hi Robert,
Best regards,
Maik

Hi,

The problem is with SLAAC addresses: DNSMASQ has no idea in an IPv6-only network about the hostnames (it has not seen any DHCP request containing a host name) nor it knows about the actual IP addresses. In SLAAC mode, dnsmasq only sends RA packets around and the client builds the IP address on its own. But the generated IP address is never reported back, the client just uses it. With the cool dnsmasq workaround called "ra-names", the trick is to use some information from the previous IPv4 DHCP request: dnsmasq learns about the host name and the MAC address of the client! It then builds the SLAAC address on its own and tries by ping if the IP address responds. And if that's the case, it registers a hostname for the SLAAC address. But it needs both the MAC and the hostname! Unfortunately this does not work with Windows, if random identifiers are enabled (which is by default) and if firewall is enabled.

To register hostnames in IPv6-only environments, you need to use stateful DHCPv6 and disable SLAAC. But unfortunately not all clients work with DHCPv6! Some only listen to RAs by default! Currently e.g. Windows uses DHCPv6 if announced by the RA to do so, but Android phones are not able to do this. With SLAAC disabled they won't get an address.

Another approach would be to allow both: SLAAC and stateful DHCPv6. All clients that support DHCPv6 would get 2 addresses (a SLAAC one and stateful one), but the hostname would always point to the stateful one. Problem in DSL environments is the fact that the lease time works against you. The stateful address would be kept assigned until its lease times out and this can be a lot later that the PPP link went down. So it's not recommeneded at all for PPP links with dynamic IPs.

Hope this explanation helps,
Uwe

-----
Uwe Schindler
Achterdiek 19, D-28357 Bremen
http://www.thetaphi.de

Hi Robert,

here's how I set up my LAN with FRITZ!Box and dnsmasq on Raspbian/Debian
9.0 (including reasons and thoughts for my decisions):

If just DNS resolution for clients is wanted, then a FRITZ!Box with
Stateful DHCPv6 enabled is enough, no dnsmasq necessary.
If wanting other records like CNAME, MX, then dnsmasq is needed.
If wanting a different domain other than fritz.box, e.g. for
certificates, then dnsmasq is needed.
Or use dnsmasq just "because I can / want to" :)

If only "LAN addresses" are sufficient, then go with Unique Local
Addresses (ULA).
These are independent of any ISP connection and/or static/dynamic Global
Scope prefixes.
Unregistered ULA is fd00::/8, where one has to choose a random /48
prefix from (here the not-so-random fd12:3456:789A::/48).
The randomness is important when connecting to other ULA subnets, e.g.
via VPN.

If also "WAN addresses" in local DNS are wanted, then more has to be
considered: static/dynamic prefix, settings of FRITZ!Box and dnsmasq
must work together, etc.

Assuming "LAN addresses" in local DNS are sufficient then the following
is necessary:
1. Router Advertisement (RA) with Prefix Information for ULA plus
(M)anaged Address Configuration Flag set
If the advertising node is not really a router, then the default
route for itself must be disabled via its lifetime set to zero.
When advertising multiple prefixes and/or additional routes (e.g. for
VPN) it can be an advantage to use radvd instead of dnsmasq's RA
feature.
2. Stateful DHCPv6 with DNS server
That's dnsmasq :)

Further assumptions for the "LAN addresses" setup:
* Assuming only DHCPv6 addresses for ULA. As temporary addresses for
Site-Local Scope is not really necessary and DHCP addresses carry no
hardware information.
Chosen ULA subnet from above ULA prefix is: fd12:3456:789A:1::/64.
* Guessing SLAAC addresses may not work depending on OS implementation
and node configuration (e.g. Windows, only temporary addresses, etc.).
* dnsmasq server has a static ULA, e.g. via systemd-networkd,
ifupdown/interfaces, dhcpcd, etc.
* dnsmasq server provides complete LAN setup even without FRITZ!Box.

a) Stateful DHCPv6 with DNS server
dnsmasq needs a range for dynamic DHCP, needs to send out his own
address (here ULA chosen) and the local domain name on DHCPv6 requests.
dhcp-range=set:ula1,fd12:3456:789A:1::1,fd12:3456:789A:1::ffff,64,1h
dhcp-option=tag:ula1,option6:dns-server,[fd00::]
dhcp-option=tag:ula1,option6:domain-search,home.example.com

b) Router Advertisement
b.1) via dnsmasq
RA must be enabled in dnsmasq, so that dnsmasq sends RA for all
explicitly specified dhcp-ranges (but not for an catch-all dhcp-range).
If the node is not a router, e.g. to VPN networks, then disable it as
default route via ra-param.
If SLAAC is wanted, then the wanted mode must be set on the related
dhcp-range.
See
https://weirdfellow.wordpress.com/2014/09/05/dhcpv6-and-ra-with-dnsmasq/
enable-ra
## Default interval (1st Zero), Disable Default Route (2nd Zero)
ra-param=*,0,0

b.2) via radvd
interface eth0
{
## Send RA
AdvSendAdvert on;
## Enable (M)anaged Address Configuration Flag
AdvManagedFlag on;
## Enable (O)ther Configuration Flag
AdvOtherConfigFlag on;
## Disable default route over this node by setting lifetime to zero
AdvDefaultLifetime 0;

prefix fd12:3456:789A:1::/64
{
## Enable On-(L)ink Flag
AdvOnLink on;
## Disable (A)utonomous Address-Configuration Flag (SLAAC)
AdvAutonomous off;
};
};

Now there's a working "LAN" based on ULA addresses with dynamic DHCPv6
addresses and fitting dynamic DNS entries.


c) Taking care of the FRITZ!Box plus Dual Stack (yes, IPv4)
c.1) Multiple DNS servers
The FRITZ!Box also advertises the "WAN" prefix, normally from an ISP,
plus itself as DNS server with its IPv4 and IPv6 addresses.
With IPv6 all DNS servers are queried. If running IPv6-only, then
everything should be fine already. Exception: external DNS entries exist
for the local domain.
But with IPv4 just one server is queried and that is randomly chosen.
Note that not every OS/device applies this behaviour. In my network the
Playstation 4 chooses a random DNS server as described in the RFCs.
Therefore for IPv4 (or when external DNS entries exist) all DNS servers
must be identical and return the same result for each and every query.
But this is not the case here with dnsmasq and the FRITZ!Box, as the
FRITZ!Box has no clue about the internal DNS records from dnsmasq.

Workaround:
* Set the FRITZ!Box to not advertise itself as DNS server anymore,
neither via RA, DHCPv6 or DHCPv4.
As of now (FRITZ!OS 6.83)
* Disable DHCPv4 service completely, as only one DHCPv4 per link is
allowed and the dnsmasq server will handle all this.
* Enter the Link-Local Address or Unique Local Address of the dnsmasq
server as DNS server for RAs/DHCPv6.
* Use Stateless/Stateful DHCPv6 or RA for the "WAN" prefix.
Still the FRITZ!Box should advertise itself as the default route
(Standard gateway for Internet Connection).
* Assign a static IPv4 address to the FRITZ!Box and the dnsmasq server.
dnsmasq must also run DHCPv4 for LAN.
dhcp-range=set:net1,192.168.178.100,192.168.178.199,255.255.255.0,1h
dhcp-option=tag:net1,6,0.0.0.0 (dnsmasq as DNS server for IPv4)
dhcp-option=tag:net1,3,192.168.178.1 (IPv4 of FRITZ!Box as Gateway)
* Use an upstream DNS server in dnsmasq for other domains, either static
ones like OpenDNS, Google, etc. or relay via the FRITZ!Box to the ISP
DNS servers.
To relay via the FRITZ!Box use its Link-Local Address (fe80::/10)
and/or static IPv4 address. One of these is sufficient.
server=<internal ip of FRITZ!Box -or- external DNS server>
* Now dnsmasq is the master DNS in the network.

c.2) Problems with "WAN" addresses
The FRITZ!Box can be used to assign semi-static "WAN" addresses (static
interface ID) via DHCPv6 to manage Port Forwarding.
Still you have to go with hardware based EUI-64 interface IDs, because
as soon as the IP address is not reachable the FRITZ!Box regenerates the
address for the node from its hardware address as done by SLAAC.

If this wouldn't be the case you could also assign semi-static "WAN"
addresses via dnsmasq.
Normally this is only needed for servers or nodes that are to be
accessed from outside.
For this set a catch-all dhcp-range in dnsmasq, so that all static
DHCPv6 addresses will be assigned for every advertised subnet including
"WAN" prefixes.
dhcp-range=set:gua99,::,static,1h

Examples for static DHCPv6 addresses
* dhcp-host for dnsmasq
## static address for a server on all subnets via his MAC address
(should be outside *all* dhcp-ranges for dynamic assignment)
dhcp-host=11:22:33:44:55:66,[::ffff:2],my-server
## static address for a special client on ULA only via his MAC address
(should be outside related dhcp-range for dynamic assignment)
dhcp-host=aa:bb:cc:dd:ee:ff,[fd12:3456:789A:1::1:1],headless-client
* Set the FRITZ!Box to advertise the "WAN" prefix with M-Flag and A-Flag
set.
This way the nodes, which are explicitly defined in dnsmasq, get an
additional static interface ID.

Use the MyFRITZ Port Forwarding to have an external DynDNS entry for
each node, e.g. my-server.<hash>.myfritz.net with A and AAAA record.
Note that the AAAA record points directly to the node, while the A
record points to the FRITZ!Box which NATs the connection.
Take care of this in the packet filter rules, e.g. port redirections.

Kind regards
Maddes