Discussion:
[Dnsmasq-discuss] about ipv6 prefix delegation
Lorenzo Milesi
2015-10-14 07:21:41 UTC
Permalink
hi.
In my LAN I've a "split" IPv6 setup, where pfSense is doing RA and Dnsmasq dhcp server (because historically I already had dnsmasq doing ipv4 dhcp...).
This works fine, but when I have a second pfSense in LAN IPv6 clients gets mad and continuously refresh the lease, resulting in unusable ipv6 network.
I asked on pfSense mailing list and they replied me it's because my DHCPv6 server is not sending the delegation prefix. I was looking for such an option either in Dnsmasq or in DHCP options6 but couldn't find it. Can someone give an advice on how to set prefix delegation in dnsmasq?

thanks
--
Lorenzo Milesi - ***@yetopen.it

YetOpen S.r.l. - http://www.yetopen.it/
Carlos Carvalho
2015-10-14 18:59:08 UTC
Permalink
The address range is defined in the dhcp-range declaration. Either you put the
start and end addresses or you use the constructor feature, in which case the
prefix will come from the interface where the request arrived. Note that you
have to configure the ipv6/prefix-length of all the interfaces where dnsmasq
listens.

For static hosts in dhcp-host declarations the address may be whatever you
want, provided it's in the range of any interface (not dhcp-range declaration)
on the machine.
Lorenzo Milesi
2015-10-15 07:18:17 UTC
Permalink
Post by Carlos Carvalho
The address range is defined in the dhcp-range declaration. Either you put the
start and end addresses or you use the constructor feature, in which case the
prefix will come from the interface where the request arrived. Note that you
have to configure the ipv6/prefix-length of all the interfaces where dnsmasq
listens.
This is my dhcp config:

# ipv6
dhcp-range=2001:1410:105:858b::ff00,2001:1410:105:858b::ff50,64,12h
dhcp-option=option6:router,2001:1410:105:858b::1
dhcp-option=option6:dns-server,[::]

the range is defined, the subnet is broadcasted, so what's missing?
thanks
--
Lorenzo Milesi - ***@yetopen.it

YetOpen S.r.l. - http://www.yetopen.it/
Carlos Carvalho
2015-10-15 12:16:21 UTC
Permalink
Post by Lorenzo Milesi
Post by Carlos Carvalho
The address range is defined in the dhcp-range declaration. Either you put the
start and end addresses or you use the constructor feature, in which case the
prefix will come from the interface where the request arrived. Note that you
have to configure the ipv6/prefix-length of all the interfaces where dnsmasq
listens.
# ipv6
dhcp-range=2001:1410:105:858b::ff00,2001:1410:105:858b::ff50,64,12h
dhcp-option=option6:router,2001:1410:105:858b::1
dhcp-option=option6:dns-server,[::]
This is fine, clients should get addresses IF your interface is configured
accordingly. Make sure it is.
Post by Lorenzo Milesi
dhcp-option=option6:router,2001:1410:105:858b::1
This is bogus. There's no router option in dhcpv6.
Post by Lorenzo Milesi
dhcp-option=option6:dns-server,[::]
This is correct but not necessary, dnsmasq does it by default.

Check the dnsmasq log to see if clients request addresses and get answers.
Check the clients to see which addresses they get and the lease time.

Make sure your 2 routers are sending compatible announcements (prefix, lease
time).
Lorenzo Milesi
2015-10-17 05:40:20 UTC
Permalink
Post by Carlos Carvalho
Make sure your 2 routers are sending compatible announcements (prefix, lease
time).
using just pfsense for both RA and DHCP seem to have fixed the issue, I'll stay this way. thanks anyway.
--
Lorenzo Milesi - ***@yetopen.it

YetOpen S.r.l. - http://www.yetopen.it/
Eric Luehrsen
2015-10-18 05:35:22 UTC
Permalink
Post by Carlos Carvalho
Post by Lorenzo Milesi
dhcp-option=option6:dns-server,[::]
This is correct but not necessary, dnsmasq does it by default.
This CAN BE necessary, depending. This option has a valid use case with SLAAC+DHCPV6 (stateful or stateless) for DNSMASQ router advertisements. The default RA DNS FIELD uses the link-address fe80::/64 and many hosts will use that as primary. However, fe80::/64 is ideally only for link functions, addresses do not resolve as host names, and it can make logs/diagnostics look weird. So the option above will instruct DNSMASQ to RA the DNS FIELD of its interface with respect to global-address or unique-local-address fd00::/8 the RA is for.


ERIC
Carlos Carvalho
2015-10-19 13:25:27 UTC
Permalink
Post by Eric Luehrsen
Post by Carlos Carvalho
Post by Lorenzo Milesi
dhcp-option=option6:dns-server,[::]
This is correct but not necessary, dnsmasq does it by default.
This CAN BE necessary, depending. This option has a valid use case with
SLAAC+DHCPV6 (stateful or stateless) for DNSMASQ router advertisements. The
default RA DNS FIELD uses the link-address fe80::/64
[removed]
Post by Eric Luehrsen
So the option above will instruct DNSMASQ to RA the DNS FIELD of its
interface with respect to global-address or unique-local-address fd00::/8 the
RA is for.
Yes. However when the dns server is transmitted via dhcp, stateful or
stateless, the non-link address is sent. This was the case to which I replied.
This difference is a subtlety that may cause confusion.

Loading...