Discussion:
[Dnsmasq-discuss] Questions on DHCPv6 configuration; having problems getting it to work the way I want
Chris Jenkins
2018-08-25 15:58:15 UTC
Permalink
I'm trying to setup DNSmasq on my macOS server to do the following (and only the following):

- No DNS functionality (handles elsewhere)

- No DHCP functionality (handled elsewhere)

- Only DHCPv6 functionality

1. Assign addresses in the range fd00::1:0 through fd00::1:ffff
2. Allow clients to also get/use SLAAC addresses from my router (so clients have both ULA and SLAAC addresses)
3. Preferably suppress the additional ULAs that get assigned (temporary and secured) - this is not essential
4. Clients will use the router address they get via SLAAC *not* one provided by DNSMasq *or* allow DNSMasq to provide a specified router address rather than the address of the machine where it is running (sine that is not a router)
5. Provide DNS server addresses and DNS search domains to clients

Is this possible? I've sort of managed to get it to (unreliably) handle (1) and (2) but not (3), (4) or (5). I can live without (3).

Can anyone give me some pointers?

Thanks, Chris
Simon Kelley
2018-08-26 14:16:46 UTC
Permalink
Post by Chris Jenkins
- No DNS functionality (handles elsewhere)
- No DHCP functionality (handled elsewhere)
- Only DHCPv6 functionality
1. Assign addresses in the range fd00::1:0 through fd00::1:ffff
2. Allow clients to also get/use SLAAC addresses from my router (so clients have both ULA and SLAAC addresses)
3. Preferably suppress the additional ULAs that get assigned (temporary and secured) - this is not essential
4. Clients will use the router address they get via SLAAC *not* one provided by DNSMasq *or* allow DNSMasq to provide a specified router address rather than the address of the machine where it is running (sine that is not a router)
5. Provide DNS server addresses and DNS search domains to clients
Is this possible? I've sort of managed to get it to (unreliably) handle (1) and (2) but not (3), (4) or (5). I can live without (3).
Can anyone give me some pointers?
Thanks, Chris
The router advertisement packets need to have bits set in the them to
tell the client to used DHCPv6, so you need to either look at the config
of the router or use dnsmasq to do router advertisement.

See --ra-param for aim 4, and dhcp-option for aim 5.

Cheers,

Simon.
Simon Kelley
2018-08-31 22:39:19 UTC
Permalink
Hi Simon,
Thanks for your reply.
My router is an Apple AirPort Extreme and it doesn't have any
configuration parameters that can control this unfortunately...
I've managed to get most of this working now but I still have the
1.   If I use 'slaac' as an option in my dhcp-range directive then
everything works as I need it *except* that the router address that the
client get is the address of the local interface on the machine running
dnsmasq rather than the address of my router. You mentioned using
--ra-param but from my reading of the description of that it doesn't
seem to do what I need which is too advertise a different router address
that isn't a local interface on the dnsmasq machine (I need to advertise
the address of my actual router).
If you look at the packet format for router advertisements, there's no
filed which specifies the router. The router advertises prefixes, and
the source address of the advertisements is the link-local address of
the sending router. Hosts use that as the address of the router.

I think that means you need to convince your Airport to advertise itself
as the router, or reconfigure your network to use the machine running
dnsmasq as router.
2.   If I don't use the 'slaac' option then as well as the router
address problem the clients do not get SLAAC addresses only ULAs and so
they have no Internet connectivity.
Which implies that the airport is not advertising itself, see above.
dhcp-range=fd00::1:0, fd00::1:ffff, slaac, 64, 10m
dhcp-option=option6:dns-server,[fd00::11],[fd00::16]
dhcp-option=option6:domain-search,xxxxxxxxxxxxx
And I am not using any command like options when I run dnsmasq.
Is there any option or mechanism available in dnsmasq to get it to
broadcast a user specified router address in it's RAs with this setup?
If so, could you please provide an example? If there isn't such an
option, any chance of adding one in a future release?
See above, the problem is the protocol, not the implementation.



Cheers,

Simon.
Many thanks,
Chris
 
------------------------------------------------------------------------
*Subject:* Re: [Dnsmasq-discuss] Questions on DHCPv6 configuration;
having problems getting it to work the way I want
*Date:* August 26, 2018 at 2:16:46 PM GMT
Post by Chris Jenkins
I'm trying to setup DNSmasq on my macOS server to do the following
-   No DNS functionality (handles elsewhere)
-   No DHCP functionality (handled elsewhere)
-   Only DHCPv6 functionality
   1.   Assign addresses in the range fd00::1:0 through fd00::1:ffff
   2.   Allow clients to also get/use SLAAC addresses from my router
(so clients have both ULA and SLAAC addresses)
   3.   Preferably suppress the additional ULAs that get assigned
(temporary and secured) - this is not essential
   4.   Clients will use the router address they get via SLAAC *not*
one provided by DNSMasq *or* allow DNSMasq to provide a specified
router address rather than the address of the machine where it is
running (sine that is not a router)
   5.   Provide DNS server addresses and DNS search domains to clients
Is this possible? I've sort of managed to get it to (unreliably)
handle (1) and (2) but not (3), (4) or (5). I can live without (3).
Can anyone give me some pointers?
Thanks,   Chris
The router advertisement packets need to have bits set in the them to
tell the client to used DHCPv6, so you need to either look at the config
of the router or use dnsmasq to do router advertisement.
See --ra-param for aim 4, and dhcp-option for aim 5.
Cheers,
Simon.
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Chris Jenkins
2018-09-01 07:01:15 UTC
Permalink
Thanks for the reply Simon. It seems my desired configuration isn't possible due to limitations in the router advertisement protocol. Back to the drawing board.

My AirPort Extreme is definitely advertising itself since without DNSMasq (my normal setup) in the picture all my devices get global SLAAC assigned IPv6 addresses and they set their default router correctly (to the Airport's link local address). I'll need to find a different method to dynamically assign ULAs to my dynamic devices in addition to their global SLAAC addresses. Maybe I need a new router that provides DHCPv6 server functionality, if such a thing exists.

Chris
Hi Simon,
Thanks for your reply.
My router is an Apple AirPort Extreme and it doesn't have any
configuration parameters that can control this unfortunately...
I've managed to get most of this working now but I still have the
1. If I use 'slaac' as an option in my dhcp-range directive then
everything works as I need it *except* that the router address that the
client get is the address of the local interface on the machine running
dnsmasq rather than the address of my router. You mentioned using
--ra-param but from my reading of the description of that it doesn't
seem to do what I need which is too advertise a different router address
that isn't a local interface on the dnsmasq machine (I need to advertise
the address of my actual router).
If you look at the packet format for router advertisements, there's no
filed which specifies the router. The router advertises prefixes, and
the source address of the advertisements is the link-local address of
the sending router. Hosts use that as the address of the router.

I think that means you need to convince your Airport to advertise itself
as the router, or reconfigure your network to use the machine running
dnsmasq as router.
2. If I don't use the 'slaac' option then as well as the router
address problem the clients do not get SLAAC addresses only ULAs and so
they have no Internet connectivity.
Which implies that the airport is not advertising itself, see above.
dhcp-range=fd00::1:0, fd00::1:ffff, slaac, 64, 10m
dhcp-option=option6:dns-server,[fd00::11],[fd00::16]
dhcp-option=option6:domain-search,xxxxxxxxxxxxx
And I am not using any command like options when I run dnsmasq.
Is there any option or mechanism available in dnsmasq to get it to
broadcast a user specified router address in it's RAs with this setup?
If so, could you please provide an example? If there isn't such an
option, any chance of adding one in a future release?
See above, the problem is the protocol, not the implementation.



Cheers,

Simon.
Many thanks,
Chris
------------------------------------------------------------------------
*Subject:* Re: [Dnsmasq-discuss] Questions on DHCPv6 configuration;
having problems getting it to work the way I want
*Date:* August 26, 2018 at 2:16:46 PM GMT
Post by Chris Jenkins
I'm trying to setup DNSmasq on my macOS server to do the following
- No DNS functionality (handles elsewhere)
- No DHCP functionality (handled elsewhere)
- Only DHCPv6 functionality
1. Assign addresses in the range fd00::1:0 through fd00::1:ffff
2. Allow clients to also get/use SLAAC addresses from my router
(so clients have both ULA and SLAAC addresses)
3. Preferably suppress the additional ULAs that get assigned
(temporary and secured) - this is not essential
4. Clients will use the router address they get via SLAAC *not*
one provided by DNSMasq *or* allow DNSMasq to provide a specified
router address rather than the address of the machine where it is
running (sine that is not a router)
5. Provide DNS server addresses and DNS search domains to clients
Is this possible? I've sort of managed to get it to (unreliably)
handle (1) and (2) but not (3), (4) or (5). I can live without (3).
Can anyone give me some pointers?
Thanks, Chris
The router advertisement packets need to have bits set in the them to
tell the client to used DHCPv6, so you need to either look at the config
of the router or use dnsmasq to do router advertisement.
See --ra-param for aim 4, and dhcp-option for aim 5.
Cheers,
Simon.
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Loading...