Send dhcp-users mailing list submissions to dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit https://lists.isc.org/mailman/listinfo/dhcp-users or, via email, send a message with subject or body 'help' to dhcp-users-requ...@lists.isc.org You can reach the person managing the list at dhcp-users-ow...@lists.isc.org When replying, please edit your Subject line so it is more specific than "Re: Contents of dhcp-users digest..." Today's Topics: 1. Re: ISC DHCPv6-BIND9 DDNS update problem (Mirsad Goran Todorovac) ---------------------------------------------------------------------- Message: 1 Date: Thu, 9 Jun 2022 15:27:07 +0200 From: Mirsad Goran Todorovac <mirsad.todoro...@alu.unizg.hr> To: dhcp-users@lists.isc.org Subject: Re: ISC DHCPv6-BIND9 DDNS update problem Message-ID: <7f3eed7f-3852-7fb2-bd05-6a1bfa889...@alu.unizg.hr> Content-Type: text/plain; charset="utf-8"; Format="flowed" P.P.P.S. It seems that I have identified the culprit. Our subnet has 6 rogue DHCPv6 servers according to this nmap scan: root@domac:~# ip neigh | grep fe80 | grep eth1 | awk '{ print $1 }' | xargs nmap -6 -p 547 Starting Nmap 7.70 ( https://nmap.org ) at 2022-06-09 15:24 CEST Nmap scan report for fe80::ac42:4146:51fa:6f1d Host is up (-0.100s latency). PORT??? STATE??? SERVICE 547/tcp filtered dhcpv6-server MAC Address: 4C:CC:6A:93:95:B9 (Micro-star Intl) Nmap scan report for fe80::babe:bfff:fe26:9542 Host is up (-0.072s latency). PORT??? STATE??? SERVICE 547/tcp filtered dhcpv6-server MAC Address: B8:BE:BF:26:95:42 (Cisco Systems) Nmap scan report for fe80::98d4:2331:7505:8107 Host is up (0.00058s latency). PORT??? STATE??? SERVICE 547/tcp filtered dhcpv6-server MAC Address: 04:42:1A:E9:09:9B (Unknown) Nmap scan report for fe80::7d16:fb12:a937:fb04 Host is up (0.0012s latency). PORT??? STATE??? SERVICE 547/tcp filtered dhcpv6-server MAC Address: 1C:A0:B8:7D:12:A3 (Hon Hai Precision Ind.) Nmap scan report for fe80::ad7f:3404:1b4d:4f0d Host is up (-0.099s latency). PORT??? STATE??? SERVICE 547/tcp filtered dhcpv6-server MAC Address: 8C:8C:AA:43:FC:5E (Unknown) Nmap scan report for fe80::8aad:43ff:fefa:3f96 Host is up (0.00078s latency). PORT??? STATE??? SERVICE 547/tcp filtered dhcpv6-server MAC Address: 88:AD:43:FA:3F:96 (Pegatron) Nmap done: 19 IP addresses (6 hosts up) scanned in 0.91 seconds root@domac:~# I'm afraid we will have to clear one by one before our DHCPv6 on domac starts receiving any Requests or Confirms. Mirsad On 9.6.2022. 11:58, Mirsad Goran Todorovac wrote: > > P.P.S. > > I have turned off NIC checksum offloading by `ethtool -K eth1 rx off > tx off`. Now the UDP checksum should be calculated in the kernel (slower). > > 11:54:40.438248 IP6 (hlim 1, next-header UDP (17) payload length: 103) > fe80::9418:9a22:54b8:743f.546 > ff02::1:2.547: [udp sum ok] dhcp6 > solicit (xid=a1f102 (elapsed-time 0) (client-ID hwaddr/time type 1 > time 499890753 f0761c5b0dd5) (IA_NA IAID:338441082 T1:0 T2:0) > (Client-FQDN) (vendor-class) (option-request DNS-search-list > DNS-server vendor-specific-info Client-FQDN)) > 11:54:40.438928 IP6 (flowlabel 0x82364, hlim 64, next-header UDP (17) > payload length: 159) fe80::f21f:afff:fef1:420a.547 > > fe80::9418:9a22:54b8:743f.546: *[udp sum ok]* dhcp6 advertise > (xid=a1f102 (IA_NA IAID:338441082 T1:3600 T2:7200 (IA_ADDR > 2001:b68:2:2800::10:139d pltime:604800 vltime:3600)) (client-ID > hwaddr/time type 1 time 499890753 f0761c5b0dd5) (server-ID hwaddr/time > type 1 time 707489786 f01faff1420a) (preference 255) (DNS-search-list > local.alu.hr. alu.hr.) (DNS-server 2001:b68:2:2800::3 2001:b68:c:2::70:0)) > 11:54:41.445113 IP6 (hlim 1, next-header UDP (17) payload length: 103) > fe80::9418:9a22:54b8:743f.546 > ff02::1:2.547: [udp sum ok] dhcp6 > solicit (xid=a1f102 (elapsed-time 100) (client-ID hwaddr/time type 1 > time 499890753 f0761c5b0dd5) (IA_NA IAID:338441082 T1:0 T2:0) > (Client-FQDN) (vendor-class) (option-request DNS-search-list > DNS-server vendor-specific-info Client-FQDN)) > > Now the checksums are OK, however the server still doesn't receive > Request or Confirm message from the client. > I'm pretty much out of ideas. > > Mirsad > > On 9.6.2022. 11:22, Mirsad Goran Todorovac wrote: >> >> P.S. >> >> We are using ISC DHCP 4.4.3 and BIND 9.16.27 on a Debian 10 Buster >> system with 4.19.235-1 kernel and libc6:amd64 2.28-10+deb10u1. >> >> root@domac:~# ldd /usr/local/sbin/dhcpd >> ??????? linux-vdso.so.1 (0x00007ffc7afdb000) >> ??????? libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f0671607000) >> ??????? /lib64/ld-linux-x86-64.so.2 (0x00007f0671c05000) >> root@domac:~# >> >> We have updated the network configuration on the router to not relay >> to DHCPv6 on our domac sever but to advertise DHCPv6 server presence >> on the subnet. >> >> Now the log looks like this: >> >> Jun? 9 11:04:41 domac dhcpd: Solicit message from >> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00 >> Jun? 9 11:04:41 domac dhcpd: Picking pool address >> 2001:b68:2:2800::10:1228 >> Jun? 9 11:04:41 domac dhcpd: Advertise NA: address >> 2001:b68:2:2800::10:1228 to client with duid >> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds >> Jun? 9 11:04:41 domac dhcpd: Sending Advertise to >> fe80::cff:4b3a:be79:cec0 port 546 >> Jun? 9 11:04:41 domac dhcpd: Solicit message from >> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00 >> Jun? 9 11:04:41 domac dhcpd: Picking pool address >> 2001:b68:2:2800::10:1228 >> Jun? 9 11:04:41 domac dhcpd: Advertise NA: address >> 2001:b68:2:2800::10:1228 to client with duid >> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds >> Jun? 9 11:04:41 domac dhcpd: Sending Advertise to >> fe80::cff:4b3a:be79:cec0 port 546 >> Jun? 9 11:04:42 domac dhcpd: Solicit message from >> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00 >> Jun? 9 11:04:42 domac dhcpd: Picking pool address >> 2001:b68:2:2800::10:1228 >> Jun? 9 11:04:42 domac dhcpd: Advertise NA: address >> 2001:b68:2:2800::10:1228 to client with duid >> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds >> Jun? 9 11:04:42 domac dhcpd: Sending Advertise to >> fe80::cff:4b3a:be79:cec0 port 546 >> Jun? 9 11:04:42 domac dhcpd: Solicit message from >> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00 >> Jun? 9 11:04:42 domac dhcpd: Picking pool address >> 2001:b68:2:2800::10:1228 >> Jun? 9 11:04:42 domac dhcpd: Advertise NA: address >> 2001:b68:2:2800::10:1228 to client with duid >> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds >> Jun? 9 11:04:42 domac dhcpd: Sending Advertise to >> fe80::cff:4b3a:be79:cec0 port 546 >> Jun? 9 11:04:44 domac dhcpd: Solicit message from >> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00 >> Jun? 9 11:04:44 domac dhcpd: Picking pool address >> 2001:b68:2:2800::10:1228 >> Jun? 9 11:04:44 domac dhcpd: Advertise NA: address >> 2001:b68:2:2800::10:1228 to client with duid >> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds >> Jun? 9 11:04:44 domac dhcpd: Sending Advertise to >> fe80::cff:4b3a:be79:cec0 port 546 >> Jun? 9 11:04:44 domac dhcpd: Solicit message from >> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00 >> Jun? 9 11:04:44 domac dhcpd: Picking pool address >> 2001:b68:2:2800::10:1228 >> Jun? 9 11:04:44 domac dhcpd: Advertise NA: address >> 2001:b68:2:2800::10:1228 to client with duid >> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds >> Jun? 9 11:04:44 domac dhcpd: Sending Advertise to >> fe80::cff:4b3a:be79:cec0 port 546 >> Jun? 9 11:04:48 domac dhcpd: Solicit message from >> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00 >> Jun? 9 11:04:48 domac dhcpd: Picking pool address >> 2001:b68:2:2800::10:1228 >> Jun? 9 11:04:48 domac dhcpd: Advertise NA: address >> 2001:b68:2:2800::10:1228 to client with duid >> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds >> Jun? 9 11:04:48 domac dhcpd: Sending Advertise to >> fe80::cff:4b3a:be79:cec0 port 546 >> Jun? 9 11:04:48 domac dhcpd: Solicit message from >> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00 >> Jun? 9 11:04:48 domac dhcpd: Picking pool address >> 2001:b68:2:2800::10:1228 >> Jun? 9 11:04:48 domac dhcpd: Advertise NA: address >> 2001:b68:2:2800::10:1228 to client with duid >> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds >> Jun? 9 11:04:48 domac dhcpd: Sending Advertise to >> fe80::cff:4b3a:be79:cec0 port 546 >> >> Apparently, the client fe80::cff:4b3a:be79:cec0 never receives DHCPv6 >> Advertisement with assigned address from domac server, so it repeats >> soliciting for other DHCPv6 server 7 more times: >> >> 11:02:37.403227 IP6 (flowlabel 0x9ecff, hlim 1, next-header UDP (17) >> payload length: 94) fe80::3d9c:9ecd:42c:b76e.546 > ff02::1:2.547: >> [udp sum ok] dhcp6 solicit (xid=9e8166 (elapsed-time 0) (client-ID >> hwaddr/time type 1 time 641857482 1ca0b87d1191) (IA_NA IAID:102539448 >> T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request >> vendor-specific-info DNS-server DNS-search-list Client-FQDN)) >> 11:02:37.403352 IP6 (flowlabel 0x52e68, hlim 64, next-header UDP (17) >> payload length: 159) fe80::f21f:afff:fef1:420a.547 > >> fe80::3d9c:9ecd:42c:b76e.546: *[bad udp cksum 0x78d2 -> 0x8bad!]* >> dhcp6 advertise (xid=9e8166 (IA_NA IAID:102539448 T1:3600 T2:7200 >> (IA_ADDR 2001:b68:2:2800::10:10ef pltime:604800 vltime:3600)) >> (client-ID hwaddr/time type 1 time 641857482 1ca0b87d1191) (server-ID >> hwaddr/time type 1 time 707489786 f01faff1420a) (preference 255) >> (DNS-server 2001:b68:2:2800::3 2001:b68:c:2::70:0) (DNS-search-list >> local.alu.hr. alu.hr.)) >> >> There is this problem with "bad udp checksum" in tcpdump-ed packets >> from domac's fe80::f21f:afff:fef1:420a interface: I'm new to IPv6, >> but I think the receiver party is mandated to discard UDP packets >> with bad checksum. >> >> So the DHCPv6 server on domac never sees a Request nor Confirm >> message from the client >> https://datatracker.ietf.org/doc/html/rfc3315#section-5.3 >> >> ? ? ? REQUEST (3) ? ? ? ?A client sends a Request message to request >> ? ? ? ? ? ? ? ? ? ? ? ? ?configuration parameters, including IP >> ? ? ? ? ? ? ? ? ? ? ? ? ?addresses, from a specific server. >> >> ? ? ? CONFIRM (4) ? ? ? ?A client sends a Confirm message to any >> ? ? ? ? ? ? ? ? ? ? ? ? ?available server to determine whether the >> ? ? ? ? ? ? ? ? ? ? ? ? ?addresses it was assigned are still appropriate >> ? ? ? ? ? ? ? ? ? ? ? ? ?to the link to which the client is connected. >> My knowledge of DHCPv6 is very beginning level, but I'm afraid if we >> do not make DHCPv6 DDNS work no one will use IPv6 for the addresses >> like 2001:b68:2:2800::3 are very hard to configure manually, remember >> and type. >> The idea was that the users would be able to log in via VPN and >> access their work PC with a symbolic FQDN domain name. >> >> I think I am defeated here: some Googled articles say it is normal >> for checksum to be bad if it is generated by NIC, but on the other >> hand the client doesn't appear to receive any Advertise messages or >> send back Request or Confirm. This way the server never gets >> confirmation that the address is acceptable by the client and it >> never proceeds to DDNS name update to the zone at all. >> >> The clients worked with the IPv6 SLAAC configuration on the router, >> but we wanted dynamic DNS addresses on the subnet for the assigned >> IPv6 addresses to make it more usable. >> >> Thank you very much for help. >> >> Kind regards, >> Mirsad Todorovac >> >> On 8.6.2022. 6:14, Mirsad Goran Todorovac wrote: >>> Dear Sirs, >>> >>> Having compiled ISC DHCPD 4.4.3 with includes/site.h: #define >>> DEBUG_DNS_UPDATES >>> I get the following output. It appears that the DDNS update code >>> isn't even called for IPv6. >>> >>> Am I doing something terribly wrong? >>> >>> Thank you. >>> >>> Jun? 8 06:09:02 domac dhcpd: ddns.c(150): Allocating >>> ddns_cb=0x5604136c60a0 >>> Jun? 8 06:09:02 domac dhcpd: DDNS: ddns_fwd_srv_connector: ddns_cb: >>> 0x5604136c60a0 flags: 50b state: DDNS_STATE_CLEANUP cur_func: <null> >>> eresult: 0 >>> Jun? 8 06:09:02 domac dhcpd: DDNS: ddns_modify_fwd >>> Jun? 8 06:09:02 domac dhcpd: DDNS: build_fwd_add1: >>> pname:[R7000P.local.alu.hr] uname:[R7000P.local.alu.hr] >>> Jun? 8 06:09:02 domac dhcpd: DDNS request: id ptr 0x7fdc349e8010 >>> DDNS_STATE_ADD_FW_NXDOMAIN 192.168.100.215 for R7000P.local.alu.hr >>> zone: local.alu.hr.dhcid: >>> [00:01:01:52:62:16:06:17:56:5b:21:58:8f:69:59:ee:4e:bb:79:9d:5e:76:9b:3a:f3:b7:2c:0f:cf:01:db:4c:eb:6b:87 >>> >>> >>> Jun? 8 06:09:02 domac dhcpd: ddns.c(1722): Updating lease_ptr for >>> ddns_cp=0x5604136c60a0 (addr=192.168.100.215) >>> Jun? 8 06:09:02 domac dhcpd: DHCPREQUEST for 192.168.100.215 from >>> 9c:3d:cf:11:aa:a6 (R7000P) via eth1 >>> Jun? 8 06:09:02 domac dhcpd: DHCPACK on 192.168.100.215 to >>> 9c:3d:cf:11:aa:a6 (R7000P) via eth1 >>> Jun? 8 06:09:02 domac dhcpd: DDNS reply: id ptr 0x7fdc349e8010, >>> result: YXDOMAIN >>> Jun? 8 06:09:02 domac dhcpd: DDNS: ddns_fwd_srv_add1: ddns_cb: >>> 0x5604136c60a0 flags: 50b state: DDNS_STATE_ADD_FW_NXDOMAIN >>> cur_func: ddns_fwd_srv_add1 eresult: 196614 >>> Jun? 8 06:09:02 domac dhcpd: DDNS: ddns_modify_fwd >>> Jun? 8 06:09:02 domac dhcpd: DDNS: build_fwd_add2: >>> pname:[R7000P.local.alu.hr] uname:[R7000P.local.alu.hr] >>> Jun? 8 06:09:02 domac dhcpd: DDNS request: id ptr 0x7fdc349e8010 >>> DDNS_STATE_ADD_FW_YXDHCID 192.168.100.215 for R7000P.local.alu.hr >>> zone: local.alu.hr.dhcid: >>> [00:01:01:52:62:16:06:17:56:5b:21:58:8f:69:59:ee:4e:bb:79:9d:5e:76:9b:3a:f3:b7:2c:0f:cf:01:db:4c:eb:6b:87 >>> >>> >>> Jun? 8 06:09:02 domac dhcpd: DDNS reply: id ptr 0x7fdc349e8010, >>> result: success >>> Jun? 8 06:09:02 domac dhcpd: DDNS:ddns_fwd_srv_add2: ddns_cb: >>> 0x5604136c60a0 flags: 50b state: DDNS_STATE_ADD_FW_YXDHCID cur_func: >>> ddns_fwd_srv_add2 eresult: 0 >>> Jun? 8 06:09:02 domac dhcpd: Added new forward map from >>> R7000P.local.alu.hr to 192.168.100.215 >>> Jun? 8 06:09:02 domac dhcpd: DDNS: ddns_modify_ptr >>> Jun? 8 06:09:02 domac dhcpd: DDNS request: id ptr 0x7fdc349e8010 >>> DDNS_STATE_ADD_PTR R7000P.local.alu.hr for >>> 215.100.168.192.in-addr.arpa. zone: 168.192.in-addr.arpa.dhcid: >>> [00:01:01:52:62:16:06:17:56:5b:21:58:8f:69:59:ee:4e:bb:79:9d:5e:76:9b:3a:f3:b7:2c:0f:cf:01:db:4c:eb:6b:87 >>> >>> >>> Jun? 8 06:09:02 domac dhcpd: DDNS reply: id ptr 0x7fdc349e8010, >>> result: success >>> Jun? 8 06:09:02 domac dhcpd: Added reverse map from >>> 215.100.168.192.in-addr.arpa. to R7000P.local.alu.hr >>> Jun? 8 06:09:02 domac dhcpd: ddns.c(1325): Updating lease_ptr for >>> ddns_cp=0x5604136c60a0 (addr=192.168.100.215) >>> Jun? 8 06:09:02 domac dhcpd: ddns.c(1325): >>> find_lease_by_ip_addr(192.168.100.215) successful:lease=0x7fdc346b4e20 >>> Jun? 8 06:09:02 domac dhcpd: ddns.c(1326): freeing >>> ddns_cb=0x5604136c60a0 >>> Jun? 8 06:09:46 domac dhcpd: Solicit message from >>> fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00 >>> Jun? 8 06:09:46 domac dhcpd: Picking pool address >>> 2001:b68:2:2800::10:1208 >>> Jun? 8 06:09:46 domac dhcpd: Advertise NA: address >>> 2001:b68:2:2800::10:1208 to client with duid >>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid >>> for 3600 seconds >>> Jun? 8 06:09:46 domac dhcpd: Sending Advertise to >>> fe80::8aad:43ff:fefa:3f96 port 546 >>> Jun? 8 06:09:46 domac dhcpd: Solicit message from >>> fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00 >>> Jun? 8 06:09:46 domac dhcpd: Picking pool address >>> 2001:b68:2:2800::10:1208 >>> Jun? 8 06:09:46 domac dhcpd: Advertise NA: address >>> 2001:b68:2:2800::10:1208 to client with duid >>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid >>> for 3600 seconds >>> Jun? 8 06:09:46 domac dhcpd: Sending Advertise to >>> fe80::8aad:43ff:fefa:3f96 port 546 >>> Jun? 8 06:09:46 domac dhcpd: Relay-forward message from >>> fe80::babe:bfff:fe26:9542 port 547, link address 2001:b68:2:2800::1, >>> peer address fe80::8aad:43ff:fefa:3f96 >>> Jun? 8 06:09:46 domac dhcpd: Picking pool address >>> 2001:b68:2:2800::10:1208 >>> Jun? 8 06:09:46 domac dhcpd: Advertise NA: address >>> 2001:b68:2:2800::10:1208 to client with duid >>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid >>> for 3600 seconds >>> Jun? 8 06:09:46 domac dhcpd: Sending Relay-reply to >>> fe80::babe:bfff:fe26:9542 port 547 >>> Jun? 8 06:11:57 domac dhcpd: Solicit message from >>> fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00 >>> Jun? 8 06:11:57 domac dhcpd: Picking pool address >>> 2001:b68:2:2800::10:1208 >>> Jun? 8 06:11:57 domac dhcpd: Advertise NA: address >>> 2001:b68:2:2800::10:1208 to client with duid >>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid >>> for 3600 seconds >>> Jun? 8 06:11:57 domac dhcpd: Sending Advertise to >>> fe80::8aad:43ff:fefa:3f96 port 546 >>> Jun? 8 06:11:57 domac dhcpd: Solicit message from >>> fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00 >>> Jun? 8 06:11:57 domac dhcpd: Picking pool address >>> 2001:b68:2:2800::10:1208 >>> Jun? 8 06:11:57 domac dhcpd: Advertise NA: address >>> 2001:b68:2:2800::10:1208 to client with duid >>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid >>> for 3600 seconds >>> Jun? 8 06:11:57 domac dhcpd: Sending Advertise to >>> fe80::8aad:43ff:fefa:3f96 port 546 >>> Jun? 8 06:11:57 domac dhcpd: Relay-forward message from >>> fe80::babe:bfff:fe26:9542 port 547, link address 2001:b68:2:2800::1, >>> peer address fe80::8aad:43ff:fefa:3f96 >>> Jun? 8 06:11:57 domac dhcpd: Picking pool address >>> 2001:b68:2:2800::10:1208 >>> Jun? 8 06:11:57 domac dhcpd: Advertise NA: address >>> 2001:b68:2:2800::10:1208 to client with duid >>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid >>> for 3600 seconds >>> Jun? 8 06:11:57 domac dhcpd: Sending Relay-reply to >>> fe80::babe:bfff:fe26:9542 port 547 >>> >>> On 07. 06. 2022. 19:13, Mirsad Goran Todorovac wrote: >>>> Hello all, >>>> >>>> I have a problem that our DHCPv6 DDNS update which works reliably >>>> with IPv4 doesn't work at all when we implemented >>>> the dual-stack operation with IPv6. There is not even a warning, >>>> notice or error in the log. No syntax errors in the config >>>> /etc/dhcp/dhcpd6.conf file. >>>> >>>> We are running Debian 10 Buster server with BIND 9.16.27 and ISC >>>> DHCPd 4.4.1 >>>> >>>> root@domac:# dpkg -l ... >>>> Desired=Unknown/Install/Remove/Purge/Hold >>>> | >>>> Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend >>>> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) >>>> ||/ Name?????????? Version???????????????????? Architecture >>>> Description >>>> +++-==============-===========================-============-================================= >>>> >>>> >>>> ii? bind9????????? 1:9.16.27-1~deb11u1~bpo10+1 amd64 Internet >>>> Domain Name Server >>>> ii? isc-dhcp-server 4.4.1-2+deb10u1 amd64??????? ISC DHCP server >>>> for automatic IP address assignment >>>> >>>> Here is a typical example of DHCPv6 transactions found in the log: >>>> >>>> Jun? 7 16:53:27 domac dhcpd[2971]: Solicit message from >>>> fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00 >>>> Jun? 7 16:53:27 domac dhcpd[2971]: Picking pool address >>>> 2001:b68:2:2800::10:1208 >>>> Jun? 7 16:53:27 domac dhcpd[2971]: Advertise NA: address >>>> 2001:b68:2:2800::10:1208 to client with duid >>>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid >>>> for 3600 seconds >>>> Jun? 7 16:53:27 domac dhcpd[2971]: Sending Advertise to >>>> fe80::8aad:43ff:fefa:3f96 port 546 >>>> Jun? 7 16:53:27 domac dhcpd[2971]: Solicit message from >>>> fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00 >>>> Jun? 7 16:53:27 domac dhcpd[2971]: Picking pool address >>>> 2001:b68:2:2800::10:1208 >>>> Jun? 7 16:53:27 domac dhcpd[2971]: Advertise NA: address >>>> 2001:b68:2:2800::10:1208 to client with duid >>>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid >>>> for 3600 seconds >>>> Jun? 7 16:53:27 domac dhcpd[2971]: Sending Advertise to >>>> fe80::8aad:43ff:fefa:3f96 port 546 >>>> Jun? 7 16:53:27 domac dhcpd[2971]: Relay-forward message from >>>> fe80::babe:bfff:fe26:9542 port 547, link address >>>> 2001:b68:2:2800::1, peer address fe80::8aad:43ff:fefa:3f96 >>>> Jun? 7 16:53:27 domac dhcpd[2971]: Picking pool address >>>> 2001:b68:2:2800::10:1208 >>>> Jun? 7 16:53:27 domac dhcpd[2971]: Advertise NA: address >>>> 2001:b68:2:2800::10:1208 to client with duid >>>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid >>>> for 3600 seconds >>>> Jun? 7 16:53:27 domac dhcpd[2971]: Sending Relay-reply to >>>> fe80::babe:bfff:fe26:9542 port 547 >>>> >>>> fe80::babe:bfff:fe26:9542 is local-link address of our router. >>>> >>>> Our DNS/DHCP server is 161.53.235.3 or 2001:b68:2:2800::3, LLA for >>>> eth1 is fe80::f21f:afff:fef1:420a/64 >>>> >>>> Here is our /etc/dhcp/dhcpd6.conf: >>>> >>>> default-lease-time 3600; >>>> preferred-lifetime 604800; >>>> option dhcp-renewal-time 3600; >>>> option dhcp-rebinding-time 7200; >>>> allow leasequery; >>>> >>>> option dhcp6.name-servers 2001:b68:2:2800::3,2001:b68:c:2::70:0; >>>> option dhcp6.domain-search "alu.hr"; >>>> >>>> option dhcp6.info-refresh-time 21600; >>>> >>>> ddns-update-style standard; >>>> ddns-dual-stack-mixed-mode true; >>>> update-conflict-detection false; >>>> update-optimization false; >>>> deny client-updates; >>>> ddns-updates on; >>>> authoritative; >>>> log-facility local7; >>>> ddns-domainname "local.alu.hr."; >>>> ddns-rev-domainname "ip6.arpa."; >>>> >>>> include "/etc/bind/ddns.key"; >>>> >>>> shared-network ilica85.alu.hr { >>>> ??? subnet6 2001:b68:2:2800::/64 { >>>> ??????? range6 2001:b68:2:2800::10:1000 2001:b68:2:2800::10:13ff; >>>> ??????? option dhcp6.domain-search "local.alu.hr","alu.hr"; >>>> ??????? option dhcp6.name-servers >>>> 2001:b68:2:2800::3,2001:b68:c:2::70:0; >>>> ??????? ddns-domainname "local.alu.hr"; >>>> >>>> ??????? zone local.alu.hr. { >>>> ??????????????? # primary6 2001:b68:2:2800::3; >>>> ??????????????? primary 127.0.0.1; >>>> ??????????????? key DDNS_UPDATE; >>>> ??????? } >>>> ??????? zone 0.0.8.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa. { >>>> ??????????????? # primary6 2001:b68:2:2800::3; >>>> ??????????????? primary 127.0.0.1; >>>> ??????????????? key DDNS_UPDATE; >>>> ??????? } >>>> ??? } >>>> } >>>> >>>> subnet6 2001:b68:2:2a00::/64 { >>>> ??????? range6 2001:b68:2:2a00::1000 2001:b68:2:2a00::10ff; >>>> ??????? option dhcp6.domain-search "slava.alu.hr","alu.hr"; >>>> ??????? option dhcp6.name-servers >>>> 2001:b68:2:2800::3,2001:b68:c:2::70:0; >>>> ??????? ddns-domainname "slava.alu.hr"; >>>> >>>> ??????? zone slava.alu.hr. { >>>> ??????????????? primary6 2001:b68:2:2800::3; >>>> ??????????????? key DDNS_UPDATE; >>>> ??????? } >>>> >>>> ??????? zone 0.0.a.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa. { >>>> ??????????????? primary6 2001:b68:2:2800::3; >>>> ??????????????? key DDNS_UPDATE; >>>> ??????? } >>>> } >>>> >>>> The corresponding entries in /etc/bind/named.conf.local are: >>>> >>>> ??? zone "0.0.8.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa" in { >>>> ??????? type master; >>>> ??????? file >>>> "/var/cache/bind/0.0.8.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa.db"; >>>> ??????? allow-update { key DDNS_UPDATE; }; >>>> ??????? allow-transfer { 31.147.205.54; 161.53.2.70; }; >>>> ??????? also-notify { 31.147.205.54; 161.53.2.70; }; >>>> ??????? forwarders {}; >>>> ??? }; >>>> >>>> ??? zone "0.0.a.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa" in { >>>> ??????? type master; >>>> ??????? file >>>> "/var/cache/bind/0.0.a.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa.db"; >>>> ??????? allow-update { key DDNS_UPDATE; }; >>>> ??????? allow-transfer { 31.147.205.54; 161.53.2.70; }; >>>> ??????? also-notify { 31.147.205.54; 161.53.2.70; }; >>>> ??????? forwarders {}; >>>> ??? }; >>>> >>>> ??? zone "local.alu.hr" in { >>>> ??????? type master; >>>> ??????? file "/var/cache/bind/local.alu.hr.db"; >>>> ??????? allow-update { key DDNS_UPDATE; }; >>>> ??????? allow-transfer { 31.147.205.54; 161.53.2.70; }; >>>> ??????? also-notify { 31.147.205.54; 161.53.2.70; }; >>>> ??????? forwarders {}; >>>> ??? }; >>>> >>>> ??? zone "slava.alu.hr" in { >>>> ??????? type master; >>>> ??????? file "/var/cache/bind/slava.alu.hr.db"; >>>> ??????? allow-update { key DDNS_UPDATE; }; >>>> ??????? allow-transfer { 31.147.205.54; 161.53.2.70; }; >>>> ??????? also-notify { 31.147.205.54; 161.53.2.70; }; >>>> ??????? dnssec-policy "standard"; >>>> ??????? key-directory "/var/cache/bind/keys"; >>>> ??????? forwarders {}; >>>> ??? }; >>>> >>>> We are also using views in BIND9, but they work well updating the >>>> "internal" and "universe" zones with DHCPv4, i.e.: >>>> >>>> Jun? 7 16:48:21 domac dhcpd[986]: DHCPREQUEST for 192.168.100.215 >>>> from 9c:3d:cf:11:aa:a6 (R7000P) via eth1 >>>> Jun? 7 16:48:21 domac dhcpd[986]: DHCPACK on 192.168.100.215 to >>>> 9c:3d:cf:11:aa:a6 (R7000P) via eth1 >>>> Jun? 7 16:48:21 domac dhcpd[986]: Added new forward map from >>>> R7000P.local.alu.hr to 192.168.100.215 >>>> Jun? 7 16:48:21 domac dhcpd[986]: Added reverse map from >>>> 215.100.168.192.in-addr.arpa. to R7000P.local.alu.hr >>>> >>>> As you can see in the options, I tried various combinations, and I >>>> seem to be out of options. But we are new to IPv6 >>>> and DHCPv6, so there may be something obvious to you I cannot see >>>> (like DDNS not being enabled in ISC dhcpd binary >>>> with option -6)? >>>> >>>> I am very interested personally in IPv6 adoption for we are >>>> expecting a surge in multimedia content provided, >>>> possibly broadcasted, additional options with IoT, security, >>>> surveillance cameras (requiring public IP we are short of). >>>> >>>> All of this would be greatly simplified and more adopted if the >>>> users, professors, staff and students wouldn't >>>> have to remember IPv6 address like 2001:b68:2:2800::3 but used an >>>> automatically assigned domain name instead. >>>> >>>> Manual IPv6 configuration and static tables for this would be an >>>> overkill, we are understaffed to maintain it. >>>> >>>> Thank you very much for your time and help. >>>> >>>> Kind regards, >>>> Mirsad Todorovac >>>> >>> -- >>> Mirsad Goran Todorovac >>> CARNet sistem in?enjer >>> Grafi?ki fakultet | Akademija likovnih umjetnosti >>> Sveu?ili?te u Zagrebu >> -- >> Mirsad Todorovac >> CARNet system engineer >> Faculty of Graphic Arts | Academy of Fine Arts >> University of Zagreb >> Republic of Croatia, the European Union >> -- >> CARNet sistem in?enjer >> Grafi?ki fakultet | Akademija likovnih umjetnosti >> Sveu?ili?te u Zagrebu >> > -- > Mirsad Todorovac > CARNet system engineer > Faculty of Graphic Arts | Academy of Fine Arts > University of Zagreb > Republic of Croatia, the European Union > -- > CARNet sistem in?enjer > Grafi?ki fakultet | Akademija likovnih umjetnosti > Sveu?ili?te u Zagrebu > -- Mirsad Todorovac CARNet system engineer Faculty of Graphic Arts | Academy of Fine Arts University of Zagreb Republic of Croatia, the European Union -- CARNet sistem in?enjer Grafi?ki fakultet | Akademija likovnih umjetnosti Sveu?ili?te u Zagrebu -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20220609/7767e09d/attachment.htm> ------------------------------ Subject: Digest Footer _______________________________________________ ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. dhcp-users mailing list dhcp-users@lists.isc.org https://lists.isc.org/mailman/listinfo/dhcp-users ------------------------------ End of dhcp-users Digest, Vol 164, Issue 19 *******************************************