The first question is, how static are your global addresses? Making a
network which can survive renumbering is a lot more difficult than one
with known and fixed addresses.


Simon.



On 12/04/2020 17:20, Oliver Freyermuth wrote:
> Dear DNSmasqers,
> 
> I have a setup in mind and wonder whether dnsmasq is the correct tool (since 
> I have not found the necessary functionality in the documentation yet). 
> 
> We have a /56 IPv6 network, and plan to use pure DHCPv6 (no stateless 
> autoconfiguration) in several /64 networks. 
> There are several subnets (currently NATed IPv4), such as — for example — a 
> WireGuard VPN network, or a local isolated subnet. 
> While with IPv4, the answer was the use of private addresses and NAT every 
> time, potentially using a DHCP fowarder, for IPv6, the answer should be to 
> use Global Unicast addresses everywhere (right?). 
> How do I approach this correctly? 
> 
> Three options come to mind to handle such subnets:
> - Use ULAs and NAT (but that does not feel like IPv6...). 
> - Delegate a prefix from the large network (where we'd use dnsmasq) to the 
> "gateway" machine, which then would be a router. 
>   However, I am not aware if dnsmasq can delegate prefixes? 
> - Use ProxyNDP (via npdpd or Linux kernel functionality). But I'm not sure if 
> that scales well to a larger number of machines? 
> - Use static routes on the central machine which send the /64 subnet to the 
> "gateways" and use dnsmasq on the gateways. 
>   Am I missing something here, or should that "just work"?
> 
> Is anybody aware of a best-practice guide here (please RTFM me)? Is dnsmasq 
> the correct tool? 
> 
> Cheers and thanks for any guidance,
>       Oliver
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to