On 19.12.24 09:28, 胡义臻 wrote:

Dear all, I start dnsmasq(version 2.86) with --dhcp-lease-max=1, only
one DHCP lease can be allocated. I find that the behavior of IPv4 and
IPv6 is inconsistent. IPv4 returns a DHCPNAK packet with log "no
leases left". Although IPv6 does not allocate a lease in function
lease_allocate, it still returns a DHCPADVERSISE packet and allocates
an IPv6 address.
(...)

[root@localhost.localdomain /]$ip netns exec ns0 tcpdump -i veth0 -vvv
port 546 or port 547

dropped privs to tcpdump

tcpdump: listening on veth0, link-type EN10MB (Ethernet), snapshot
length 262144 bytes

15:55:18.192825 IP6 (flowlabel 0xffe1d, hlim 1, next-header UDP (17)
payload length: 92) fe80::f03a:70ff:feb0:6dfe.dhcpv6-client >
ff02::1:2.dhcpv6-server: [bad udp cksum 0xcbdd -> 0x890a!] dhcp6
solicit (xid=3e98e (client-ID type 4) (option-request DNS-server
DNS-search-list) (elapsed-time 0) (IA_NA IAID:1890610686 T1:3600
T2:5400 (IA_ADDR 46:41::165a:c84d pltime:7200 vltime:10800)))


With IPv6, clients usually self-assign an address via SLAAC rather than
acquiring one via DHPCv6.

When a client uses SLAAC, it still would have to learn other network
details, like gateway or DNS servers to use.
Such a client would usually learn those via NDP router advertisements as
regularly advertised by your router.

Alternatively, it may also ask your DHCPv6 server to supply those details.
This is referred to as Stateless DHPCv6.

In your case, your logs show that a client is trying to solicit DNS
details via DHCPv6:

> dhcp6 solicit (xid=3e98e (client-ID type 4) (option-request
DNS-server DNS-search-list)

This would suggest that you see SLAAC and Stateless DHCPv6 in action -
normal behaviour.

If you want to force your clients to acquire a DHCPv6 lease and never
use SLAAC, you'd have to configure your router accordingly.
However, you should note that there are OSs that do not support DHCPv6
at all, Android being the most prominent example.
By disallowing SLAAC, you'd prevent those clients from acquiring an IPv6
address, which in theory could even completely cut them from network
access in absence of IPv4.

Kind regards,
    Buck


_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Reply via email to