Hi!

I've been fighting with my dnsmasq setup off and on now for a few weeks as
I've tried to get my new IPv6 support from my ISP working correctly.
Previously I'd been happily using dnsmasq for years on an IPv4 only setup
and now I'm trying to understand how to correctly setup a dual stack design
with a few constraints:

1) My prefix coming from my ISP is dynamic - potentially changing every few
days/weeks. As such, I'd prefer to have the system automatically adapt to
the changing prefix without manually renumbering everything.

2) I'd like to have local DNS that contains both A and AAAA entries for the
IPv4 and IPv6 addresses on the LAN network. To my understanding, this
eliminates the options of running SLAAC or stateless DHCP.

3) I'm currently running my instance out of a FreeBSD jail (within a
TrueNas machine), instead of a Linux based userspace. This could be
changed, but it's a lot more work and I'd prefer not doing so.

The problem I'm running into is the following - when using the dhcp-range
option in the dnsmasq config, like so:

# Advertise delegated prefix based on the IPv6 address of epair0b
> dhcp-range=::A00:501,::A00:5FF,constructor:epair0b,64


The resulting logs show an invalid range:

Jan  2 20:11:31 dnsmasq[11407]: started, version 2.80 cachesize 150
> Jan  2 20:11:31 dnsmasq[11407]: compile time options: IPv6 GNU-getopt
> no-DBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC
> loop-detect no-inotify dumpfile
> Jan  2 20:11:31 dnsmasq-dhcp[11407]: DHCP, IP range 10.0.4.1 --
> 10.0.4.128, lease time 12h
> Jan  2 20:11:31 dnsmasq-dhcp[11407]: DHCPv6, IP range ::10.0.5.1 --
> ::10.0.5.255, lease time 1h, template for epair0b
> Jan  2 20:11:31 dnsmasq[11407]: using local addresses only for domain
> olympus
> Jan  2 20:11:31 dnsmasq[11407]: using nameserver 10.0.0.1#53
> Jan  2 20:11:31 dnsmasq[11407]: read /etc/hosts - 6 addresses
>
Jan  2 20:11:43 dnsmasq-dhcp[11407]: no address range available for DHCPv6
> request via epair0b


Further, it reports that no address ranges are available when a solicit
comes by.

Reading the manual, I'm fairly sure I understand what's happening here -
when the network interface comes up and gets it's address from the router,
it's marked as autoconfigured - which is needed to automatically set the
prefix (I don't want to manually update this). However, by doing so, it
renders the address invalid for use by the constructor option in the
dhcp-range command - at least, this is what I'm making of the situation.

epair0b: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
> 1500
> options=8<VLAN_MTU>
> ether 00:15:17:54:49:ce
> hwaddr 02:42:61:1e:a4:0b
> inet 10.0.2.101 netmask 0xffff0000 broadcast 10.0.255.255
> inet6 fe80::215:17ff:fe54:49ce%epair0b prefixlen 64 scopeid 0x3
> inet6 2001:5a8:43f3:200:215:17ff:fe54:49ce prefixlen 64 autoconf
> nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
> media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
> status: active
> groups: epair
>

The problem is that I don't know how else to handle this. I want automatic
prefix acquisition by the dhcp server host so the dnsmasq server can
correctly serve out stateful IPv6 addresses and register them with DNS
records. But everything that I'm seeing seems to point to living in one of
two worlds: A) Everything is automatic and therefore difficult to integrate
with managed DNS names or B) You know the prefix is fixed and you can make
everything static in your configuration files. This feels fundamentally
unsatisfying to me for IPv6 - I feel like it should be straightforward to
request a prefix from my ISP (aka a subnet address in IPv4 terms) and then
give the core infrastructure "static-like" IPs which combine a dynamic
prefix with a static suffix (used by servers such as dnsmasq) and then
everything else gets handled through DHCPv6, either pulling from a range
based on the aforementioned dynamic prefix or from additionally configured
"static-like" IPs that can be pinned to DNS records alongside legacy IPv4
addresses.

Is there a way I can accomplish this with dnsmasq? Or am I running into a
fundamental design issue with the IPv6 architecture where I'm not supposed
to do this? And if so, what is the replacement for the way things worked
before in IPv4 land? Because this doesn't seem too crazy to want to do in
my mind.

Thanks!
   -- Nathan
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Reply via email to