Hi! I've been fighting with my dnsmasq setup off and on now for a few weeks as I've tried to get my new IPv6 support from my ISP working correctly. Previously I'd been happily using dnsmasq for years on an IPv4 only setup and now I'm trying to understand how to correctly setup a dual stack design with a few constraints:
1) My prefix coming from my ISP is dynamic - potentially changing every few days/weeks. As such, I'd prefer to have the system automatically adapt to the changing prefix without manually renumbering everything. 2) I'd like to have local DNS that contains both A and AAAA entries for the IPv4 and IPv6 addresses on the LAN network. To my understanding, this eliminates the options of running SLAAC or stateless DHCP. 3) I'm currently running my instance out of a FreeBSD jail (within a TrueNas machine), instead of a Linux based userspace. This could be changed, but it's a lot more work and I'd prefer not doing so. The problem I'm running into is the following - when using the dhcp-range option in the dnsmasq config, like so: # Advertise delegated prefix based on the IPv6 address of epair0b > dhcp-range=::A00:501,::A00:5FF,constructor:epair0b,64 The resulting logs show an invalid range: Jan 2 20:11:31 dnsmasq[11407]: started, version 2.80 cachesize 150 > Jan 2 20:11:31 dnsmasq[11407]: compile time options: IPv6 GNU-getopt > no-DBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC > loop-detect no-inotify dumpfile > Jan 2 20:11:31 dnsmasq-dhcp[11407]: DHCP, IP range 10.0.4.1 -- > 10.0.4.128, lease time 12h > Jan 2 20:11:31 dnsmasq-dhcp[11407]: DHCPv6, IP range ::10.0.5.1 -- > ::10.0.5.255, lease time 1h, template for epair0b > Jan 2 20:11:31 dnsmasq[11407]: using local addresses only for domain > olympus > Jan 2 20:11:31 dnsmasq[11407]: using nameserver 10.0.0.1#53 > Jan 2 20:11:31 dnsmasq[11407]: read /etc/hosts - 6 addresses > Jan 2 20:11:43 dnsmasq-dhcp[11407]: no address range available for DHCPv6 > request via epair0b Further, it reports that no address ranges are available when a solicit comes by. Reading the manual, I'm fairly sure I understand what's happening here - when the network interface comes up and gets it's address from the router, it's marked as autoconfigured - which is needed to automatically set the prefix (I don't want to manually update this). However, by doing so, it renders the address invalid for use by the constructor option in the dhcp-range command - at least, this is what I'm making of the situation. epair0b: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu > 1500 > options=8<VLAN_MTU> > ether 00:15:17:54:49:ce > hwaddr 02:42:61:1e:a4:0b > inet 10.0.2.101 netmask 0xffff0000 broadcast 10.0.255.255 > inet6 fe80::215:17ff:fe54:49ce%epair0b prefixlen 64 scopeid 0x3 > inet6 2001:5a8:43f3:200:215:17ff:fe54:49ce prefixlen 64 autoconf > nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> > media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>) > status: active > groups: epair > The problem is that I don't know how else to handle this. I want automatic prefix acquisition by the dhcp server host so the dnsmasq server can correctly serve out stateful IPv6 addresses and register them with DNS records. But everything that I'm seeing seems to point to living in one of two worlds: A) Everything is automatic and therefore difficult to integrate with managed DNS names or B) You know the prefix is fixed and you can make everything static in your configuration files. This feels fundamentally unsatisfying to me for IPv6 - I feel like it should be straightforward to request a prefix from my ISP (aka a subnet address in IPv4 terms) and then give the core infrastructure "static-like" IPs which combine a dynamic prefix with a static suffix (used by servers such as dnsmasq) and then everything else gets handled through DHCPv6, either pulling from a range based on the aforementioned dynamic prefix or from additionally configured "static-like" IPs that can be pinned to DNS records alongside legacy IPv4 addresses. Is there a way I can accomplish this with dnsmasq? Or am I running into a fundamental design issue with the IPv6 architecture where I'm not supposed to do this? And if so, what is the replacement for the way things worked before in IPv4 land? Because this doesn't seem too crazy to want to do in my mind. Thanks! -- Nathan
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss