Buck,

Thanks for this break down. If I'm following you correctly, some of this
information I knew already... but I guess I'm a little lost on the intent
of how these various parts (DHCPv6, DNS, SLAAC, LLA vs GUA) are intended to
interact in real world network setups. By that I mean, if I was configuring
a larger company intranet with IPv6, I'd expect I'd want to provide both
internal (non-public) DNS for most nodes and globally accessible DNS for
some others, including those that might get both.

Is the intent in these setups to really not have a centralized DNS server
with address/FQDN pairings? That all the internal clients simply use SLAAC
and some form of DynDNS to inform the internal DNS server of their names? I
mean, I can see that technically working but I also kind of hate the idea.
It feels like barely controlled chaos with all the clients just doing their
own thing and "centralized" services losing any of their authoritative
position in the network. This is why I'm feeling kind of lost and
frustrated here - I can see the value in a design that enables networks to
quickly autoconfigure themselves like that, but that it's the only way to
effectively do it feels very wrong.

In any event, I can try what you're suggesting, but I don't like it. It
seems overly complicated to require a secondary DNS server simply to handle
the AAAA records.

In my case, my router is set up to handle the RAs - configured to inform
clients that both DHCP and SLAAC is available for address acquisition -
precisely for supporting OSs like Android that won't use DHCPv6. That said,
I'm not overly worried about these cases, as my primary concern at the
moment is getting Linux machines properly addressed, which do support
DHCPv6 instead of generally handling every potential node in my local
network.

On Fri, Jan 3, 2025 at 1:16 AM Buck Horn via Dnsmasq-discuss <
dnsmasq-discuss@lists.thekelleys.org.uk> wrote:

> On 03.01.25 05:32, Nathan Mitchell wrote:
> > > dhcp-range=::A00:501,::A00:5FF,constructor:epair0b,64
> > (...)
> >
> > > Jan  2 20:11:31 dnsmasq-dhcp[11407]: DHCPv6, IP range ::10.0.5.1
> ::10.0.5.255, lease time 1h, template for epair0b
>
>
> Is that actual log output?
>
> That seems off somehow, showing IPv4s for a DHCPv6 range, together with
> a lease time of 1h, where dhcp-range would default to 1 day for IPv6.
>
>
> > 2) I'd like to have local DNS that contains both A and AAAA entries for
> the
> > IPv4 and IPv6 addresses on the LAN network. To my understanding, this
> > eliminates the options of running SLAAC or stateless DHCP.
> > (...)
>
>
> Your 2) won't happen, at least not in the way you seem to aspire.
>
> For once, LLAs (fe80::/10) are always auto-assigned, with DHPCv6
> requiring clients to use their already existing LLA during DHCP server
> discovery (RFC 8415, section 5). And IPv6 GUAs (range 2000::/3) are
> public addresses, i.e. DNS entries for them can be expected to be
> handled by public authoritative DNS servers, administered by your ISP -
> typically, those names would then just be some sort of generic textual
> representation of IPv6 addresses.
>
> That would leave ULAs (fd00::/8), but even if your router would support
> those and you'd manage to hand out stateful DHCPv6 addresses and assign
> local names to them:
> Most modern OSs would use temporary IPv6 addresses (RFC 8981) for
> outbound public communications, and they'd create those in addition to
> DHCPv6 ones, i.e. your network's clients likely won't hardly ever opt to
> use their DHCPv6 assigned address.
>
> And you should be aware that IPv6 address assignment via NDP/SLAAC is
> probably the only option that would allow any arbitrary client to
> acquire an IPv6 address, as there are OSs that won't support DHCPv6 at
> all, Android being the prime example here.
>
> It's also worth noting that RAs are a router's job. Even if you
> configure your (non-router) dnsmasq instance to assign DHCPv6 addresses,
> it is your router that is in control of allowed address assignment
> options for your network, i.e. clients may end up with SLAAC as well as
> DHPCv6 and temporary IPv6 adresses for their routable address scopes.
>
> But there may be a way to at least partially achieve what you want:
> Does your router run a DNS server?
> If so, your router probably is your best chance for local AAAA resolution.
>
> You should be able to verify that via respective reverse lookups
> directed at your router, e.g.
>
>    dig -x fe80::<some-ipv6> @<your-routers-ipv4>
>
> where you substitute brackets with appropriate values.
>
> If that would return a hostname as expected, you could then have dnsmasq
> forward local domains and IPv6 reverse lookups to your router, via
> dnsmasq's *local* and *rev-server* options.
>
>
> Kind regards,
>      Buck
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Reply via email to