Re: [Dnsmasq-discuss] IPv6 setup for internal network
Right now is it working (seems) client get 2 address 1 in /64 range og 1 in /128 were the last gets regstirered in dns Knud On 06/08/2019 18.47, Knud wrote: Hi Michal Thanks for replying Sorry for late response...some how I have problems sending til the list..takes forever before my mails arrives See my replies below Knud On 05/08/2019 22.40, Michal Zatloukal wrote: Hi there. On Fri, 2 Aug 2019 at 18:21, Knud wrote: Hi I have tried to get IPv6 setup running for my internal LAN (at home) With a lot of tries and no really luck. What do I want: Have dnsmasq running on a server (Linux fedora f30), do Ipv6 DHCP/DNS with local names. Where is the DHCPv4 server running? ra-names assumes the same instance of dnsmasq is running both DHCPv4 and v6. Personally, I haven't been able to get local names to work with IPv6 even in that configuration. The assumption of hosts using EUI-64 is not met too often these days. On a local server Want to proceed that for IPv6, let my router make a IPv6 tunnel to a HE tunnelbrooker. Are server (DHCPv6) and router (6-in-4 tunnel) 2 different hosts? RAs must be sent by the host acting as the gateway, there's no way around this in IPv6 AFAIK. You must configure the gateways's RAs to enable clients to look for DHCPv6 server (M, O bits set to 1). yes dnsmasq on one machine router is a physical other box doing only IPv4 routing/NAT and IPv6 tunnel 6rd4 Right now I how made a test setup consisting of 2 Vbox guest (Fedora F30) running in internal network on the Vbox host just to get things working and learn. So first step is get dnsmasq hand out a IP address and register it in the DNS. Hold it - Do you have an address from the specified range (fd17:...) manually assigned to the interface on the DHCP server? (Not sure if it's necessary, but that's what I did) - if you don't, I could see how dnsmasq would consider the range non-local (see below) Yes fixed address with /64 1st problem: Client get correct address from dnsmasq but not the right mask eg. it get's an IP /128 enable-ra is there IIRC "/128" happens when the prefix is not flagged as on-link in its options. Check the advertisements with tcpdump/wireshark/rdisc6. As for cause, you config doesn't specify prefix length so the correct length must be set on the interface. 2nd problem: Client get DNS ip from the fe80:: adress range If you mean "the DNS server address the client gets is in the fe80::/10 range", then this is normal. 3th problem: the adress which registered in the dns is the fe80:: adress Not sure where this comes from (are you sure this is provided by dnsmasq, rather than avahi/mDNS/LLMNR?). If I'm reading the manual correctly - ra-name only intended for SLAAC-enabled networks, and even then only works with hosts that don't do private interface identifiers. So you won't get name resolution to your fd17... range regardless. Just to check - set loq-query and see if it's actually dnsmasq responding to the query. The leases file might also be helpful. I could write a long story about what I have tried Please advise.. OK. From your config: dhcp-range=fd17:625c:f037:a80f::10, fd17:625c:f037:a80f::, ra-names According to the manual, omitting the prefix length will cause dnsmasq to use prefixlen of the interface. As noted above - is this set? yes As for me - I'm still on debian with ifupdown, so I do it this way (my HE tunnel endpoint is on a host behind NAT, rather than on the v4 router, but that host also does DHCPv4 so I can do ra-names; 6in4 requires that router is configured to treat this host as DMZ): 1. /e/n/i for eth0: iface eth0 inet static ... # Private IPv4 config up ifup 6in4 down ifdown 6in4 iface eth0 inet6 manual 2. /e/n/i for the tunnel: iface 6in4 inet6 v4tunnel ... # Endpoint addresses up ip route add ::/0 dev 6in4 up ip add add 2001:.../64 dev eth0 # internal ip6 range down ip route del ::/0 dev 6in4 down ip add del 2001:../64 dev eth0 3. dnsmasq for v6: dhcp-range=::,constructor:eth0,ra-names ra-param=eth0,mtu:6in4,0 I'm not sure how/if dnsmasq can do DHCPv6-only assignment, but google search results suggest a range like this should get you going: dhcp-range=::1, :::, constructor:br*, 64, 12h I would suggest you start with the easier SLAAC setup, then tweak it once you have that running. In my test environment I start with DHCP and DNS registre names Otherwise is everything else use less. On my "production LAN I can get the 6rd4 tunnel working with I guess SLAAC (the router does advertising) and get the clients to connect to IPv6 host on internet...but I am missing the my local DNS registration. I shifted to the test environment due to the impact of playing around with "production" LAN MZ Knud ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] IPv6 setup for internal network
Hi Michal Thanks for replying Sorry for late response...some how I have problems sending til the list..takes forever before my mails arrives See my replies below Knud On 05/08/2019 22.40, Michal Zatloukal wrote: Hi there. On Fri, 2 Aug 2019 at 18:21, Knud wrote: Hi I have tried to get IPv6 setup running for my internal LAN (at home) With a lot of tries and no really luck. What do I want: Have dnsmasq running on a server (Linux fedora f30), do Ipv6 DHCP/DNS with local names. Where is the DHCPv4 server running? ra-names assumes the same instance of dnsmasq is running both DHCPv4 and v6. Personally, I haven't been able to get local names to work with IPv6 even in that configuration. The assumption of hosts using EUI-64 is not met too often these days. On a local server Want to proceed that for IPv6, let my router make a IPv6 tunnel to a HE tunnelbrooker. Are server (DHCPv6) and router (6-in-4 tunnel) 2 different hosts? RAs must be sent by the host acting as the gateway, there's no way around this in IPv6 AFAIK. You must configure the gateways's RAs to enable clients to look for DHCPv6 server (M, O bits set to 1). yes dnsmasq on one machine router is a physical other box doing only IPv4 routing/NAT and IPv6 tunnel 6rd4 Right now I how made a test setup consisting of 2 Vbox guest (Fedora F30) running in internal network on the Vbox host just to get things working and learn. So first step is get dnsmasq hand out a IP address and register it in the DNS. Hold it - Do you have an address from the specified range (fd17:...) manually assigned to the interface on the DHCP server? (Not sure if it's necessary, but that's what I did) - if you don't, I could see how dnsmasq would consider the range non-local (see below) Yes fixed address with /64 1st problem: Client get correct address from dnsmasq but not the right mask eg. it get's an IP /128 enable-ra is there IIRC "/128" happens when the prefix is not flagged as on-link in its options. Check the advertisements with tcpdump/wireshark/rdisc6. As for cause, you config doesn't specify prefix length so the correct length must be set on the interface. 2nd problem: Client get DNS ip from the fe80:: adress range If you mean "the DNS server address the client gets is in the fe80::/10 range", then this is normal. 3th problem: the adress which registered in the dns is the fe80:: adress Not sure where this comes from (are you sure this is provided by dnsmasq, rather than avahi/mDNS/LLMNR?). If I'm reading the manual correctly - ra-name only intended for SLAAC-enabled networks, and even then only works with hosts that don't do private interface identifiers. So you won't get name resolution to your fd17... range regardless. Just to check - set loq-query and see if it's actually dnsmasq responding to the query. The leases file might also be helpful. I could write a long story about what I have tried Please advise.. OK. From your config: dhcp-range=fd17:625c:f037:a80f::10, fd17:625c:f037:a80f::, ra-names According to the manual, omitting the prefix length will cause dnsmasq to use prefixlen of the interface. As noted above - is this set? yes As for me - I'm still on debian with ifupdown, so I do it this way (my HE tunnel endpoint is on a host behind NAT, rather than on the v4 router, but that host also does DHCPv4 so I can do ra-names; 6in4 requires that router is configured to treat this host as DMZ): 1. /e/n/i for eth0: iface eth0 inet static ... # Private IPv4 config up ifup 6in4 down ifdown 6in4 iface eth0 inet6 manual 2. /e/n/i for the tunnel: iface 6in4 inet6 v4tunnel ... # Endpoint addresses up ip route add ::/0 dev 6in4 up ip add add 2001:.../64 dev eth0 # internal ip6 range down ip route del ::/0 dev 6in4 down ip add del 2001:../64 dev eth0 3. dnsmasq for v6: dhcp-range=::,constructor:eth0,ra-names ra-param=eth0,mtu:6in4,0 I'm not sure how/if dnsmasq can do DHCPv6-only assignment, but google search results suggest a range like this should get you going: dhcp-range=::1, :::, constructor:br*, 64, 12h I would suggest you start with the easier SLAAC setup, then tweak it once you have that running. In my test environment I start with DHCP and DNS registre names Otherwise is everything else use less. On my "production LAN I can get the 6rd4 tunnel working with I guess SLAAC (the router does advertising) and get the clients to connect to IPv6 host on internet...but I am missing the my local DNS registration. I shifted to the test environment due to the impact of playing around with "production" LAN MZ Knud ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk
Re: [Dnsmasq-discuss] IPv6 setup for internal network
Whoops, some of my example config was wrong. ra-param=eth0,mtu:6in4,60 # "0" would disable periodic sending, and Apple's OSes would drop the address without soliciting for the router again. MZ On Mon, 5 Aug 2019 at 22:40, Michal Zatloukal wrote: > > Hi there. > > On Fri, 2 Aug 2019 at 18:21, Knud wrote: > > > > Hi > > > > I have tried to get IPv6 setup running for my internal LAN (at home) > > > > With a lot of tries and no really luck. > > > > What do I want: > > > > Have dnsmasq running on a server (Linux fedora f30), do Ipv6 DHCP/DNS > > with local names. > > Where is the DHCPv4 server running? ra-names assumes the same instance > of dnsmasq is running both DHCPv4 and v6. > Personally, I haven't been able to get local names to work with IPv6 > even in that configuration. The assumption of hosts using EUI-64 is > not met too often these days. > > > Want to proceed that for IPv6, let my router make a IPv6 tunnel to a HE > > tunnelbrooker. > > Are server (DHCPv6) and router (6-in-4 tunnel) 2 different hosts? RAs > must be sent by the host acting as the gateway, there's no way around > this in IPv6 AFAIK. You must configure the gateways's RAs to enable > clients to look for DHCPv6 server (M, O bits set to 1). > > > > > Right now I how made a test setup consisting of 2 Vbox guest (Fedora > > F30) running in internal network on the Vbox host just to get things > > working and learn. > > > > So first step is get dnsmasq hand out a IP address and register it in > > the DNS. > > Hold it - Do you have an address from the specified range (fd17:...) > manually assigned to the interface on the DHCP server? (Not sure if > it's necessary, but that's what I did) - if you don't, I could see how > dnsmasq would consider the range non-local (see below) > > > 1st problem: Client get correct address from dnsmasq but not the right > > mask eg. it get's an IP /128 > > enable-ra is there > > IIRC "/128" happens when the prefix is not flagged as on-link in its > options. Check the advertisements with tcpdump/wireshark/rdisc6. As > for cause, you config doesn't specify prefix length so the correct > length must be set on the interface. > > > 2nd problem: Client get DNS ip from the fe80:: adress range > > If you mean "the DNS server address the client gets is in the > fe80::/10 range", then this is normal. > > > 3th problem: the adress which registered in the dns is the fe80:: adress > > Not sure where this comes from (are you sure this is provided by > dnsmasq, rather than avahi/mDNS/LLMNR?). If I'm reading the manual > correctly - ra-name only intended for SLAAC-enabled networks, and even > then only works with hosts that don't do private interface > identifiers. So you won't get name resolution to your fd17... range > regardless. Just to check - set loq-query and see if it's actually > dnsmasq responding to the query. The leases file might also be > helpful. > > > I could write a long story about what I have tried > > > > Please advise.. > > OK. From your config: > > > dhcp-range=fd17:625c:f037:a80f::10, fd17:625c:f037:a80f::, ra-names > > According to the manual, omitting the prefix length will cause dnsmasq > to use prefixlen of the interface. As noted above - is this set? > > As for me - I'm still on debian with ifupdown, so I do it this way (my > HE tunnel endpoint is on a host behind NAT, rather than on the v4 > router, but that host also does DHCPv4 so I can do ra-names; 6in4 > requires that router is configured to treat this host as DMZ): > > 1. /e/n/i for eth0: > iface eth0 inet static > ... # Private IPv4 config > up ifup 6in4 > down ifdown 6in4 > iface eth0 inet6 manual > > 2. /e/n/i for the tunnel: > iface 6in4 inet6 v4tunnel > ... # Endpoint addresses > up ip route add ::/0 dev 6in4 > up ip add add 2001:.../64 dev eth0 # internal ip6 range > down ip route del ::/0 dev 6in4 > down ip add del 2001:../64 dev eth0 > > 3. dnsmasq for v6: > dhcp-range=::,constructor:eth0,ra-names > ra-param=eth0,mtu:6in4,0 > > I'm not sure how/if dnsmasq can do DHCPv6-only assignment, but google > search results suggest a range like this should get you going: > dhcp-range=::1, :::, constructor:br*, 64, 12h > > I would suggest you start with the easier SLAAC setup, then tweak it > once you have that running. > > MZ > > > Knud > > ___ > > Dnsmasq-discuss mailing list > > Dnsmasq-discuss@lists.thekelleys.org.uk > > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] IPv6 setup for internal network
Hi there. On Fri, 2 Aug 2019 at 18:21, Knud wrote: > > Hi > > I have tried to get IPv6 setup running for my internal LAN (at home) > > With a lot of tries and no really luck. > > What do I want: > > Have dnsmasq running on a server (Linux fedora f30), do Ipv6 DHCP/DNS > with local names. Where is the DHCPv4 server running? ra-names assumes the same instance of dnsmasq is running both DHCPv4 and v6. Personally, I haven't been able to get local names to work with IPv6 even in that configuration. The assumption of hosts using EUI-64 is not met too often these days. > Want to proceed that for IPv6, let my router make a IPv6 tunnel to a HE > tunnelbrooker. Are server (DHCPv6) and router (6-in-4 tunnel) 2 different hosts? RAs must be sent by the host acting as the gateway, there's no way around this in IPv6 AFAIK. You must configure the gateways's RAs to enable clients to look for DHCPv6 server (M, O bits set to 1). > > Right now I how made a test setup consisting of 2 Vbox guest (Fedora > F30) running in internal network on the Vbox host just to get things > working and learn. > > So first step is get dnsmasq hand out a IP address and register it in > the DNS. Hold it - Do you have an address from the specified range (fd17:...) manually assigned to the interface on the DHCP server? (Not sure if it's necessary, but that's what I did) - if you don't, I could see how dnsmasq would consider the range non-local (see below) > 1st problem: Client get correct address from dnsmasq but not the right > mask eg. it get's an IP /128 > enable-ra is there IIRC "/128" happens when the prefix is not flagged as on-link in its options. Check the advertisements with tcpdump/wireshark/rdisc6. As for cause, you config doesn't specify prefix length so the correct length must be set on the interface. > 2nd problem: Client get DNS ip from the fe80:: adress range If you mean "the DNS server address the client gets is in the fe80::/10 range", then this is normal. > 3th problem: the adress which registered in the dns is the fe80:: adress Not sure where this comes from (are you sure this is provided by dnsmasq, rather than avahi/mDNS/LLMNR?). If I'm reading the manual correctly - ra-name only intended for SLAAC-enabled networks, and even then only works with hosts that don't do private interface identifiers. So you won't get name resolution to your fd17... range regardless. Just to check - set loq-query and see if it's actually dnsmasq responding to the query. The leases file might also be helpful. > I could write a long story about what I have tried > > Please advise.. OK. From your config: > dhcp-range=fd17:625c:f037:a80f::10, fd17:625c:f037:a80f::, ra-names According to the manual, omitting the prefix length will cause dnsmasq to use prefixlen of the interface. As noted above - is this set? As for me - I'm still on debian with ifupdown, so I do it this way (my HE tunnel endpoint is on a host behind NAT, rather than on the v4 router, but that host also does DHCPv4 so I can do ra-names; 6in4 requires that router is configured to treat this host as DMZ): 1. /e/n/i for eth0: iface eth0 inet static ... # Private IPv4 config up ifup 6in4 down ifdown 6in4 iface eth0 inet6 manual 2. /e/n/i for the tunnel: iface 6in4 inet6 v4tunnel ... # Endpoint addresses up ip route add ::/0 dev 6in4 up ip add add 2001:.../64 dev eth0 # internal ip6 range down ip route del ::/0 dev 6in4 down ip add del 2001:../64 dev eth0 3. dnsmasq for v6: dhcp-range=::,constructor:eth0,ra-names ra-param=eth0,mtu:6in4,0 I'm not sure how/if dnsmasq can do DHCPv6-only assignment, but google search results suggest a range like this should get you going: dhcp-range=::1, :::, constructor:br*, 64, 12h I would suggest you start with the easier SLAAC setup, then tweak it once you have that running. MZ > Knud > ___ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
