Re: [systemd-devel] IPv6AcceptRA: RDNSS Lifetime is not expiring

2023-07-17 Thread Petr Menšík 
I would suggest creating issue at github.com/systemd/systemd repository. 
I have not tested it, but sounds like it should be fixed.


On 12. 07. 23 0:39, Muggeridge, Matt wrote:


Hello there!

In our IPv6 network, the address of a Recursive DNS Server (RDNSS) is 
supplied in a Router Advertisement (RA), with a lifetime of 60 seconds.


It appears that RDNSS lifetime is not being honoured (RFC 8106, 
section 5.1 
).  I reviewed the code and can see 
where the RDNSS lifetime is being saved 
, 
though I was unable to determine how it was being handled upon expiry.


How do I configure networkd so that the RA’s RDNSS lifetime is honoured?

Here is a summary of the simple protocol exchange:

 1. Router: Send RA [RDNSS address of “nameserver60s”, lifetime: “60”]
 2. Host: “resolvectl” shows the link’s DNS server now lists the RDNSS
address of “nameserver60s”
 3. ** Wait for more than 60 seconds – the RDNSS entry should expire **
 4. Host:
 1. “resolvectl” continues to list the address of “nameserver60s”
on the link.
 2. Using tcpdump to trace “ping test.example.com”, the
“nameserver60s” is still being used.  It never timed out.

Here is my network configuration, showing UseDNS and UseDomains both 
set to “yes”:




$ cat /etc/systemd/network/10-eno0.network

[Match]

KernelCommandLine=!nfsroot

Name=eno0

[DHCP]

ClientIdentifier=mac

RouteMetric=10

UseDomains=yes

UseHostname=yes

UseMTU=yes

[Network]

#DHCP=ipv6

Address=10.1.1.1/24

#DNS=1.2.3.6

Gateway=1.1.1.2

IPv6AcceptRA=yes

[IPv6AcceptRA]

UseDNS=yes

UseDomains=yes



Grateful for any suggestions.

Kind regards,

Matt.

PS: We’re on systemd 250.  I’ve searched later versions of the release 
notes  and it seems there 
have been no changes in this area.



--
Petr Menšík
Software Engineer, RHEL
Red Hat,http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

[systemd-devel] IPv6AcceptRA: RDNSS Lifetime is not expiring

2023-07-11 Thread Muggeridge, Matt 
Hello there!

In our IPv6 network, the address of a Recursive DNS Server (RDNSS) is supplied 
in a Router Advertisement (RA), with a lifetime of 60 seconds.

It appears that RDNSS lifetime is not being honoured (RFC 8106, section 
5.1).  I reviewed the code 
and can see where the RDNSS lifetime is being 
saved,
 though I was unable to determine how it was being handled upon expiry.

How do I configure networkd so that the RA's RDNSS lifetime is honoured?

Here is a summary of the simple protocol exchange:


  1.  Router:  Send RA [RDNSS address of "nameserver60s", lifetime: "60"]
  2.  Host: "resolvectl" shows the link's DNS server now lists the RDNSS 
address of "nameserver60s"
  3.  ** Wait for more than 60 seconds - the RDNSS entry should expire **
  4.  Host:
 *   "resolvectl" continues to list the address of "nameserver60s" on the 
link.
 *   Using tcpdump to trace "ping test.example.com", the "nameserver60s" is 
still being used.  It never timed out.

Here is my network configuration, showing UseDNS and UseDomains both set to 
"yes":


$ cat /etc/systemd/network/10-eno0.network
[Match]
KernelCommandLine=!nfsroot
Name=eno0

[DHCP]
ClientIdentifier=mac
RouteMetric=10
UseDomains=yes
UseHostname=yes
UseMTU=yes

[Network]
#DHCP=ipv6
Address=10.1.1.1/24
#DNS=1.2.3.6
Gateway=1.1.1.2
IPv6AcceptRA=yes

[IPv6AcceptRA]
UseDNS=yes
UseDomains=yes


Grateful for any suggestions.

Kind regards,
Matt.
PS: We're on systemd 250.  I've searched later versions of the release 
notes and it seems there have been 
no changes in this area.