Re: [Dnsmasq-discuss] ipv6 slaac or stateless - No address or no address range available

[Eric Fahlgren]

On Mon, Feb 27, 2023 at 1:36 PM Simon Kelley 
wrote:

>
>
> On 27/02/2023 20:10, Eric Fahlgren wrote:
>
> > Does 'option6:3' translate this from DHCPv4's 'router' to an RA, or does
> > it consider it to be DHCPv6 'OPTION_IA_NA'?  Does the 'option6:6'
> > (OPTION_ORO) use DHCPv4 dns-server semantics, or does it interpret it as
> > DHCPv6 23, OPTION_DNS_SERVERs, or maybe even translate it to an RA RDNSS
> > message???
> >
>
> values of DHCPv6 options 23 and 24 (DNS server and domain search list)
> are automatically used to populate RA options  25 and 31 which transmit
> the same information in RA-land.
>
> Simon.
>

Ah, excellent, thanks for clarifying and expanding on that.
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] ipv6 slaac or stateless - No address or no address range available

[Simon Kelley]

On 27/02/2023 20:10, Eric Fahlgren wrote:

Does 'option6:3' translate this from DHCPv4's 'router' to an RA, or does 
it consider it to be DHCPv6 'OPTION_IA_NA'?  Does the 'option6:6' 
(OPTION_ORO) use DHCPv4 dns-server semantics, or does it interpret it as 
DHCPv6 23, OPTION_DNS_SERVERs, or maybe even translate it to an RA RDNSS 
message???




values of DHCPv6 options 23 and 24 (DNS server and domain search list) 
are automatically used to populate RA options  25 and 31 which transmit 
the same information in RA-land.


Simon.

___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] ipv6 slaac or stateless - No address or no address range available

[Simon Kelley]

On 27/02/2023 20:10, Eric Fahlgren wrote:


On Mon, Feb 27, 2023 at 8:15 AM Simon Kelley > wrote:



On 25/02/2023 16:19, Daniel via Dnsmasq-discuss wrote:
 > dhcp-option=tag:computer6,option6:3,fd99:1234:beef:cafe::2
 > dhcp-option=tag:computer6,option6:6,fd99:1234:beef:cafe::1
 > dhcp-option=tag:computer6,option6:ntp-server,fd99:1234:beef:cafe::2

...This all got a bit superseded
when the IETF started defining options on the RA packets for the common
configuration options.


Sort of on-topic, but sort of tangential, how will dnsmasq interpret the 
above three settings?


https://www.iana.org/assignments/dhcpv6-parameters/dhcpv6-parameters.xhtml 


Does 'option6:3' translate this from DHCPv4's 'router' to an RA, or does 
it consider it to be DHCPv6 'OPTION_IA_NA'?  Does the 'option6:6' 
(OPTION_ORO) use DHCPv4 dns-server semantics, or does it interpret it as 
DHCPv6 23, OPTION_DNS_SERVERs, or maybe even translate it to an RA RDNSS 
message???


I can see how with 'option6:ntp-server' using the logical name it would 
use DHCPv6 56,  OPTION_NTP_SERVER, but with the numerical 'option6:' 
values does it "do the right thing", or are those two option settings 
basically nonsense?


They are nonsense. If numeric option codes are used with option6 they 
need to be numbers from the DHCPv6 option namespace.



Simon.



Eric




___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] ipv6 slaac or stateless - No address or no address range available

[Eric Fahlgren]

On Mon, Feb 27, 2023 at 8:15 AM Simon Kelley 
wrote:

>
> On 25/02/2023 16:19, Daniel via Dnsmasq-discuss wrote:
> > dhcp-option=tag:computer6,option6:3,fd99:1234:beef:cafe::2
> > dhcp-option=tag:computer6,option6:6,fd99:1234:beef:cafe::1
> > dhcp-option=tag:computer6,option6:ntp-server,fd99:1234:beef:cafe::2
>
> ...This all got a bit superseded
> when the IETF started defining options on the RA packets for the common
> configuration options.
>

Sort of on-topic, but sort of tangential, how will dnsmasq interpret the
above three settings?

https://www.iana.org/assignments/dhcpv6-parameters/dhcpv6-parameters.xhtml

Does 'option6:3' translate this from DHCPv4's 'router' to an RA, or does it
consider it to be DHCPv6 'OPTION_IA_NA'?  Does the 'option6:6' (OPTION_ORO)
use DHCPv4 dns-server semantics, or does it interpret it as DHCPv6 23,
OPTION_DNS_SERVERs, or maybe even translate it to an RA RDNSS message???

I can see how with 'option6:ntp-server' using the logical name it would use
DHCPv6 56,  OPTION_NTP_SERVER, but with the numerical 'option6:' values
does it "do the right thing", or are those two option settings basically
nonsense?

Eric
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] Feature Request: DNS over TLS or HTTPS

[Curzon Dax via Dnsmasq-discuss]

Greetings,

I checked through the last 1-2 years of the mailing list, and I hadn't seen 
anything regarding DoT/DoH. If this has come up before and I missed it, 
apologies in advance.

Thought I'd add a feature request for DNS over TLS or DNS over HTTPS when 
dnsmasq is used as a DNS forwarder.

BIND is about to implement this in the next version, and I believe Windows DNS 
is the last to the party among the other major DNS recursors/forwarders.

I realize that this could add considerable size, scope, and complexity to 
something which is inherently light weight and used on a lot of embedded 
devices with very minimal storage. Perhaps something optional at build time to 
avoid bundling large libraries/dependencies. embed-TLS could be something to 
look at to ensure this feature could be built on very-low-storage, embedded 
devices.

I know that many embedded devices (modems/routers) have some form of an SSL 
library already, as many offer admin control over https://.

If there is interest by the developers/maintainers, perhaps we could make a 
call for financial support from the major recursive providers (Google, Quad9, 
Cloudflare, etc). I know a few of the DNS folks at these organizations, and 
while I'm not making any promises or claims, it's something I'd be happy to 
reach out to them about.

Thanks in advance.
-Curzon___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] ipv6 slaac or stateless - No address or no address range available

[Simon Kelley]

On 25/02/2023 16:19, Daniel via Dnsmasq-discuss wrote:

Hi,

I'm banging my head with a KVM VM only ipv6 who can't get stateless 
dhcpv6 address. Always getting messages like shown below:


Configuration being

enable-ra
ra-param=lan,high,60,60
dhcp-range=set:computer6,::0,::,constructor:lan,ra-stateless,ra-names,1h
dhcp-option=tag:computer6,option6:3,fd99:1234:beef:cafe::2
dhcp-option=tag:computer6,option6:6,fd99:1234:beef:cafe::1
dhcp-option=tag:computer6,option6:ntp-server,fd99:1234:beef:cafe::2

Starting dnsmasq I get in logs

Feb 25 16:52:38 dnsmasq[211076]: demarré, version 2.85 (taille de cache 
2048)

[...]
Feb 25 16:52:38 dnsmasq-dhcp[211076]: DHCPv6 sans état (stateless) sur lan
Feb 25 16:52:38 dnsmasq-dhcp[211076]: noms IPv6 dérivés de DHCPv4 sur lan
Feb 25 16:52:38 dnsmasq-dhcp[211076]: annonces de routeurs sur lan

Feb 25 16:52:38 dnsmasq-dhcp[211076]: annonces de routeur IPv6 activées

[...]
Feb 25 16:53:09 dnsmasq-dhcp[211076]: pas de plage d'adresse disponible 
pour la requête DHCPv6 via lan


or configuration being

enable-ra
ra-param=lan,high,60,60
dhcp-range=set:computer6,fd99:1234:beef:cafe::0,fd99:1234:beef:cafe::,slaac,ra-names,1h
dhcp-option=tag:computer6,option6:3,fd99:1234:beef:cafe::2
dhcp-option=tag:computer6,option6:6,fd99:1234:beef:cafe::1
dhcp-option=tag:computer6,option6:ntp-server,fd99:1234:beef:cafe::2

Feb 25 17:10:32 dnsmasq[214786]: demarré, version 2.85 (taille de cache 
2048)

[...]
Feb 25 17:10:32 dnsmasq-dhcp[214786]: DHCPv6, plage d'adresses IP 
fd99:1234:beef:cafe:: -- fd99:1234:beef:cafe::, durée de bail 1h
Feb 25 17:10:32 dnsmasq-dhcp[214786]: noms IPv6 dérivés de DHCPv4 sur 
fd99:1234:beef:cafe::
Feb 25 17:10:32 dnsmasq-dhcp[214786]: annonces de routeurs sur 
fd99:1234:beef:cafe::

Feb 25 17:10:32 dnsmasq-dhcp[214786]: annonces de routeur IPv6 activées
[...]
Feb 25 17:11:37 dnsmasq-dhcp[214786]: DHCPSOLICIT(lan) 
00:01:00:01:27:b4:3b:4d:52:54:00:e5:33:8a
Feb 25 17:11:37 dnsmasq-dhcp[214786]: DHCPREPLY(lan) 
00:01:00:01:27:b4:3b:4d:52:54:00:e5:33:8a pas d'adresse disponible


Interface lan is a bridge of eth0 if it matter.

Any clue on whats going on here ? Thanks for your support.


"Stateless" dhcpv6 means using DHCP just to get configuration 
information, NOT allocating an address. The host is supposed to get its 
addresses via the router advertisements and use the DHCP request just to 
find DNS servers and other configuration. This all got a bit superseded 
when the IETF started defining options on the RA packets for the common 
configuration options.


TLDR; If you want your host to get an address via DHCPv6, don't 
configure stateless DHCP.


Cheers,

Simon.


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] Is leasquery supported in Dnsmasq

[Simon Kelley]

src/rfc2131.c has all the relevant code: add code to handle 
DHCPLEASEQUERY to the switch in dhcp_repy();


HOWEVER. Whilst the RFC sort of makes this sound like a general query 
system, it's actually a hack to solve a specific problem that access 
concentrators don't have persistent storage, so this allows them to rely 
on the DHCP server to persistently store Relay Agent Information



   If the Relay Agent Information (option 82) is specified in the
   Parameter Request List, then the information contained in the most
   recent Relay Agent Information option received from the relay agent
   associated with this IP address MUST be included in the
   DHCPLEASEACTIVE message.


This is the biggest problem, since dnsmasq doesn't store that 
information in its lease database either. Adding that info is a large 
undertaking, with compatibility risks.


The quote above make it clear that, even if you application doesn't need 
option 82 information, an RFC-compliant implementation of LEASEQUERY 
does, and it's not a small job.


Simon.





On 24/02/2023 19:10, Rashi Krishna wrote:
Thanks for the update. If I want to add the code myself, do you have any 
pointers to where to get started from?


Thanks again,
Rashi

On Fri, 24 Feb, 2023, 16:23 Nicolas Cavallari, 
> wrote:


On 24/02/2023 10:13, Rashi Krishna wrote:
 > Hi all.
 >
 > I just wanted to know if leasequery is supported in Dnsmasq. I tried
 > sending a leasequery to the server, but I couldn't get any response.

There does not seem to be any leasequery (RFC 4388) support in dnsmasq.


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss


___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss