Re: [Dnsmasq-discuss] DHCPv6 and MAC
Hi Simon,
Its exciting to hear that future DNSmasq versions can combine DHCPv6 with MAC
adresses. We ran into the same problem with our provisioning system but I found
a simple workaround which might be interesting for DNSmasq users with DHCPv6 who
dont want to work with the most bleeding edge version:
- Once the device has a global ipv6 address its MAC address can be accessed with
neighbourhood discovery
- Install ndisc6 on your system
- Activate the scripting function of DNSmasq ("dhcp-script")
- Get the MAC address anywhere in the script with: mac=$(ndisc6 -q $3 ethXYZ |
tr "[:upper:]" "[:lower:]")
- This works for all "new" and all "old" DHCP assignments
- After this use the script to log data, check the MAC in databases, switch
on/off firewall rules,
Don't rely on the DUIDs - some systems are actually CHANGING them.
Cheers,
Martin
> Simon Kelley hat am 4. Februar 2014 um 21:58
> geschrieben:
>
>
> On 29/01/14 09:53, Shai Venter wrote:
> > Hello /Simon Kelley/
> >
> > Referring to
> >
> > http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2013q1/006818.html
> >
> > The thread mainly focuses on Operating System side of a IPv6 dhclient
> > functions.
> >
> > But here are other aspects of the issue, more difficult to figure out:
> >
> > The World of UEFI IPv6 network boot agents residing on a system’s FW
> > (a.k.a UNDI)
> >
> > Host Management (BMC’s) that support IPv6
> >
> > For those two dhclients, an administrator’s nightmare begins in trying
> > to understand what DUID approach was chosen by the original manufacturer
> > ( the vendor )
> >
> > And that would only go down the hill if more than one NIC exist in the
> > system
> >
> > Can you please comment on that, knowing what you know on DUID approach
> >
> > How can a network administrator have control of the IP address
> > assignment for specific clients, in a DHCP server/dnsmasq config, to
> > clients of the types I described above
> >
> > This is just food for thought …
> >
> > Shai Venter,
> >
> > NIC FW QA engineer
> >
> > Mellanox Technologies LTD
> >
>
> The whole DUID approach sucks badly when you want to provision
> equipment. Most times, even if there's a stable DUID associated with
> each piece of hardware, there's no way to enumerate that into a
> provisioning database ahead of actually doing the provisioning.
> Data-centre jockeys have managed to persuade the builders of blade
> systems, servers, and storage gear that they need a way to harvest
> hardware-IDs, after a long struggle, and what they've got is a way to
> harvest MAC addresses. Therefore you need to be able to provision using
> MAC addresses.
>
>
> Note that things are improving with DHCPv6, the latest release of
> dnsmasq _can_ associate IPv6 addresses with MAC addresses.
>
>
>
> Cheers,
>
> Simon.
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] dnsmasq 2.62-3 as DHCPv6-Server and RA-Server: Bug sending router's link-local instead of global address as gateway and DNS-server?
Thanks for the replies! I hesitantly updated to dnsmasq-2.68 since I first wanted to stick to the version provided with Debian wheezy. The quiet-options really reduce the amount of syslog messages except for: "dnsmasq-dhcp[23663]: no address range available for DHCPv6 request via eth5" Concerning the link-local addresses it actually looks like this is the default when advertising gateways in local networks. Unfortunately other software to proxy/relay dhcpv6 and ra can not handle it properly. It is basically possible to also advertise the routers global address (see here: http://www.macfreek.nl/memory/Non-Local_IPv6_Router_Advertisement and the RFC here: http://tools.ietf.org/html/rfc6275#section-7.2 ). Is this option also available in dnsmasq? In radvd it is called "AdvRouterAddr on;". Many regards, Martin > Kevin Darbyshire-Bryant hat am 21. Januar 2014 > um 12:16 geschrieben: > > On 21/01/2014 10:40, Martin Babutzka wrote: > > > > Hello, > > > > We are using this great piece of software so far as DNS cacher but want > > to implement it also as IPv6 server by now. DHCPv4 is handled by another > > software at the moment (isc-dhcp-server) but we think the dnsmasq 2.62-3 is > > quite suitable for our need of an DHCPv6- and RA-server. > > > > I activated the features in dnsmasq.conf which I think should set-up a > > working DHCPv6/RA-Server (see compressed config file below). From then on > > the server distributed ipv6-addresses from the correct range. Unfortunately > > some error occured: As wanted it also distributed Gateway and DNS-server but > > it used the LINK-LOCAL v6 address of the corresponding interface instead of > > the Global configured address (2010:7d0:904:1202::1). Is this a bug or > > misconfiguration? > > > > Another independent question: With this configuration dnsmasq starts to > > be pretty noisy in the syslog. Is there any option to reduce the verbosity > > once the system works? > > > > > > > v2.68 includes 'quiet-dhcp, quiet-dhcp6 & quiet-ra' options which > > > significantly help the syslog noise. > > I think it's correct behaviour to advertise the link-local address. > > Hope that helps. > > Kevin > ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] dnsmasq 2.62-3 as DHCPv6-Server and RA-Server: Bug sending router's link-local instead of global address as gateway and DNS-server?
Hello, We are using this great piece of software so far as DNS cacher but want to implement it also as IPv6 server by now. DHCPv4 is handled by another software at the moment (isc-dhcp-server) but we think the dnsmasq 2.62-3 is quite suitable for our need of an DHCPv6- and RA-server. I activated the features in dnsmasq.conf which I think should set-up a working DHCPv6/RA-Server (see compressed config file below). From then on the server distributed ipv6-addresses from the correct range. Unfortunately some error occured: As wanted it also distributed Gateway and DNS-server but it used the LINK-LOCAL v6 address of the corresponding interface instead of the Global configured address (2010:7d0:904:1202::1). Is this a bug or misconfiguration? Another independent question: With this configuration dnsmasq starts to be pretty noisy in the syslog. Is there any option to reduce the verbosity once the system works? Many thanks, Martin Below you can find the compressed dnsmasq-config file: domain-needed strict-order except-interface=eth1 dhcp-range=2010:7d0:904:1202::2, 2010:7d0:904:1202::1000, 64, 12h enable-ra dhcp-option=option6:dns-server,[::],[1234::88] cache-size=4096___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
