Re: [Dnsmasq-discuss] IPv6 host registration in DNS
On 2017-09-16 14:50, Robert N wrote:
Hello all,
I'm trying to replace the DNS/DHCP of my FritzBox home router with
dnsmasq.
For IPv4 everything seems to work fine, i.e. when clients request an
IPv4 address, dnsmasq registers their hostnames, so name resolution
for local machines works.
But it does not seem to work for IPv6. I want the clients to do SLAAC
but still dnsmasq should serve records for local hosts if asked
for.
If I understood correctly, then dnsmasq will only register the
hostnames for which it receives a DHCP request. Does this require the
hosts to request an IP address? Or will the hostnames be added to DNS
also if just the DNS server information is requested?
So I probably should configure what is called stateless DHCPv6:
no-resolv
server=8.8.8.8
server=8.8.4.4
server=2001:4860:4860::
server=2001:4860:4860::8844
domain=home.example.net
local=/home.example.net/
domain-needed
bogus-priv
expand-hosts
stop-dns-rebind
enable-ra
ra-param=high
read-ethers
dhcp-option=option6:dns-server,[fd00::]
dhcp-option=option6:domain-search,home.example.net
dhcp-range=::,constructor:lan,ra-names,ra-stateless
# This will tell DHCP clients to not ask for proxy information
# Some clients, like Windows 7, will constantly ask if not told NO
#
https://wiki.openwrt.org/doc/howto/dhcp.dnsmasq#log_continuously_filled_with_dhcpinformdhcpack
dhcp-option=252,"\n"
log-async=10
log-dhcp
However, I don't get dnsmasq to return records for local
hostnames.
Is this configuration basically correct? Or am I missing something?
Best regards,
Robert
Hi Robert,
here's how I set up my LAN with FRITZ!Box and dnsmasq on Raspbian/Debian
9.0 (including reasons and thoughts for my decisions):
If just DNS resolution for clients is wanted, then a FRITZ!Box with
Stateful DHCPv6 enabled is enough, no dnsmasq necessary.
If wanting other records like CNAME, MX, then dnsmasq is needed.
If wanting a different domain other than fritz.box, e.g. for
certificates, then dnsmasq is needed.
Or use dnsmasq just "because I can / want to" :)
If only "LAN addresses" are sufficient, then go with Unique Local
Addresses (ULA).
These are independent of any ISP connection and/or static/dynamic Global
Scope prefixes.
Unregistered ULA is fd00::/8, where one has to choose a random /48
prefix from (here the not-so-random fd12:3456:789A::/48).
The randomness is important when connecting to other ULA subnets, e.g.
via VPN.
If also "WAN addresses" in local DNS are wanted, then more has to be
considered: static/dynamic prefix, settings of FRITZ!Box and dnsmasq
must work together, etc.
Assuming "LAN addresses" in local DNS are sufficient then the following
is necessary:
1. Router Advertisement (RA) with Prefix Information for ULA plus
(M)anaged Address Configuration Flag set
If the advertising node is not really a router, then the default
route for itself must be disabled via its lifetime set to zero.
When advertising multiple prefixes and/or additional routes (e.g. for
VPN) it can be an advantage to use radvd instead of dnsmasq's RA
feature.
2. Stateful DHCPv6 with DNS server
That's dnsmasq :)
Further assumptions for the "LAN addresses" setup:
* Assuming only DHCPv6 addresses for ULA. As temporary addresses for
Site-Local Scope is not really necessary and DHCP addresses carry no
hardware information.
Chosen ULA subnet from above ULA prefix is: fd12:3456:789A:1::/64.
* Guessing SLAAC addresses may not work depending on OS implementation
and node configuration (e.g. Windows, only temporary addresses, etc.).
* dnsmasq server has a static ULA, e.g. via systemd-networkd,
ifupdown/interfaces, dhcpcd, etc.
* dnsmasq server provides complete LAN setup even without FRITZ!Box.
a) Stateful DHCPv6 with DNS server
dnsmasq needs a range for dynamic DHCP, needs to send out his own
address (here ULA chosen) and the local domain name on DHCPv6 requests.
dhcp-range=set:ula1,fd12:3456:789A:1::1,fd12:3456:789A:1::,64,1h
dhcp-option=tag:ula1,option6:dns-server,[fd00::]
dhcp-option=tag:ula1,option6:domain-search,home.example.com
b) Router Advertisement
b.1) via dnsmasq
RA must be enabled in dnsmasq, so that dnsmasq sends RA for all
explicitly specified dhcp-ranges (but not for an catch-all dhcp-range).
If the node is not a router, e.g. to VPN networks, then disable it as
default route via ra-param.
If SLAAC is wanted, then the wanted mode must be set on the related
dhcp-range.
See
https://weirdfellow.wordpress.com/2014/09/05/dhcpv6-and-ra-with-dnsmasq/
enable-ra
## Default interval (1st Zero), Disable Default Route (2nd Zero)
ra-param=*,0,0
b.2) via radvd
interface eth0
{
## Send RA
AdvSendAdvert on;
## Enable (M)anaged Address Configuration Flag
AdvManagedFlag on;
## Enable (O)ther Configuration Flag
AdvOtherConfigFlag on;
## Disable default route over this node by setting lifetime to zero
AdvDefaultL
Re: [Dnsmasq-discuss] DNSMASQ Not Sending ACK?
On 21/09/2017 14:15, Jason Kary (jkary) wrote: > I’m working on getting DNSMASQ to work with IP RELAY in a VxLAN environment. > Using tcpdump we were able to trace a DHCP relay request to the ‘request’ > message. It appears the server is not sending an DHCP ACK message. Which version of dnsmasq are you using? If you're using 2.76, DHCP relay was broken by a commit shortly before release [1], and this breakage was itself recently fixed by a commit that'll eventually make it into 2.78 [2]. Does [2] fix the problem you're seeing? [1] http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ff325644c7afae2588583f935f4ea9b9694eb52e [2] http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=1649f709e7351f0c6bbfedc5bd32744b330e2bcd ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] IPv6 host registration in DNS
Hi Maddes,
wow, great. Thanks a lot for such a detailed explanation.
I will try this as soon as I can.
Best regards,
Robert
On 22 Sep 2017, at 13:15, M. Buecher wrote:
On 2017-09-16 14:50, Robert N wrote:
Hello all,
I'm trying to replace the DNS/DHCP of my FritzBox home router with
dnsmasq.
For IPv4 everything seems to work fine, i.e. when clients request an
IPv4 address, dnsmasq registers their hostnames, so name resolution
for local machines works.
But it does not seem to work for IPv6. I want the clients to do SLAAC
but still dnsmasq should serve records for local hosts if asked
for.
If I understood correctly, then dnsmasq will only register the
hostnames for which it receives a DHCP request. Does this require the
hosts to request an IP address? Or will the hostnames be added to DNS
also if just the DNS server information is requested?
So I probably should configure what is called stateless DHCPv6:
no-resolv
server=8.8.8.8
server=8.8.4.4
server=2001:4860:4860::
server=2001:4860:4860::8844
domain=home.example.net
local=/home.example.net/
domain-needed
bogus-priv
expand-hosts
stop-dns-rebind
enable-ra
ra-param=high
read-ethers
dhcp-option=option6:dns-server,[fd00::]
dhcp-option=option6:domain-search,home.example.net
dhcp-range=::,constructor:lan,ra-names,ra-stateless
# This will tell DHCP clients to not ask for proxy information
# Some clients, like Windows 7, will constantly ask if not told NO
#
https://wiki.openwrt.org/doc/howto/dhcp.dnsmasq#log_continuously_filled_with_dhcpinformdhcpack
dhcp-option=252,"\n"
log-async=10
log-dhcp
However, I don't get dnsmasq to return records for local
hostnames.
Is this configuration basically correct? Or am I missing something?
Best regards,
Robert
Hi Robert,
here's how I set up my LAN with FRITZ!Box and dnsmasq on
Raspbian/Debian 9.0 (including reasons and thoughts for my decisions):
If just DNS resolution for clients is wanted, then a FRITZ!Box with
Stateful DHCPv6 enabled is enough, no dnsmasq necessary.
If wanting other records like CNAME, MX, then dnsmasq is needed.
If wanting a different domain other than fritz.box, e.g. for
certificates, then dnsmasq is needed.
Or use dnsmasq just "because I can / want to" :)
If only "LAN addresses" are sufficient, then go with Unique Local
Addresses (ULA).
These are independent of any ISP connection and/or static/dynamic
Global Scope prefixes.
Unregistered ULA is fd00::/8, where one has to choose a random /48
prefix from (here the not-so-random fd12:3456:789A::/48).
The randomness is important when connecting to other ULA subnets, e.g.
via VPN.
If also "WAN addresses" in local DNS are wanted, then more has to be
considered: static/dynamic prefix, settings of FRITZ!Box and dnsmasq
must work together, etc.
Assuming "LAN addresses" in local DNS are sufficient then the
following is necessary:
1. Router Advertisement (RA) with Prefix Information for ULA plus
(M)anaged Address Configuration Flag set
If the advertising node is not really a router, then the default
route for itself must be disabled via its lifetime set to zero.
When advertising multiple prefixes and/or additional routes (e.g.
for VPN) it can be an advantage to use radvd instead of dnsmasq's RA
feature.
2. Stateful DHCPv6 with DNS server
That's dnsmasq :)
Further assumptions for the "LAN addresses" setup:
* Assuming only DHCPv6 addresses for ULA. As temporary addresses for
Site-Local Scope is not really necessary and DHCP addresses carry no
hardware information.
Chosen ULA subnet from above ULA prefix is: fd12:3456:789A:1::/64.
* Guessing SLAAC addresses may not work depending on OS implementation
and node configuration (e.g. Windows, only temporary addresses, etc.).
* dnsmasq server has a static ULA, e.g. via systemd-networkd,
ifupdown/interfaces, dhcpcd, etc.
* dnsmasq server provides complete LAN setup even without FRITZ!Box.
a) Stateful DHCPv6 with DNS server
dnsmasq needs a range for dynamic DHCP, needs to send out his own
address (here ULA chosen) and the local domain name on DHCPv6
requests.
dhcp-range=set:ula1,fd12:3456:789A:1::1,fd12:3456:789A:1::,64,1h
dhcp-option=tag:ula1,option6:dns-server,[fd00::]
dhcp-option=tag:ula1,option6:domain-search,home.example.com
b) Router Advertisement
b.1) via dnsmasq
RA must be enabled in dnsmasq, so that dnsmasq sends RA for all
explicitly specified dhcp-ranges (but not for an catch-all
dhcp-range).
If the node is not a router, e.g. to VPN networks, then disable it as
default route via ra-param.
If SLAAC is wanted, then the wanted mode must be set on the related
dhcp-range.
See
https://weirdfellow.wordpress.com/2014/09/05/dhcpv6-and-ra-with-dnsmasq/
enable-ra
## Default interval (1st Zero), Disable Default Route (2nd Zero)
ra-param=*,0,0
b.2) via radvd
interface eth0
{
## Send RA
AdvSendAdvert on;
## Enable (M)anaged Address Configuratio
Re: [Dnsmasq-discuss] DNSMASQ Not Sending ACK?
On 22/09/2017 13:42, Chris Novakovic wrote: > If you're using 2.76, It's implied by my later comment, but I should also clarify that this bug affects 2.77 as well as 2.76. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNSMASQ Not Sending ACK?
Hi Chris, Thank you for the update. We are running version 2.66 Take Care Jason > On Sep 22, 2017, at 8:44 AM, Chris Novakovic wrote: > > On 22/09/2017 13:42, Chris Novakovic wrote: >> If you're using 2.76, > > It's implied by my later comment, but I should also clarify that this > bug affects 2.77 as well as 2.76. > . ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] DNSMASQ Not Sending ACK?
On 22/09/2017 19:24, Jason Kary (jkary) wrote: > Thank you for the update. We are running version 2.66 2.66 is four and a half years old now, and those parts of the codebase have been overhauled quite a lot since then --- is there any way you can test your setup with 2.77 plus the patch in [2] from my initial reply (or, better still, master/HEAD in the git repository)? Also, it'd be helpful if you could post your full dnsmasq configuration. ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
