Re: [Kea-users] Getting Started: Dual-stack Dynamic DNS Updates

[Darren Ankney]

Hi Troy,

see responses in-line

On Fri, Mar 3, 2023 at 4:24 PM Troy Telford  wrote:
>
> I’ve been successful so far in getting Kea to serve IPv4 with both forward & 
> reverse dynamic DNS. Thus far I’ve only used SLAAC and static zone files for 
> IPv6 in DNS in my test/educational network. (A small network, so I can learn 
> & experiment).
>
> I’ve had a notion of also learning DHCPv6 so I know how it works. (I’ve a 
> goal to understand and have dual stack DHCP with forward/reverse DNS updates).
>
> It’s already clear it’s different from IPv4 DHCP. I’ve been able to piece 
> together a rough idea of some basics - enough that there are signs of life: I 
> configured `radvd` with the correct flags so macOS & iOS use DHCPv6, for 
> example. it seems many of the hosts are getting IPv6 addresses from 
> Kea-dhcp6, though it’s equally clear I’m missing important details, as things 
> aren’t working as I’d thought:
>
> In this dual-stack environment, it seems kea-dhcp-ddns is sort of all over 
> the place: I’m seeing either IPv4 updates, or IPv6 updates, but not both in 
> DNS.
>
> I want to make sure I understand the situation properly before getting lost 
> in the weeds (ie. Trying to ‘fix’ the wrong thing):
>
>* Is it true that in a dual-stack environment, it’s necessary for the 
> _client_ to be configured properly in order for `kea-dhcp-ddns` to be able to 
> update the DNS server properly?

No.  You can set these options:

"ddns-qualifying-suffix": "example.com",
"ddns-generated-prefix": "dynamic",
"ddns-replace-client-name": "always",
"ddns-send-updates": true,
"ddns-update-on-renew": false,
"ddns-override-client-update": true,
"ddns-override-no-update": true,

which will force ddns updates and override whatever thing the client
sends as the hostname (tune behavior to your preference by changing
settings above). With those settings, it will make names like:

dynamic-fdfa-96a7-3813-30--233.example.com

You can override that by setting a hostname in a reservation for the client:

"reservations": [
  {
"hw-address": "00:00:00:63:61:8d",
 "hostname": "somehost-v6"
}
]

Note that you can reserve with duid also ... your Kea server may not
have access to the mac address.

>* I’ve read that both v4 and v6 clients need to send the same DUID for 
> ddns to work properly - is that correct?

yes - as ddns will not be able to create the same DHCID otherwise that
was used when adding the DHCPv4 A record.  Note that I added a '-v6'
to the hostname in the reservation for this reason (so that it adds
the  to a different RR thus avoiding the DHCID problem).  There
might be some way to have Kea construct DHCIDs in a predictable way, I
have some vague recollection of that, but I haven't looked into it
deeply yet.

>* Am I wrong that most Linux distributions, and macOS aren’t 
> configured this way by default? (I haven’t checked Windows yet…)

You are correct - its possible to use an DHCPv6 style DUID in DHCPv4
(there is an RFC for it) but I've never seen a client that does.

>* I’m sure there are minutae I need to learn - any hints?

Router advertisements are hard to get right.  I suspect yours are not
currently correct and your hosts are doing SLAAC still which is why
you are observing a subnet you didn't configure in DHCP on your
clients.

>* While I don’t _think_ I’m running into any unimplemented functionality, 
> is there something I should be aware of for the simple goal of dual-stack 
> forward/reverse dynamic DNS? - (I’m using kea-2.2.0 on Debian Sid because 
> I’ve apparently 'lived dangerously' for 25 years.)

I don't know as I'm not familiar with that Debian version.  I am
currently running Debian GNU/Linux 11 (bullseye)

>
> I’ve also noticed that many hosts are getting “new” IPv6 addresses that are 
> from a subnet that’s not link-local (I think), and _not_ the subnet that I’m 
> assigning via DHCPv6: fd75:81b2:5386:4f06::/64.

I suspect SLAAC is still happening.  Check your router advertisements.

>
> * I think it’s something akin to the 169.254 IPv4 address range, but my 
> Google-fu fails me; is there anything special about such a subnet? Why would 
> the interfaces be getting such an address?

fe80::/10 is akin to 169.254.0.0/16. IPv6 makes heavy use of that for
neighbor discovery and routing (via router advertisements).  Thats
really outside of DHCPv6, however.

Thank you,

-Darren
-- 
ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.

Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users

Re: [Kea-users] CIDR or range notation in relay lists when using shared-networks?

[Simon]

Klaus Steden  wrote:

> ... but even then, we're still stuck with the same problem -- we don't know, 
> aren't told, and can't predict what the next relay IP will be, or to which 
> subnet it will be assigned. What a pisser. :-(

And that is a problem that can’t be solved with technology - except perhaps 
some very ancient technology known as a piece of clue-by-four 
(http://www.catb.org/jargon/html/C/clue-by-four.html) :D So many times one’s 
mind is quietly saying “if only we could and get away with it ...”

Simon

-- 
ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.

Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users

Re: [Kea-users] Getting Started: Dual-stack Dynamic DNS Updates

[Dan Oachs]

I can't answer most of your questions, but I can tell you that the
fd75:81b2:5386:4f06::/64 subnet is part of the Unique Local Address ( ULA
 ) range for IPv6.  And
you are correct, that is somewhat akin to rfc1918 space.  They should only
be getting an address in that range if your router or DHCPv6 server is
telling them to.

--Dan


On Fri, Mar 3, 2023 at 3:23 PM Troy Telford 
wrote:

> I’ve been successful so far in getting Kea to serve IPv4 with both forward
> & reverse dynamic DNS. Thus far I’ve only used SLAAC and static zone files
> for IPv6 in DNS in my test/educational network. (A small network, so I can
> learn & experiment).
>
> I’ve had a notion of also learning DHCPv6 so I know how it works. (I’ve a
> goal to understand and have dual stack DHCP with forward/reverse DNS
> updates).
>
> It’s already clear it’s different from IPv4 DHCP. I’ve been able to piece
> together a rough idea of some basics - enough that there are signs of life:
> I configured `radvd` with the correct flags so macOS & iOS use DHCPv6, for
> example. it seems many of the hosts are getting IPv6 addresses from
> Kea-dhcp6, though it’s equally clear I’m missing important details, as
> things aren’t working as I’d thought:
>
> In this dual-stack environment, it seems kea-dhcp-ddns is sort of all over
> the place: I’m seeing either IPv4 updates, or IPv6 updates, but not both in
> DNS.
>
> I want to make sure I understand the situation properly before getting
> lost in the weeds (ie. Trying to ‘fix’ the wrong thing):
>
>* Is it true that in a dual-stack environment, it’s necessary for the
> _client_ to be configured properly in order for `kea-dhcp-ddns` to be able
> to update the DNS server properly?
>* I’ve read that both v4 and v6 clients need to send the same DUID
> for ddns to work properly - is that correct?
>* Am I wrong that most Linux distributions, and macOS aren’t
> configured this way by default? (I haven’t checked Windows yet…)
>* I’m sure there are minutae I need to learn - any hints?
>* While I don’t _think_ I’m running into any unimplemented
> functionality, is there something I should be aware of for the simple goal
> of dual-stack forward/reverse dynamic DNS? - (I’m using kea-2.2.0 on Debian
> Sid because I’ve apparently 'lived dangerously' for 25 years.)
>
> I’ve also noticed that many hosts are getting “new” IPv6 addresses that
> are from a subnet that’s not link-local (I think), and _not_ the subnet
> that I’m assigning via DHCPv6: fd75:81b2:5386:4f06::/64.
>
> * I think it’s something akin to the 169.254 IPv4 address range, but my
> Google-fu fails me; is there anything special about such a subnet? Why
> would the interfaces be getting such an address?
>
> Thank you.
> --
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
>
-- 
ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.

Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users

[Kea-users] Getting Started: Dual-stack Dynamic DNS Updates

[Troy Telford]

I’ve been successful so far in getting Kea to serve IPv4 with both forward & 
reverse dynamic DNS. Thus far I’ve only used SLAAC and static zone files for 
IPv6 in DNS in my test/educational network. (A small network, so I can learn & 
experiment).

I’ve had a notion of also learning DHCPv6 so I know how it works. (I’ve a goal 
to understand and have dual stack DHCP with forward/reverse DNS updates).

It’s already clear it’s different from IPv4 DHCP. I’ve been able to piece 
together a rough idea of some basics - enough that there are signs of life: I 
configured `radvd` with the correct flags so macOS & iOS use DHCPv6, for 
example. it seems many of the hosts are getting IPv6 addresses from Kea-dhcp6, 
though it’s equally clear I’m missing important details, as things aren’t 
working as I’d thought: 

In this dual-stack environment, it seems kea-dhcp-ddns is sort of all over the 
place: I’m seeing either IPv4 updates, or IPv6 updates, but not both in DNS.

I want to make sure I understand the situation properly before getting lost in 
the weeds (ie. Trying to ‘fix’ the wrong thing): 

   * Is it true that in a dual-stack environment, it’s necessary for the 
_client_ to be configured properly in order for `kea-dhcp-ddns` to be able to 
update the DNS server properly?
   * I’ve read that both v4 and v6 clients need to send the same DUID for 
ddns to work properly - is that correct?
   * Am I wrong that most Linux distributions, and macOS aren’t configured 
this way by default? (I haven’t checked Windows yet…)
   * I’m sure there are minutae I need to learn - any hints?
   * While I don’t _think_ I’m running into any unimplemented functionality, is 
there something I should be aware of for the simple goal of dual-stack 
forward/reverse dynamic DNS? - (I’m using kea-2.2.0 on Debian Sid because I’ve 
apparently 'lived dangerously' for 25 years.)

I’ve also noticed that many hosts are getting “new” IPv6 addresses that are 
from a subnet that’s not link-local (I think), and _not_ the subnet that I’m 
assigning via DHCPv6: fd75:81b2:5386:4f06::/64.

* I think it’s something akin to the 169.254 IPv4 address range, but my 
Google-fu fails me; is there anything special about such a subnet? Why would 
the interfaces be getting such an address?

Thank you.
-- 
ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.

Kea-users mailing list
Kea-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/kea-users