Dnsmasq resolving dynamic IPv6 clients (378.50)?

[mlai]

Got 378.50 running on my AC87U and so far it seems stable Nice work! Rmerlin.

I am running IPv6 on my network via an HE tunnel and so far everything works fine. I understand that the dnsmasq can resolve dns queries of ipv4 dhcp clients that it gives out, but can dnsmasq reolve IPv6 dns for IPv6 clients when the clients are using autoconf ipv6 addresses?

I went thru the dnsmasq man pages and noticed that I can specify ra-names in additional to ra-stateless in dhcp options and I had changed that (using a postconf script to append ra-names to ra-stateless....) but when I query dnsmasq to resolve a local dual stack host, dnsmasq only returns its IPv4 address.......

PS. The client's IPv6 address does show up in the system log/ipv6 pages correctly. Just that dnsmasq does not respond with IPv6 address of the client....

 

[charlie2alpha]

For that to happen, the clients must respond to pings (by default Windows clients will not) and also the IPv6 address must be formed using the IPv6 prefix and the EUI-64 identifier, Windows again by default does not use it but generates a random identifier.

 

[mlai]

For that to happen, the clients must respond to pings (by default Windows clients will not) and also the IPv6 address must be formed using the IPv6 prefix and the EUI-64 identifier, Windows again by default does not use it but generates a random identifier.

Any work arounds?

 

[charlie2alpha]

For the ping issue, you need to open Windows Firewall and then click Advanced Settings on the left, it will open Windows Firewall with Advanced Security. There, go to the Inbound Rules and find the "File and Printer Sharing (Echo Request - ICMPv6 In), double click it and go to the Scope tab. There make sure the Remote IP address is set to Any IP address.

For the second issue, open a command prompt (cmd) with administrator right and type:

netsh interface ipv6 set global randomizeidentifiers=disabled

And reboot the computer. Hope this helps you.

 

[kevindb]

The other way around this is to use a dhcpv6 service in conjunction with ra-names. For example:

enable-ra
dhcp-range=::100, ::F:FFFF:FFFF, constructor:br0, ra-names, 64, 12h

Dnsmasq will put the dhcpv6 leased IPv6 address in local DNS. I use the range ::100 - ::F:FFFF:FFFF to reduce the potential range for addresses handed out (which is still huge!) so I can identify DHCPv6 address vs SLAAC easily.

RA (Router Announcements) are still required because (get this) dhcpv6 doesn't have the equivalent of 'netmask' or prefix length, thus all dhcpv6 addresses are regarded as /128s by windows UNLESS it sees a corresponded RA which does specify the prefix length. Until that is done, the windows firewall by default will not even respond to a ping.

The above is the best combination I can come up with that will satisfy clients capable of DHCPv6 and those dual stack with SLAAC (without 'privacy' extensions) only for giving dnsmasq the best chance to built a DNS map.