On Wed, Feb 28, 2024 at 10:29:24AM +0000, Robert Sharp wrote:
> I have been using Dnsmasq for many years and I am now trying to include
> ipv6. Unfortunately, I cannot seem to get DHCPv6 to work, which I believe I
> need in order to be able to look up hosts using DNS.
>
> My ISP has allocated me with a /48 prefix and I am using dhcpcd to delegate
> a /64 prefix to the LAN interface. This all seems to work fine. My
> dnsmasq.conf settings are:
>
> ----------------------
>
> filterwin2k
> domain-needed
> bogus-priv
>
> #ipv6 stuff
>
> enable-ra
> dhcp-range=::1,constructor:enp3s0,24h
> dhcp-host=fc:aa:14:c8:9c:3e,hadrian,[::5]
>
> except-interface=ppp0
> except-interface=enp4s0
> interface=enp3s0
> expand-hosts
> bind-interfaces
> domain=osburn-sharp.ath.cx
> local=/osburn-sharp.ath.cx/
> no-resolv
> server=127.0.0.1#553
> address=...
> cname=...
> dhcp-range=192.168.0.64,192.168.0.127,24h
> read-ethers
> bogus-nxdomain=212.82.32.48
> dhcp-option=252,"\n"
> dhcp-option=121,...
> dhcp-option=3,192.168.0.1
> mx-host=...
>
> ------------------------
>
> I have included everything but truncated some entries where the info is
> unlikely to be relevant. Some things are historical and probably could be
> removed but they are not the issue.
>
> I have tried various combinations of dhcp-range and dhcp-host and I have
> tried it without the enable-ra.
>
> I have a firewall in place that allows ipv6 on 546/7, which is needed anyway
> for the ISP side to work. I log dropped packets. I do have a rule for
> accepting broadcast packets for dhcpv4 but I am not sure if it is needed,
> given that 67/8 are open anyway:
>
> ---------------------
>
> -A INPUT -i enp3s0 -p udp -m addrtype --src-type UNSPEC --dst-type BROADCAST
> --dport 67 -j ACCEPT
> -A In-from-main-lan -i enp3s0 -s 192.168.0.0/24 -p tcp -m multiport --dports
> 53,67,68,123 -j ACCEPT
>
> ---------------------
>
> The dhcpcd on a client logs that it is soliciting a DHCPv6 lease but all I
> get is either a SLAAC address or just local link if I have disabled slaac.
> Using tcpdump I can see the dhcpv6 requests on the router's LAN interface
> but there is no response. There are no dropped packets either. Using lsof I
> cannot see that dnsmasq is listening on 547 but then I cannot see it
> listening for DHCPv4 either.
>
> My instinct suggests a routing problem? I know this can cause packets to
> simply disappear. The DHCPv6 request appears to be multicast to ff08. The
> routing table on the router is:
>
> ---------------------
>
> 2001:8b0:17a2::/64 dev enp3s0 proto dhcp metric 1002 pref medium
> unreachable 2001:8b0:17a2::/48 dev lo proto dhcp metric 1001 pref medium
> fe80::203:97ff:fe41:c000 dev ppp0 proto kernel metric 256 pref medium
> fe80::b47c:2ce7:fc94:2eb0 dev ppp0 proto kernel metric 256 pref medium
> fe80::/64 dev enp3s0 proto kernel metric 256 pref medium
> fe80::/64 dev enp4s0 proto kernel metric 256 pref medium
> default via fe80::203:97ff:fe41:c000 dev ppp0 proto ra metric 1006 pref
> medium
>
> --------------------
>
> I don't have multicast forwarding enabled but I dont think that is relevant.
> I am not doing anything explicit with the ipv6 routes - as I understand it,
> they sort themselves out?
>
> I would be very grateful if anyone can help. I have been searching google
> for clues for weeks now to little avail. If you need any more info I can
> provide it.
No, I don't need more information about this.
Possible solution to "the problem" would need a well elaborated
Wish is ....., however I get ....
> Thanks,
Don't thank in advanche, it is an insult.
It emits "I demand that YOU take action!"
A true "thanks" is "Thanks for ......"
Groeten
Geert Stappers
--
Silence is hard to parse
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
