On 28/02/2024 10:29, Robert Sharp wrote:
I have been using Dnsmasq for many years and I am now trying to include
ipv6. Unfortunately, I cannot seem to get DHCPv6 to work, which I
believe I need in order to be able to look up hosts using DNS.
My ISP has allocated me with a /48 prefix and I am using dhcpcd to
delegate a /64 prefix to the LAN interface. This all seems to work fine.
My dnsmasq.conf settings are:
----------------------
filterwin2k
domain-needed
bogus-priv
#ipv6 stuff
enable-ra
dhcp-range=::1,constructor:enp3s0,24h
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
dhcp-host=fc:aa:14:c8:9c:3e,hadrian,[::5]
except-interface=ppp0
except-interface=enp4s0
interface=enp3s0
expand-hosts
bind-interfaces
domain=osburn-sharp.ath.cx
local=/osburn-sharp.ath.cx/
no-resolv
server=127.0.0.1#553
address=...
cname=...
dhcp-range=192.168.0.64,192.168.0.127,24h
read-ethers
bogus-nxdomain=212.82.32.48
dhcp-option=252,"\n"
dhcp-option=121,...
dhcp-option=3,192.168.0.1
mx-host=...
------------------------
I have included everything but truncated some entries where the info is
unlikely to be relevant. Some things are historical and probably could
be removed but they are not the issue.
I have tried various combinations of dhcp-range and dhcp-host and I have
tried it without the enable-ra.
I have a firewall in place that allows ipv6 on 546/7, which is needed
anyway for the ISP side to work. I log dropped packets. I do have a rule
for accepting broadcast packets for dhcpv4 but I am not sure if it is
needed, given that 67/8 are open anyway:
---------------------
-A INPUT -i enp3s0 -p udp -m addrtype --src-type UNSPEC --dst-type
BROADCAST --dport 67 -j ACCEPT
-A In-from-main-lan -i enp3s0 -s 192.168.0.0/24 -p tcp -m multiport
--dports 53,67,68,123 -j ACCEPT
---------------------
The dhcpcd on a client logs that it is soliciting a DHCPv6 lease but all
I get is either a SLAAC address or just local link if I have disabled
slaac. Using tcpdump I can see the dhcpv6 requests on the router's LAN
interface but there is no response. There are no dropped packets either.
Using lsof I cannot see that dnsmasq is listening on 547 but then I
cannot see it listening for DHCPv4 either.
My instinct suggests a routing problem? I know this can cause packets to
simply disappear. The DHCPv6 request appears to be multicast to ff08.
The routing table on the router is:
---------------------
2001:8b0:17a2::/64 dev enp3s0 proto dhcp metric 1002 pref medium
unreachable 2001:8b0:17a2::/48 dev lo proto dhcp metric 1001 pref medium
fe80::203:97ff:fe41:c000 dev ppp0 proto kernel metric 256 pref medium
fe80::b47c:2ce7:fc94:2eb0 dev ppp0 proto kernel metric 256 pref medium
fe80::/64 dev enp3s0 proto kernel metric 256 pref medium
fe80::/64 dev enp4s0 proto kernel metric 256 pref medium
default via fe80::203:97ff:fe41:c000 dev ppp0 proto ra metric 1006 pref
medium
--------------------
I don't have multicast forwarding enabled but I dont think that is
relevant. I am not doing anything explicit with the ipv6 routes - as I
understand it, they sort themselves out?
I would be very grateful if anyone can help. I have been searching
google for clues for weeks now to little avail. If you need any more
info I can provide it.
Thanks,
Robert Sharp
I think you probably need start and end addresses in the dhcp range
dhcp-range=::1,::400,constructor:enp3s0,24h
without a range of addresses, dnsmasq can't lease addresses and will
only do stateless DHCPv6 and RA.
There's loads more information out there that will help if you set
--log-dhcp in your dnsmasq config and look in the syslog. That will tell
you is dnsmasq has managed to construct an actual dhcp range from the
address on enp3s0 and allow you to see if it's getting SOLICIT packets
and what it's doing in response.
The output from ip addr show dev enp3s0 would be useful too. Look at the
address, prefix length and lifetimes.
Simon.
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
