Dear Dnsmasq Committe, I hope this message finds you well. I am a Dnsmasq user and I have a question concerning the IPv6 Recursive DNS Server (RDNSS) configuration that I'm hoping you can help with. I've built a router using Debian 12, employing Dnsmasq for DHCP and DNS services. In my network, there are two separate DNS servers, also built on Debian 12, each configured with static IPv4 addresses. Due to my ISP providing a dynamic IPv6 prefix, network devices obtain IPv6 addresses via SLAAC in Dnsmasq, which prevents setting a fixed IPv6 Global Unicast Address (GUA) on the internal DNS servers. To keep the network configuration simple, I have not used IPv6 Unique Local Addresses (ULA). For certain network devices, I need to specify gateways and DNS servers, which I have accomplished for IPv4 using Dnsmasq's static address binding and DNSv4 options. However, I am encountering issues with the IPv6 configuration. According to the man page:
> --enable-ra > By default, the relevant link-local address of the machine running dnsmasq is sent as a recursive DNS server. If provided, the DHCPv6 options dns-server and domain-search are used for the DNS server (RDNSS) and the domain search list (DNSSL). I have tried various methods to remove DNS information from the RA announcements to prevent network devices from receiving an IPv6 DNS server address, thus avoiding conflicts with the specified IPv4 DNS servers. While I understand that clients can use both IPv4 and IPv6 DNS servers simultaneously, I have DNS configurations tailored for different scenarios. The reason for specifying different DNS servers for different network devices is to ensure DNS service isolation and prevent clients from receiving incorrect DNS query results. Unfortunately, I have not yet found a way to independently disable IPv6 RDNSS when the 'enable-ra' option is configured in Dnsmasq. This issue causes my network devices to always receive the Dnsmasq-advertised Link-Local Address (LLA) as their DNS server. Here is my current IPv6-related Dnsmasq configuration: interface=bridge1 ra-param=bridge1,900,2700 enable-ra dhcp-range=::,constructor:bridge1,slaac,45m I have tried changing the 'slaac' parameter in 'dhcp-range' to 'ra-only', but this still does not prevent network devices from acquiring an IPv6 DNS. I would greatly appreciate any advice or solutions you might have regarding this matter. Best regards, Nomad
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
