Hi,
actually, if all the additional DNS servers are on the same device
(where also DNSmasq runs on), you can simply assign one or more ULAs (I
use fd53::1) to the device's interface and announce it to all devices as
DNS. The clients will see that the device is in another network and send
it out for routing to your router. The Router device will forward it to
the other local interface automatically.
So basically easiest ist to assign addition ULA address to one of the
router's interfaces and let listen alternative DNS on it. You don't need
to announce ULA outside.
This type of configuration is used by most consumer routers (e.g., by
AVM's FritzBOX) for the same reason like described by you. Here is my
own "iflan" ethernet interface on my Ubuntu-Router:
iflan: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.1 netmask 255.255.255.0 broadcast
192.168.1.255
inet6 2a00:c380:xxxxxxxxxxxxxx::1 prefixlen 64 scopeid
0x0<global>
inet6 fe80::1 prefixlen 64 scopeid 0x20<link>
*inet6 fd53::1 prefixlen 128 scopeid 0x0<global>*
ether 76:35:3b:ae:7b:ba txqueuelen 1000 (Ethernet)
RX packets 54020105 bytes 15416441867 (15.4 GB)
RX errors 0 dropped 534516 overruns 0 frame 0
TX packets 92451209 bytes 137807353683 (137.8 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Clients don't use ULA at all. Its just there. In dnsmasq it is sent out
like this:
dhcp-option=option6:ntp-server,fd53::1
dhcp-option=option6:sntp-server,fd53::1
dhcp-option=option6:dns-server,fd53::1
Clients don't deal with the address prefix at all, they only have a
global address and contact the router for routing:
Ethernet-Adapter ThinkDock Ethernet:
Verbindungsspezifisches DNS-Suffix: home
IPv6-Adresse. . . . . . . . . . . : 2a00:c380:xxxxxxxxxxxxxx:5c7c
Temporäre IPv6-Adresse. . . . . . : 2a00:c380:xxxxxxxxxxxxxx:73cd
Verbindungslokale IPv6-Adresse . : fe80::4a2a:e3ff:fe43:5c7c%21
IPv4-Adresse . . . . . . . . . . : 192.168.1.103
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Standardgateway . . . . . . . . . : fe80::1%21
192.168.1.1
> tracert fd53::1
Routenverfolgung zu sirius.home [fd53::1]
über maximal 30 Hops:
1 1 ms 1 ms 1 ms sirius.home [fd53::1]
Ablaufverfolgung beendet.
Uwe
Am 03.07.2024 um 09:56 schrieb Nomad Chen:
Dear Dnsmasq Committe,
I hope this message finds you well. I am a Dnsmasq user and I have a
question concerning the IPv6 Recursive DNS Server (RDNSS)
configuration that I'm hoping you can help with.
I've built a router using Debian 12, employing Dnsmasq for DHCP and
DNS services.
In my network, there are two separate DNS servers, also built on
Debian 12, each configured with static IPv4 addresses.
Due to my ISP providing a dynamic IPv6 prefix, network devices obtain
IPv6 addresses via SLAAC in Dnsmasq, which prevents setting a fixed
IPv6 Global Unicast Address (GUA) on the internal DNS servers. To keep
the network configuration simple, I have not used IPv6 Unique Local
Addresses (ULA).
For certain network devices, I need to specify gateways and DNS
servers, which I have accomplished for IPv4 using Dnsmasq's static
address binding and DNSv4 options. However, I am encountering issues
with the IPv6 configuration.
According to the man page:
> --enable-ra
> By default, the relevant link-local address of the machine running
dnsmasq is sent as a recursive DNS server. If provided, the DHCPv6
options dns-server and domain-search are used for the DNS server
(RDNSS) and the domain search list (DNSSL).
I have tried various methods to remove DNS information from the RA
announcements to prevent network devices from receiving an IPv6 DNS
server address, thus avoiding conflicts with the specified IPv4 DNS
servers.
While I understand that clients can use both IPv4 and IPv6 DNS servers
simultaneously, I have DNS configurations tailored for different
scenarios.
The reason for specifying different DNS servers for different network
devices is to ensure DNS service isolation and prevent clients from
receiving incorrect DNS query results.
Unfortunately, I have not yet found a way to independently disable
IPv6 RDNSS when the 'enable-ra' option is configured in Dnsmasq. This
issue causes my network devices to always receive the
Dnsmasq-advertised Link-Local Address (LLA) as their DNS server.
Here is my current IPv6-related Dnsmasq configuration:
interface=bridge1
ra-param=bridge1,900,2700
enable-ra
dhcp-range=::,constructor:bridge1,slaac,45m
I have tried changing the 'slaac' parameter in 'dhcp-range' to
'ra-only', but this still does not prevent network devices from
acquiring an IPv6 DNS.
I would greatly appreciate any advice or solutions you might have
regarding this matter.
Best regards,
Nomad
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
--
Uwe Schindler
Achterdiek 19, D-28357 Bremen
https://www.thetaphi.de
eMail:u...@thetaphi.de
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
