David Horn wrote:
On Sun, Jan 17, 2010 at 5:02 PM, Brett Lee <brett....@sun.com> wrote:
Brett Lee wrote:
Hello -
Am using FreeBSD 6.3 as a dhcp6 client, trying to get DDNSv6 operational
in this environment. When I execute 'dhcp6c -d lnc0' from the command line,
the following messages are logged on the (ISC 4.1.0p1) DHCP6 server:
Solicit message from fe80::20c:29ff:fef3:a5de port 546, transaction ID
0xB3D95D
Unable to pick client prefix: no IPv6 prefix pools on this shared network
Sending Advertise to fe80::20c:29ff:fef3:a5de port 546
Am confused by the message above, in particular the "prefix pools", as
this host obtains the "global address" prefix and configures both link local
and global addresses via SLAAC. Surely this can't be the same prefix.
Equally confusing is that the Solaris hosts on this LAN have no problem
getting v6 addresses via this DHCP server, and there seems to be plenty of
free leases available.
Does FreeBSD 6.3 DHCP6 client need a "prefix", or a "pool" of them to be
delivered by the server? Obviously I'm a little bit confused :) and am
thinking the problem is with the dhcpd.conf file. Hoping for some
clarification or direction. Configs are below.
Thanks for your guidance/suggestions! -Brett
Client:
[r...@freebsdvm ~]# ifconfig -a
lnc0: flags=108843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,NEEDSGIANT> mtu
1500
inet6 fe80::20c:29ff:fef3:a5de%lnc0 prefixlen 64 scopeid 0x1
inet 192.168.1.94 netmask 0xffffff00 broadcast 192.168.1.255
inet6 2bad:0:564:1:20c:29ff:fef3:a5de prefixlen 64 autoconf
ether 00:0c:29:f3:a5:de
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
[r...@freebsdvm ~]# grep -v '#' /usr/local/etc/dhcp6c.conf
interface lnc0 {
send ia-pd 0;
};
id-assoc pd {
prefix-interface lnc0 {
sla-id 1;
};
};
[r...@freebsdvm ~]#
Server:
[r...@solaris10u4sparc named]# grep iaaddr /var/db/dhcpd6.leases | sort |
uniq
iaaddr 2bad:0:564:1::12 {
iaaddr 2bad:0:564:1::18 {
iaaddr 2bad:0:564:1::19 {
iaaddr 2bad:0:564:2::18 {
iaaddr 2bad:0:564:2::19 {
iaaddr 2bad:0:564:3::18 {
[r...@solaris10u4sparc named]# grep -v '#' /etc/dhcpd.conf | egrep
'[A-Z]|[a-z]|[0-9]'
authoritative;
include "/etc/rndc.key";
ddns-update-style interim;
ddns-domainname "ipv6.apevt.local";
ddns-rev-domainname "in-addr.arpa";
ignore client-updates;
zone ipv6.apevt.local. {
primary 192.168.1.23;
key "rndc-key";
log-facility local6;
min-lease-time 60;
default-lease-time 3600;
max-lease-time 43200;
option domain-name "ipv6.apevt.local";
option domain-name-servers 192.168.1.254, 192.168.1.23;
option dhcp.domain-search "ipv6.apevt.local, apevt.local";
option dhcp6.domain-search "ipv6.apevt.local, apevt.local";
option dhcp6.name-servers 2bad:0:564:1:203:baff:fee8:36f2,
2bad:0:564:2:203:baff:fee8:36f3, 2bad:0:564:3:203:baff:fee8:36f4;
subnet6 2bad:0000:0564:0001::/64 {
allow unknown-clients;
min-lease-time 60;
default-lease-time 60;
max-lease-time 60;
range6 2bad:0000:0564:0001::10 2bad:0000:0564:0001::19;
subnet6 2bad:0000:0564:0002::/64 {
allow unknown-clients;
min-lease-time 60;
default-lease-time 60;
max-lease-time 60;
range6 2bad:0000:0564:0002::10 2bad:0000:0564:0002::19;
subnet6 2bad:0000:0564:0003::/64 {
allow unknown-clients;
min-lease-time 60;
default-lease-time 60;
max-lease-time 60;
range6 2bad:0000:0564:0003::10 2bad:0000:0564:0003::19;
[r...@solaris10u4sparc named]#
Seems I misconfigured dhcp6c.conf to request a pool of addresses for
delivery downstream instead of a single stateful address. Now using the
current FreeBSD, 8.0-RELEASE, with dhcp6c.conf setup as seen below:
interface le0 {
send ia-na 0; # request stateful address
request domain-name;
request domain-name-servers;
}
id-assoc na 0 {
}
It works. On to DDNSv6. -Brett
The dhcp6c client is the wide-dhcpv6 client (I am guessing you
installed from port net/dhcp6). If you are trying to do ddnsv6 using
dhcpv6, you might have better luck with using the ISC dhcpv6 client at
the same patchlevel as the server. (You will need to compile on your
own, as ISC 4.1 dhcp does not seem to be in the freebsd ports
collection at this time).
In my own testing, I also needed to tell dhclient (ISC variant)'s
dhclient-script how to locate ifconfig and route (simple script change
from ifconfig to /sbin/ifconfig and from route to /sbin/route).
Take a look at the dhclient.conf (5) man page from the ISC package
under "DYNAMIC DNS". You will likely need a dhclient.conf with items
like:
send fqdn.fqdn "test.example.com.";
send fqdn.encoded on;
send fqdn.server-update off;
also request dhcp6.fqdn;
This also assumes that the ISC dhcpd server is configured with
appropriate information to actually have the server perform updates.
I have not actually turned ddns on with DHCPv6 yet, so these are just
suggestions. According to RFC 4704, the protocol supports either
client or server actually performing the updates, but not certain
which cases work properly with ISC at this point.
Please share if/when you get a working configuration with any dhcpv6
client/server combination.
Good Luck.
---Dave Horn
After hitting the send button, I thought to suggest that adding these
three lines to /usr/local/etc/dhcp6c.conf.sample would add some value
(it certainly would have for me):
# Obtain an address via DHCP on this interface
interface le0 { send ia-na 0; }
id-assoc na 0 { }
Thanks for the "Good Luck" Dave - from what I've been reading it will be
needed. The ISC team has documented that the same config is required
for v4/v6, but haven't found anyone indicating that *any* IPv6 DDNS
works; instead there seems to be the opposite sentiment. As it stands
now, have a v4 version of ISC DHCP + BIND doing DDNS but am unable to
get v6 working on another ISC DHCP + BIND system. Have posted a
question to the ISC dhcpd mailing list:
https://lists.isc.org/mailman/htdig/dhcp-users/2010-January/010729.html
In researching the topic, have found that there was/is quite a bit of
interest around SLAAC and DDNS; in particular how to resolve hostnames
and securely add the AAAA/PTR records to DNS servers when global
addresses are obtained via SLAAC. On my part there was an assumption
that SLAAC would only be used for clients and so it really would not
matter; servers would need to be configured via DHCP/DDNS or static. Am
certainly interested to see the progression. In case anyone is
interested, here are a couple meandering threads:
https://lists.isc.org/mailman/htdig/dhcp-users/2008-August/006988.html
http://www.ops.ietf.org/lists/namedroppers/namedroppers.199x/msg04172.html
Am very glad you mentioned the wide-dhcp6 client. Didn't think about
the client at all. Yes, I did build dhcp6c from the ports. As the
wide-dhcp6 client came from KAME, am confident that it is rock solid.
Apparently, it uses a script to perform DDNS:
https://lists.isc.org/pipermail/dhcp-users/2009-September/009917.html
For the setup here, am planning on performing all DNS updates from the
DHCP server only. Given that, am unaware if there is any client DDNS
code needed when not allowing client updates. I suppose there would be
a need for client input in the case of stateless assignments, but in the
case of stateful addresses the DHCP server should know the hostname.
Perhaps that is the problem I have run across here - not sending the
DHCP server the stateless client hostname? How can the DHCP server
update the DNS server w/o the client hostname?
Am fairly confident in the ISC dhcpd.conf file in use, and it is
configured to ignore client updates, but trying the known good ISC
client is a still good idea. Currently have Solaris clients and one
FreeBSD client obtaining stateless addresses via DHCP6, but still no
DDNS or DHCPv6 assignment of stateful addresses.
In short, my belief is that DDNSv6 is still very much evolving. As for
DHCPv6 and obtaining stateful addresses, that does not seem to be
flushed out yet either. As there does not seem to be a fixed-address6
yet, what I've read about stateful dhcp configuration involves booting
the client, capturing the DUID, adding it to the dhcp.conf file, and
then rebooting the client to assign the stateful address. Yecch! One
final link for anyone interested in the topic, or more about the
integration of DHCP with BIND 10, see:
http://www.gossamer-threads.com/lists/nsp/ipv6/20683
Sorry for the dissertation. Maybe it will help someone else. -Brett
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
