Add ULA DNS address to DHCPv6/RA *and* the dynamic GUA address?

phongn · Jul 29, 2022, 7:20 PM

In pfSense+, when I setup DHCPv6 and RA, by default it'll populate the DNS fields with the relevant subnet GUA. That's good, and it generally works.

I recently ran into a problem where I had a balky cable modem that kept resetting itself. pfSense would automatically recover the IPv4 address but wasn't able to renew the IPv6 address and I'd have to manually recover it. I returned said modem, but that made me want to provide the ULA address of the router so various things would continue to 'just work'.

I can put the ULA address into DHCPv6 and RA's DNS server lists, but then it ignores the GUA address of the router, should it exist. Is there a way to append a user-defined ULA server and preserve the automatic GUA address?

JKnott · Jul 29, 2022, 7:43 PM

Using Unique Local Addresses

phongn · Jul 29, 2022, 7:57 PM

I've read that article :)

What I want to do is broadcast both ULA and GUA router addresses for DHCPv6 DNS and RA RDNSS fields. I can seemingly do one xor the other and I'd like to do both.

JKnott · Jul 30, 2022, 12:30 AM

@phongn

Any reason you're using DHCPv6? With SLAAC you don't need it. Also, thanks to some genius at Google, Android doesn't support DHCPv6.

phongn · Jul 31, 2022, 1:32 AM

I mostly use DHCPv6 because I can, and RA is set to assisted mode in my setup. It also - at least in pfSense - seems to integrate better with my DHCPv6-PD subnetting.

JKnott · Jul 31, 2022, 1:32 AM

@phongn

Subnetting? I hope you're not making smaller than /64 networks. What size prefix are you getting from your ISP? I get a /56, which provides 256 /64s. Just assign a /64 to each interface.

I haven't seen any need to use DHCPv6 on the LAN side.

phongn · Jul 31, 2022, 2:12 AM

Sorry for being unclear.

Comcast Xfinity residential services provides me a /60 network, and I subnet into /64. This prefix is not guaranteed to be stable, however, and while DHCPv6 seems to properly understand that this can change, I don't see how to do this in pfsense's radvd configuration page.

Also, I use RA to broadcast a ULA so I can have stable IP addresses, and thus can use unbound to provide local DNS.

JKnott · Aug 3, 2022, 2:52 AM

@phongn said in Add ULA DNS address to DHCPv6/RA *and* the dynamic GUA address?:

I don't see how to do this in pfsense's radvd configuration page.

Perhaps I'm missing something here, but radvd follows the prefix and in doing so, messes up DNS. I'm on Rogers, which also uses DHCPv6 to provide prefixes, but they appear to be rock solid with it. My prefix has even survived changing modems and the computer I run pfSense on.

phongn · Aug 3, 2022, 2:52 AM

Oof, maybe I am just an idiot. I finally looked at /var/etc/radvd.conf:

interface igc0 {
        AdvSendAdvert on;
        MinRtrAdvInterval 200;
        MaxRtrAdvInterval 600;
        AdvDefaultLifetime 1800;
        AdvLinkMTU 1500;
        AdvDefaultPreference medium;
        AdvManagedFlag on;
        AdvOtherConfigFlag on;
        prefix [COMCAST-PREFIX]::/64 {
                DeprecatePrefix on;
                AdvOnLink on;
                AdvAutonomous on;
                AdvValidLifetime 86400;
                AdvPreferredLifetime 14400;
        };
        prefix fd0f:f5b9:d3f9:3068::/64 {
                DeprecatePrefix on;
                AdvOnLink on;
                AdvAutonomous on;
        };
        route ::/0 {
                AdvRoutePreference medium;
                RemoveRoute on;
        };
        RDNSS fd0f:f5b9:d3f9:3068::1 {
                AdvRDNSSLifetime 1800;
        };
        DNSSL [DOMAIN]  {
                AdvDNSSLLifetime 1800;
        };

Sorry for wasting your time! It looks like pfsense's configuration "does the right thing" in radvd.