Register IPv6 in DNS Resolver with only RA enabled

BackMup · Nov 1, 2022, 5:35 PM

Hello folks,
... and friends of IPv6

As per the subject, I'm searching for a solution to register client IPv6 addresses (GUA and/or ULA) but with only RA enabled. DHCPv6 is disabled and should stay like that.
It might be a silly question, as ULA and GUA via RA is actually "calculated" on the client side and therefore it can't be back-channeled to pfsense in order to get the GUA/ULA registered in DNS resolver.

But I was wondering why obviouly some other customer router are able to do that? Maybe they using as kind of mixed mode of DHCPv6 and RA? Or Bind as DNS server to provide DDNS feature?

Basically my IPv6 setup is working but as there is no name resolution for IPv6 of my hosts, it's actually locally not used (and I would like to change that )

Has anyone of you an idea?

In advance: Sorry if that question has been already discussed in that forum but couldn't squeeze out satisfying answers

Thanks!

JKnott · Nov 1, 2022, 6:13 PM

@backmup

I just add them to host overrides. Just make sure you use the consistent address, not the privacy addresses.

BackMup · Nov 1, 2022, 7:06 PM

@jknott
Thanks for your reply!
Okay, well that's a possible solution but isn't there anything rather automatic?

Bob.Dig · Nov 1, 2022, 7:18 PM

@backmup For dynamic GUAs you really should use DHCPv6.

BackMup · Nov 1, 2022, 7:39 PM

@bob-dig

I was afraid you going to say that ;-)

But which option?

Manged isn't a good option as Android wouldn't get addresses, right?
Assisted would take the ipv6 from DHCPv6 and additonal config like RDNSS from RA? Would that mean Androids are getting no IPv6 again?
Stateless DHCP would still assign IPv6 via RA and addtional config would come from DHCPv6?

That's how I understand it. Which melts down to "Assisted" or do I miss here something bigger?

Thanks for your help!

Bob.Dig · Nov 1, 2022, 7:45 PM

@backmup You only need a name if you run a server on it, so I wouldn't need one for my phone, no problem there.

Assisted is good and android gets an IP but no name.

JKnott · Nov 1, 2022, 7:46 PM

@bob-dig said in Register IPv6 in DNS Resolver with only RA enabled:

For dynamic GUAs you really should use DHCPv6.

The problem with that is Android devices won't work with it.

BackMup · Nov 1, 2022, 7:46 PM

@bob-dig
True, for the clients it's not that important.
I will give it a try with Assisted.

JKnott · Nov 1, 2022, 7:48 PM

@bob-dig said in Register IPv6 in DNS Resolver with only RA enabled:

Assisted is good and android gets an IP but no name.

The other side of this is how often will this be needed? All my devices are listed in host overrides. I just had to do it once.

Bob.Dig · Nov 1, 2022, 7:51 PM

@backmup The reason you don't need a name for clients is, every machine has many IPv6 addresses, only one of those has a name, the rest has none anyways, so the name is only good for a server to reach and according firewall rules to allow a connection but not good for blocking a machine via rules.

Bob.Dig · Nov 1, 2022, 7:51 PM

@jknott said in Register IPv6 in DNS Resolver with only RA enabled:

@bob-dig said in Register IPv6 in DNS Resolver with only RA enabled:

Assisted is good and android gets an IP but no name.

The other side of this is how often will this be needed? All my devices are listed in host overrides. I just had to do it once.

Your prefix is very undynamic then.

BackMup · Nov 1, 2022, 7:57 PM

@bob-dig
Basically you're right but it's just such a clash in my mind. In the IPv4 world you can define all the names of clients and in the IPv6 you can't (at least not with RA only).
But well, maybe I need to cut the strings and release the "old" thinking.

BackMup · Nov 1, 2022, 8:00 PM

@bob-dig
For GUA, it wouldn't work but that's also not really the aim. ULA should be fine and ULA doesn't change that much ;-)

JKnott · Nov 1, 2022, 8:07 PM

@backmup said in Register IPv6 in DNS Resolver with only RA enabled:

But well, maybe I need to cut the strings and release the "old" thinking.

Or maybe you can convince Google to stop listening to that idiot who thinks Android shouldn't support DHCPv6. That where the problem lies. He doesn't like it, so Android doesn't support it.

JKnott · Nov 1, 2022, 8:10 PM

@backmup said in Register IPv6 in DNS Resolver with only RA enabled:

and ULA doesn't change that much

My GUA hasn't changed for years and has survived replacing both my cable modem and the computer I run pfSense on. However, ULA is useful, if your ISP doesn't provide a consistent prefix.

Bob.Dig · Nov 1, 2022, 8:16 PM

@jknott Yep, for "reasons" I do NAT IPv6 to ULA for my email server and have given up using IPv6 for the rest...

JKnott · Nov 1, 2022, 9:01 PM

@bob-dig

Why do you use NAT? You can have both GUA and ULA on the same interface.

Bob.Dig · Nov 1, 2022, 9:05 PM

@jknott Because GUA with a dynamic prefix is problematic, especially for hosts that don't get notified that the prefix has changed. So for now, only pfSense has to know for its WAN interface. That does work better, as long as pfSense is the first router.