pfsense DNS resolver not registering IPv6 addresses

jimp

DHCPv6 doesn't put hostnames in the leases, so they can't be scraped for resolution like they can from DHCPv4. I can't recall if that's a limit of the ISC DHCP server or the actual DHCPv6 protocol, however.

Static mapping hostnames work fine, though.

Peek

@jimp If static mappings is the only way forward, is static mappings also limited to only 1 address per hostname entry ?

Derelict

What, exactly, are you trying to accomplish?

If you have multiple AAAA records for a specific hostname which one should be returned when queried? All of them? One of them? Round robin?

Generally, when a connection has to be made to an address, there is one AAAA record pointing to a server address on that host. Just like IPv4 there might be one GUA and one ULA for split DNS. Nothing really changes.

If you want reverse lookups then yeah you can have multiple addresses resolve to the same hostname no problem. Not sure you are going to get them all put into DNS that way though.

Keep in mind that only DHCP addresses have a prayer of going into DNS. SLAAC addresses (including the random/privacy addresses clients can use to make connections) will not, unless the client itself does it into dynamic DNS or something.

And if you completely disable SLAAC (Managed interface on pfSense), some clients, notably android, will be unable to connect IPv6 since they do not have a DHCP6 client.

So what exactly is the problem you are trying to solve?

JKnott

@Derelict said in pfsense DNS resolver not registering IPv6 addresses:

If you have multiple AAAA records for a specific hostname which one should be returned when queried? All of them? One of them? Round robin?

The only one you would use is the consistent one. There's no point in using the privacy addresses, as you could have as many as 7 of them and you get a new one every day.

Peek

@Derelict said in pfsense DNS resolver not registering IPv6 addresses:

What, exactly, are you trying to accomplish?

To contact a device by hostname on whatever IPv6 interface is live.

Peek

@JKnott said in pfsense DNS resolver not registering IPv6 addresses:

If you have multiple AAAA records for a specific hostname which one should be returned when queried? All of them? One of them? Round robin?

Only the management address of whatever adapter is connected (or live). Not interested in the private addresses, nor is there any need therefore.

As to clarify, if a device has a Wifi and Ethernet adapter, how to contact the device (via it's hostname) depending on whether it's connected to the WiFi or the cabled LAN via IPv6?

If both WiFi and cabled LAN is active, either address is fine as reach-ability is the main concern.

JKnott

@Peek said in pfsense DNS resolver not registering IPv6 addresses:

As to clarify, if a device has a Wifi and Ethernet adapter, how to contact the device (via it's hostname) depending on whether it's connected to the WiFi or the cabled LAN via IPv6?
If both WiFi and cabled LAN is active, either address is fine as reach-ability is the main concern.

If the device is running Linux, use the WiFi address. If connected via Ethernet, the WiFi address is still reachable. This does not work with Windows. So, with my notebook computer, running Linux, I have the DNS configured to point to my WiFi address, not Ethernet.

Peek

@JKnott unfortunately, in this scenario, it's a case of OR.

It's only the WiFi OR only the ETH connection that is available at a particular point in time.

JKnott

@Peek

Are you running Windows or LInux? If Linux (and probably Mac) the wireless address will be available, even when connected via Ethernet, so long as the WiFi is connected. Here are the addresses on my notebook computer. I used ssh to the Wifi host name, even though connected via Ethernet.

ip add sh
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether f0f1:8c:dc:99 brd ff:ff:ff:ff:ff:ff
inet 172.16.0.42/24 brd 172.16.0.255 scope global noprefixroute dynamic eth0
valid_lft 7109sec preferred_lft 7109sec
inet6 2607:fea8:abcdfce1:bab3:d72b:5b44/64 scope global temporary dynamic
valid_lft 86395sec preferred_lft 14395sec
inet6 2607:fea8abcd:1234:8c2a:acb8:36ef:2f50/64 scope global mngtmpaddr noprefixroute dynamic
valid_lft 86395sec preferred_lft 14395sec
inet6 fd48:1a37:2160:0:fce1:bab3:d72b:5b44/64 scope global temporary dynamic
valid_lft 86395sec preferred_lft 14395sec
inet6 fd48:1a37:2160:0:a618:10a9:f627:3809/64 scope global mngtmpaddr noprefixroute dynamic
valid_lft 86395sec preferred_lft 14395sec
inet6 fe80::d9ea:e6bf:8fa8:7be2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 38:59:f9:e0:7d:5d brd ff:ff:ff:ff:ff:ff
inet 172.16.0.40/24 brd 172.16.0.255 scope global noprefixroute dynamic wlan0
valid_lft 7112sec preferred_lft 7112sec
inet6 2607:fea8:abcd3007:aae5:1d5c:a340/64 scope global temporary dynamic
valid_lft 86340sec preferred_lft 14340sec
inet6 2607:fea8:abcd3a59:f9ff:fee0:7d5d/64 scope global mngtmpaddr noprefixroute dynamic
valid_lft 86340sec preferred_lft 14340sec
inet6 fd48:1a37:2160:0:3007:aae5:1d5c:a340/64 scope global temporary dynamic
valid_lft 86340sec preferred_lft 14340sec
inet6 fd48:1a37:2160:0:3a59:f9ff:fee0:7d5d/64 scope global mngtmpaddr noprefixroute dynamic
valid_lft 86340sec preferred_lft 14340sec
inet6 fe80::3a59:f9ff:fee0:7d5d/64 scope link noprefixroute
valid_lft forever preferred_lft forever

As you can see, both interfaces have addresses, though I'm connected via Ethernet.

BTW, public addresses have been changed to protect the guilty.

Peek

@JKnott. Winblows & Linux.

Okay ... so Linux basically "bridges" eth0 with the wifi interface when connected via eth0 by default.

Will try. Thanks.

JKnott

@Peek said in pfsense DNS resolver not registering IPv6 addresses:

@JKnott. Winblows & Linux.

Okay ... so Linux basically "bridges" eth0 with the wifi interface when connected via eth0 by default.

Will try. Thanks.

No, it routes. Linux functions as a router, unless you disable it. I expect the same is true with the FreeBSD under pfSense and Macs. Also, when both interfaces are up, to the same network, it forwards the packets over the interface with the lowest metric. The metric is 100 for Ethernet and 600 for WiFi, so Ethernet gets used.

JKnott

@JKnott

Perhaps routing isn't the best term in this instance. Unlike Windows, Linux leaves both interfaces up, when Ethernet is connected. When an arp request comes in on the Ethernet port, for the WiFi address, Linux still responds, not caring which interface the address is assigned to and replies through the Ethernet port, based on it having the lower metric.

johnpoz

@JKnott said in pfsense DNS resolver not registering IPv6 addresses:

Linux functions as a router, unless you disable it.

Which linux distros are these, out of the box every single linux I have ever setup - unless its a specific "router" distro.
user@uc:~$ cat /proc/sys/net/ipv4/ip_forward
0

When you have 2 interfaces in the same network, yeah the OS should use the interface with the lowest metric to talk to that network.

JKnott

@johnpoz

Sorry, my mistake. I must have been thinking of something else. Regardless, with Linux both interfaces are up and either address can be used as I do frequently.

johnpoz

This is no different than windows.. I can fire up a wifi interface and use it, on the same network my wire is connected too.

JKnott

@johnpoz

On the same network? When I try that, I can't ping the WiFi interface, if Ethernet is connected. I haven't tried different networks. On my home network, I normally use WiFi for my notebook, but on occasion use Ethernet. Eitherway, I use the WiFi host name to connect to it.

Peek

Allrighty then ...

It's thus the WiFi address to be registered in DNS for connectivity via WiFi OR ETH.

johnpoz

Well depends on your box or driver - some bios can disable wifi on a wired connection.. But you can for sure fire it up and use it if you so desire.. But its almost never a good thing ;)

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : local.lan
   Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
   Physical Address. . . . . . . . . : 38-59-F9-5F-63-C1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.9.212(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, September 18, 2019 10:10:33 PM
   Lease Expires . . . . . . . . . . : Sunday, September 22, 2019 10:10:32 PM
   Default Gateway . . . . . . . . . : 192.168.9.253
   DHCP Server . . . . . . . . . . . : 192.168.9.253
   DNS Servers . . . . . . . . . . . : 192.168.3.10
   NetBIOS over Tcpip. . . . . . . . : Enabled

Just fired wifi on same 192.168.9 network

Here is wire

Ethernet adapter Local:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GbE Family Controller
   Physical Address. . . . . . . . . : 00-13-3B-2F-67-62
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.9.100(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.9.253
   DNS Servers . . . . . . . . . . . : 192.168.3.10
   NetBIOS over Tcpip. . . . . . . . : Enabled

Here i am pinging the wifi IP from another box

user@uc:~$ ping 192.168.9.212
PING 192.168.9.212 (192.168.9.212) 56(84) bytes of data.
64 bytes from 192.168.9.212: icmp_seq=1 ttl=127 time=1.42 ms
64 bytes from 192.168.9.212: icmp_seq=2 ttl=127 time=1.26 ms
64 bytes from 192.168.9.212: icmp_seq=3 ttl=127 time=2.40 ms
64 bytes from 192.168.9.212: icmp_seq=4 ttl=127 time=4.29 ms
64 bytes from 192.168.9.212: icmp_seq=5 ttl=127 time=1.90 ms
64 bytes from 192.168.9.212: icmp_seq=6 ttl=127 time=2.94 ms
64 bytes from 192.168.9.212: icmp_seq=7 ttl=127 time=1.24 ms
64 bytes from 192.168.9.212: icmp_seq=8 ttl=127 time=1.34 ms
^C
--- 192.168.9.212 ping statistics ---
8 packets transmitted, 8 received, 0% packet loss, time 7010ms
rtt min/avg/max/mdev = 1.246/2.102/4.295/1.009 ms
user@uc:~$ 

JKnott

@johnpoz

Here's what happens here, with Ethernet connected:

Ping WiFi address

ping 172.16.0.40
PING 172.16.0.40 (172.16.0.40) 56(84) bytes of data.
From 172.16.0.10 icmp_seq=1 Destination Host Unreachable
From 172.16.0.10 icmp_seq=2 Destination Host Unreachable
From 172.16.0.10 icmp_seq=3 Destination Host Unreachable
^C
--- 172.16.0.40 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4099ms
pipe 4

Ping Ethernet address

ping 172.16.0.40
PING 172.16.0.40 (172.16.0.40) 56(84) bytes of data.
From 172.16.0.10 icmp_seq=1 Destination Host Unreachable
From 172.16.0.10 icmp_seq=2 Destination Host Unreachable
From 172.16.0.10 icmp_seq=3 Destination Host Unreachable
^C
--- 172.16.0.40 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4099ms
pipe 4

However, one thing I did notice was that the WiFi address is reachable for several seconds after plugging in the cable, then becomes unreachable.

If WiFi only is connected, I cannot reach the Ethernet address.

So, it appears Windows is shutting down the WiF interface, after Ethernet is connected. Ipconfig shows it as "Media disconnected".

johnpoz

Again that could be a setting in the bios or the driver, or the software you put on for the wifi card.. Is this a laptop? Its very common for laptops to do that..

Example

Here is my wifi card driver settings

Notice I have it disabled ;)

Again - because its not normally a good thing to be multihomed..