Is there a process to ask for review of a Bug Fix that has already been Closed?
-
https://redmine.pfsense.org/issues/9302
I don’t have the ability to setup a pfSense 2.5 server to test this change and was wondering if anybody could look this change over.
It seems to me, that not only was there no bug to begin with but this breaks functionality.
It seems that the result of the change is that:
On the Router Advertisements Tab – DNS ConfigurationThe change seems to be that if you leave the servers blank, “Use same settings as DHCPv6 server” is mandatory.
-
I don’t understand why they thought there was a problem was to begin with. If you want the Router Advertisements to be the same as the DHCPv6 server, then check the mark.
-
It is perfectly valid to have the DHCPv6 server to be an external to pfSense server.
-
It is also perfectly valid to decide to use different DNS servers for DCHP clients vs RDNSS clients.
-
What happens if you don’t enable the pfSense DHCPv6 Server because you use an external?
-
If you want the pfSense router to announce the current default how would you do that with the change. Especially if my prefix is dynamic?
-
-
Before I decide to comment on redmine I just want to clarify something here.
Are you saying you believe if dhcp6 is disabled for a subnet, and at the same time radvd is set to either of the following.
managed or disabled
It should "not" be sending DNS servers to clients.
If yes I agree with you.
I am seeing devices on my guest network, been given fe80::1:1 as a dns server when they have no routeable ipv6 configured, and radvd is set to managed and dhcp6 disabled. This to me doesnt make sense as a working configuration and could even be considered a bug.
I just want to be sure tho of if you agree with what I just said.
--
I had a look at the bug report.
The argument for enforcing it is based on RFC compliance, now I havent read either RFC document, but if Rick is correct then I think it is right to keep this behaviour, but I would consider the current wording for "managed" to be a bug as its misleading, since the wording clearly states dhcp6 manages the assigned DNS servers, not RADVD. So that wording needs changing, to indicate RADVD manages in the event DHCP6 is turned off.
-
@chrcoluk what I am saying is that DHCPv6 and RADVD (RDNSS) are separate independent services and the expectation is that both may be available. Best practices (BCP 220) are that RDNSS MUST be provided by the router if Neighbor Discovery is active, DHCPv6 MAY be provided by the router or DHCPv6 may be provided by a dedicated server, not the router.
The clients are expected to make a list of all DNS servers that they receive from the various services.
Then the client to decide which to use, based on a priority scheme spelled out in RFC 8106 that determines which order they should use.
For example, in my use case:
I have my RA tab, set with DNS as default, so the router advertises its own interface address for RDNSS. On my DHCPv6 tab, I set a pi-hole server for my DNS. These are not the same address.
Now what happens is that my client PC (ipconfig /all) shows both DNS servers, but it prefers to use the DHCP provided one as the RFC specifies. The reason I do this, is if for whatever reason the pi-hole goes down, then the client will fall back to the RDNSS which is my pfsense DNS.
-
@chrcoluk said in Is there a process to ask for review of a Bug Fix that has already been Closed?:
It should "not" be sending DNS servers to clients.
If yes I agree with you.
This is not the case. It "should" be sending DNS servers to clients in all cases, except where RA is "disabled" It is a required part of "Neighbor Discovery Protocol"
-
@IsaacFL said in Is there a process to ask for review of a Bug Fix that has already been Closed?:
@chrcoluk said in Is there a process to ask for review of a Bug Fix that has already been Closed?:
It should "not" be sending DNS servers to clients.
If yes I agree with you.
This is not the case. It "should" be sending DNS servers to clients in all cases, except where RA is "disabled" It is a required part of "Neighbor Discovery Protocol"
Actually the RFC says it "MUST" provide the DNS server information as part of the Router Announcement.
-
Yes my original opinion was purely based up on the wording provided in the pfSense description, I then changed my opinion based on the RFC information.
The pfSense description of managed is misleading hence my opinion that wording should be changed.
"Managed
Will advertise this router with all configuration through a DHCPv6 server."Then check the description for assisted.
"Assisted
Will advertise this router with configuration through a DHCPv6 server and/or stateless autoconfig."The behaviour is closer to description of Assisted than Managed.
-
@chrcoluk said in Is there a process to ask for review of a Bug Fix that has already been Closed?:
Yes my original opinion was purely based up on the wording provided in the pfSense description, I then changed my opinion based on the RFC information.
The pfSense description of managed is misleading hence my opinion that wording should be changed.
"Managed
Will advertise this router with all configuration through a DHCPv6 server."Then check the description for assisted.
"Assisted
Will advertise this router with configuration through a DHCPv6 server and/or stateless autoconfig."The behaviour is closer to description of Assisted than Managed.
The words could probably be improved. The RA flags are really just hints from the router to the client hosts and the words kind of imply that the router is enforcing them which is not the case.
The client hosts are supposed to use the router provided flags and then based on the various RFC's setup their interface for ipv6.
-
@chrcoluk I downloaded 2.5 and tested this today.
Based on my results i created https://redmine.pfsense.org/issues/9893
If you have any information you could add to the new bug it would be appreciated.