Dynamic DNS update to IPv6 host

junicast

Hi,

2.3.1-RELEASE-p5 (amd64)
built on Thu Jun 16 12:53:15 CDT 2016
FreeBSD 10.3-RELEASE-p3

I'd like to send Host updates by my pfsense DHCP server to a DNS server which happens to be a FreeIPA system.
This system though is only using IPv6.
pfsense isn't allowing me to enter an IPv6 address at:
Services / DHCP Server / <<interface name="">> / Primary DDNS address

Is this on intention? Otherwise I would open a feature request.

Thank you

This is the error message:
The following input errors were detected:

A valid primary domain name server IP address must be specified for the dynamic domain name.</interface>

johnpoz

So let me get this right.. You want your IPv4 dhcp server to register its ipv4 clients IP addresses via ipv6 address..

Does your pfsense box even have working ipv6?  What is this server your talking about putting your clients ipv4 addresses in??  Where is it?  Your running a copy of feeipa, why would it be only on ipv6???

junicast

You want your IPv4 dhcp server to register its ipv4 clients IP addresses via ipv6 address..

yes

Does your pfsense box even have working ipv6?

yes, it does.

What is this server your talking about putting your clients ipv4 addresses in??

There is an interface for LAN subscribers who get an IPv4 address which should also get registered at my FreeIPA DNS server.

Where is it?  Your running a copy of feeipa, …

It's not in the same location as the pfsense router, but somewhere else in the internet.

why would it be only on ipv6???

Because I don't need IPv4 any more for that host.

johnpoz

"Because I don't need IPv4 any more for that host."

Yeah you kind of do.. So you think the world is ready for ipv6 only hosts?  Your going to really need dual stack for many years to come.. While there have been great strides in ipv6 deployment having a ipv6 only host currently is going to be very limiting in what resources it can access.

I would assume that the check they put in for the valid IP is only checking IPv4 since your scenario is for sure a odd setup.  Your talking the ipv4 dhcp server, I doubt they thought that anyone would want to register these ipv4 addresses via ipv6.  Not saying its not possible - but for sure something unlikely to be used with the current state of ipv6 deployment globally.

Can not bring your freeipa box up dual stack with ipv4 and ipv6?  You could put in a feature request to allow for the ipv6 in the v4 dhcp server for dynamic registration.  But I doubt its going to be a high priority ;)

junicast

I know what you mean. But there is one problem. Nobody knows how to run IPv6 only if no one ever tries.
That's exactly what I do with that FreeIPA instance, which runs extremely well so far without lPv4.

I will fill in a feature request. Since this is only a testing environment this isn't high priority to me, either.
Thank you

reference to ticket:
https://redmine.pfsense.org/issues/6600

johnpoz

You can run ipv6 only very easy.. Problem is the world is not really ipv6 ready..  Other than some porn stuff, I know of really no resources that are only available ipv6.

Your showing that in your current setup, your mixing by running ipv4 dhcp server trying to talk to ipv6.  Bet you the ipv6 dhcp server can work just fine with your ipv6 only freeipa.  Why are you using ipv6 clients for dhcp if you want to use ipv6 only freeipa..

How are your ipv6 only devices talking to resources that are only ipv4 currently?  Are you using the ipv6-ipv4 sixxs proxy?

Since you want to run dhcp v4 still, if you want to use that with your freeipa, I would bring up your freeipa with ipv4..

Inq

this topic might be related: https://forum.pfsense.org/index.php?topic=111272.msg620625#msg620625

Short version : pfsense does not expose primary6 statement in gui. The "primary ddns address" field is linked to the primary statement in dhcpd.conf/dhcpdv6.conf. The primary statement allows only v4 addresses.

johnpoz

Yeah that could be related.  So seems you found an issue with even the dhcpv6 doing dynamic updates to a ipv6 server.. If I read that thread correctly.

Inq

More or less. Ipv6 ddns is fubared by design in my humble opinion. What i was trying to point out is that the ipv6 primary ddns address must have a separatte field in gui because isc dhcp has diffrent statements for v4 and v6 ddns server addresses.
For v4 you must use primary statement ( ex: zone example.tld; { primary 192.168.0.1;}
For v6 you must use primary6 statement ( ex: zone example.tld; {primary6 fd00::1;}

Right now pfsense does gui does not expose the primary6 statement, the primary ddns address coresponds to the primary statement and doesn't let the user to inpunt anything but a v4 address.

johnpoz

Yeah and see you have already put in a redmine on that it seems.  Great info.. Sure they get it sorted soon enough..

Back to my point that ipv6 not really ready for prime time if you ask me.. Few years yet to be honest.. Just so many moving parts on a global scale to get working..  It was not all that long ago that the dns roots were not even ipv6.. I do believe G and E are still only ipv4..

And the 2nd level for the tld are not fully ipv6 yet, quick check show that a and b.gtld-servers.net for .com are but the rest have no ipv6..