Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    General DHCPv6 to DNS updates

    Scheduled Pinned Locked Moved IPv6
    3 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • junicastJ
      junicast
      last edited by

      Hi,

      I assume you would need stateful adressing, thus DHCPv6 in order to get the mappings up stream to some DNS server.
      Furthermore I assume that making sure the IPv6 address needs to be made static, isn't true. That's because your host will stay reachable through exactly those DNS updates anyway.
      In v4 this have been working out of the box just fine, but only when the DNS service is on the exact same host, right? -> dnsmasq at OpenWrt or unbound in pfSense.

      What about practical experience?
      To me a FreeIPA might look like a good choice of partner for pfsense regarding this topic.
      What if I would want my pfsense firewall to act as such a stateful DHCPv6 server connected to e.g. FreeIPA (DNS).

      Thank you for reading

      1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott
        last edited by

        No, you don't need DHCPv6.  I use SLAAC on my network and use the MAC based address for the DNS.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • junicastJ
          junicast
          last edited by

          How do I set this up on the pfsense side?
          Thank you.

          Little bit awkward to answer my own question.

          Here's a short howto for FreeIPA and pfsense:

          1. For the specific zone in Freeipa Settings make sure "Dynamic update" is set to: true
          2. generate key, me using srvxxx.my.domain
          dnssec-keygen -a HMAC-MD5 -b 512 -n HOST srvxxx.my.domain

          Open generate *.private file and copy the Key in the line that starts with Key:
          3) On all FreeIPA hosts in replication edit /etc/named.conf by adding

          include "/etc/named.srvxxx.key";
          1. On all FreeIPA write file /etc/named.srvxxx.key
          key "srvxxx.my.domain" {
       algorithm hmac-md5;
       secret "your_key_from_2)";
};
          1. restart ipa via```
            ipactl restart
          
You can add this for DHCP server if you like also for DHCPv6 server.

Unfortunately the updates are being refused. I think the grant statement is not just right. I'll update this post if I get it resolved.
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.