Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    General DHCPv6 to DNS updates

    IPv6
    2
    3
    1337
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • pmisch
      pmisch last edited by

      Hi,

      I assume you would need stateful adressing, thus DHCPv6 in order to get the mappings up stream to some DNS server.
      Furthermore I assume that making sure the IPv6 address needs to be made static, isn't true. That's because your host will stay reachable through exactly those DNS updates anyway.
      In v4 this have been working out of the box just fine, but only when the DNS service is on the exact same host, right? -> dnsmasq at OpenWrt or unbound in pfSense.

      What about practical experience?
      To me a FreeIPA might look like a good choice of partner for pfsense regarding this topic.
      What if I would want my pfsense firewall to act as such a stateful DHCPv6 server connected to e.g. FreeIPA (DNS).

      Thank you for reading

      1 Reply Last reply Reply Quote 0
      • JKnott
        JKnott last edited by

        No, you don't need DHCPv6.  I use SLAAC on my network and use the MAC based address for the DNS.

        1 Reply Last reply Reply Quote 0
        • pmisch
          pmisch last edited by

          How do I set this up on the pfsense side?
          Thank you.

          Little bit awkward to answer my own question.

          Here's a short howto for FreeIPA and pfsense:

          1. For the specific zone in Freeipa Settings make sure "Dynamic update" is set to: true
          2. generate key, me using srvxxx.my.domain
          dnssec-keygen -a HMAC-MD5 -b 512 -n HOST srvxxx.my.domain
          

          Open generate *.private file and copy the Key in the line that starts with Key:
          3) On all FreeIPA hosts in replication edit /etc/named.conf by adding

          include "/etc/named.srvxxx.key";
          
          1. On all FreeIPA write file /etc/named.srvxxx.key
          key "srvxxx.my.domain" {
                 algorithm hmac-md5;
                 secret "your_key_from_2)";
          };
          
          1. restart ipa via```
            ipactl restart
          
          You can add this for DHCP server if you like also for DHCPv6 server.
          
          Unfortunately the updates are being refused. I think the grant statement is not just right. I'll update this post if I get it resolved.
          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy