Turn off ICMPv6 option 31(RDNSS host name)?



  • Is there any way to turn off option 31? I'm trying to resolve a problem where RDNSS does not work on a computer running OpenSUSE 15. With this problem, the computer gets an IPv6 address, but no DNS servers. I have the IPv4 DHCP turned off for this testing.

    The computer, running OpenSUSE works fine with IPv4 DHCP enabled, but not disabled. The same computer, running Windows 10, as well as an Android tablet, work OK with RDNSS. The computer works OK when tethered to my cell phone, getting IPv6 server address as well as IPv4. However, I cannot turn off DHCPv4 on the cell phone.

    The only difference I can see, using Wireshark, is that pfSense provides the search domain via ICMPv6 option 31 and the phone doesn't. Nor does the phone provide the search domain via IPv4. However, I cannot find a way to disable option 31 on pfSense, to test if that's the cause of the problem. Also, removing the domain name search list does not stop it, as the domain name is a mandatory part of the general setup.

    Any ideas?

    tnx jk


  • Rebel Alliance Developer Netgate

    There isn't a GUI way to disable that, but you can comment out the lines in /etc/inc/services.inc inside services_radvd_configure() to test.



  • I have been searching through that file for "services_radvd_configure()" and don't see any line that would be suitable to comment out. Perhaps I'm misunderstanding what you mean by "inside services_radvd_configure()". That's an unusual way to specify a line in a script, at least to my understanding. Perhaps you could include the section of the script you're referring to.


  • Rebel Alliance Developer Netgate

    https://github.com/pfsense/pfsense/blob/master/src/etc/inc/services.inc#L31

    Look for the lines that specify the option you want to comment out (RDNSS for example)

    It's all in that file. You have to find the relevant lines, since you're the one that knows what you want to cut out of the resulting config.



  • Same thing. Even with searching on RDNSS, I don't see a relevant line to comment out, at least not one that I recognize.

    Here's the entire file /etc/inc/services.inc:

    • Copyright (c) 2004-2018 Rubicon Communications, LLC (Netgate)
    • All rights reserved.
    • originally part of m0n0wall (http://m0n0.ch/wall)
    • Copyright (c) 2003-2004 Manuel Kasper mk@neon1.net.
    • All rights reserved.
    • Licensed under the Apache License, Version 2.0 (the "License");
    • you may not use this file except in compliance with the License.
    • You may obtain a copy of the License at
    • http://www.apache.org/licenses/LICENSE-2.0
    • Unless required by applicable law or agreed to in writing, software
    • distributed under the License is distributed on an "AS IS" BASIS,
    • WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    • See the License for the specific language governing permissions and
    • limitations under the License.
      */

    define('DYNDNS_PROVIDER_VALUES', 'all-inkl azure azurev6 citynetwork cloudflare cloudflare-v6 cloudns custom custom-v6 digitaloc
    ean dnsexit dnsimple dnsmadeeasy dnsomatic dreamhost dreamhost-v6 duiadns duiadns-v6 dyndns dyndns-custom dyndns-static dyns eas
    ydns eurodns freedns freedns-v6 glesys godaddy godaddy-v6 googledomains gratisdns he-net he-net-v6 he-net-tunnelbroker hover loo
    pia namecheap noip noip-free ods opendns ovh-dynhost route53 route53-v6 selfhost spdyn spdyn-v6 zoneedit');
    define('DYNDNS_PROVIDER_DESCRIPTIONS', 'All-Inkl.com,Azure DNS,Azure DNS (v6),City Network,Cloudflare,Cloudflare (v6),ClouDNS,Cu
    stom,Custom (v6),DigitalOcean,DNSexit,DNSimple,DNS Made Easy,DNS-O-Matic,DreamHost,Dreamhost (v6),DuiaDns.net,DuiaDns.net (v6),D
    ynDNS (dynamic),DynDNS (custom),DynDNS (static),DyNS,easyDNS,Euro Dns,freeDNS,freeDNS (v6),GleSYS,GoDaddy,GoDaddy (v6),Google Do
    mains,GratisDNS,HE.net,HE.net (v6),HE.net Tunnelbroker,Hover,Loopia,Namecheap,No-IP,No-IP (free),ODS.org,OpenDNS,OVH DynHOST,Rou
    te 53,Route 53 (v6),SelfHost,SPDYN,SPDYN (v6),ZoneEdit');

    /* implement ipv6 route advertising daemon */
    function services_radvd_configure($blacklist = array()) {
    global $config, $g;

        if (isset($config['system']['developerspew'])) {
                $mt = microtime();
                echo "services_radvd_configure() being called $mt\n";
        }
    
        if (!is_array($config['dhcpdv6'])) {
                $config['dhcpdv6'] = array();
        }
    
        $Iflist = get_configured_interface_list();
        $Iflist = array_merge($Iflist, get_configured_pppoe_server_interfaces());
    
        $radvdconf = "# Automatically Generated, do not edit\n";
    
        /* Process all links which need the router advertise daemon */
        $radvdifs = array();
    
        /* handle manually configured DHCP6 server settings first */
        foreach ($config['dhcpdv6'] as $dhcpv6if => $dhcpv6ifconf) {
                if (!is_array($config['interfaces'][$dhcpv6if])) {
                        continue;
                }
                if (!isset($config['interfaces'][$dhcpv6if]['enable'])) {
                        continue;
                }
    
                /* Do not put in the config an interface which is down */
                if (isset($blacklist[$dhcpv6if])) {
                        continue;
                }
                if (!isset($dhcpv6ifconf['ramode'])) {
                        $dhcpv6ifconf['ramode'] = $dhcpv6ifconf['mode'];
                }
    
                /* are router advertisements enabled? */
                if ($dhcpv6ifconf['ramode'] == "disabled") {
                        continue;
                }
    
                if (!isset($dhcpv6ifconf['rapriority'])) {
    
                $racarpif = false;
                /* check if binding to CARP IP */
                if (!empty($dhcpv6ifconf['rainterface'])) {
                        if (strstr($dhcpv6ifconf['rainterface'], "_vip")) {
                                if (get_carp_interface_status($dhcpv6ifconf['rainterface']) == "MASTER") {
                                        $dhcpv6if = $dhcpv6ifconf['rainterface'];
                                        $racarpif = true;
                                } else {
                                        continue;
                                }
                        }
                }
    
                $realif = get_real_interface($dhcpv6if, "inet6");
    
                if (isset($radvdifs[$realif])) {
                        continue;
                }
    
                $ifcfgipv6 = get_interface_ipv6($dhcpv6if);
                if (!is_ipaddrv6($ifcfgipv6)) {
                        continue;
                }
    
                $ifcfgsnv6 = get_interface_subnetv6($dhcpv6if);
                $subnetv6 = gen_subnetv6($ifcfgipv6, $ifcfgsnv6);
                if (!is_subnetv6($subnetv6 . "/" . $ifcfgsnv6)) {
                        log_error("radvd: skipping configuration for interface $dhcpv6if because its subnet or prefix length is
    

    invalid.");
    continue;
    }
    $radvdifs[$realif] = $realif;

                $radvdconf .= "# Generated for DHCPv6 Server $dhcpv6if\n";
                $radvdconf .= "interface {$realif} {\n";
                if (strstr($realif, "ovpn")) {
                        $radvdconf .= "\tUnicastOnly on;\n";
                }
                $radvdconf .= "\tAdvSendAdvert on;\n";
    
                if (is_numericint($dhcpv6ifconf['raminrtradvinterval'])) {
                        $radvdconf .= "\tMinRtrAdvInterval {$dhcpv6ifconf['raminrtradvinterval']};\n";
                } else {
                        $radvdconf .= "\tMinRtrAdvInterval 5;\n";
                }
    
                if (is_numericint($dhcpv6ifconf['ramaxrtradvinterval'])) {
                        $radvdconf .= "\tMaxRtrAdvInterval {$dhcpv6ifconf['ramaxrtradvinterval']};\n";
                } else {
                        $radvdconf .= "\tMaxRtrAdvInterval 20;\n";
                }
                if (is_numericint($dhcpv6ifconf['raadvdefaultlifetime'])) {
                        $radvdconf .= "\tAdvDefaultLifetime {$dhcpv6ifconf['raadvdefaultlifetime']};\n";
                }
    
                $mtu = get_interface_mtu($realif);
                if (is_numeric($mtu)) {
                        $radvdconf .= "\tAdvLinkMTU {$mtu};\n";
                } else {
                        $radvdconf .= "\tAdvLinkMTU 1280;\n";
                }
                switch ($dhcpv6ifconf['rapriority']) {
                        case "low":
                                $radvdconf .= "\tAdvDefaultPreference low;\n";
                                break;
                        case "high":
                                $radvdconf .= "\tAdvDefaultPreference high;\n";
                                break;
                        default:
                                        
                /* add DNS servers */
                $dnslist = array();
                if (isset($config['dnsmasq']['enable']) || isset($config['unbound']['enable'])) {
                        $dnslist[] = $ifcfgipv6;
                } elseif (is_array($config['system']['dnsserver']) && !empty($config['system']['dnsserver'])) {
                        foreach ($config['system']['dnsserver'] as $server) {
                                if (is_ipaddrv6($server)) {
                                        $dnslist[] = $server;
                                }
                        }
                }
                if (count($dnslist) > 0) {
                        $dnsstring = implode(" ", $dnslist);
                        if (!empty($dnsstring)) {
                                $radvdconf .= "\tRDNSS {$dnsstring} { };\n";
                        }
                }
                if (!empty($config['system']['domain'])) {
                        $radvdconf .= "\tDNSSL {$config['system']['domain']} { };\n";
                }
                $radvdconf .= "};\n";
        }
                        
        /* write radvd.conf */
        if (!@file_put_contents("{$g['varetc_path']}/radvd.conf", $radvdconf)) {
                log_error(gettext("Error: cannot open radvd.conf in services_radvd_configure()."));
                if (platform_booting()) {
                        printf("Error: cannot open radvd.conf in services_radvd_configure().\n");
                }
        }

  • Rebel Alliance Developer Netgate

    It's right there in what you quoted (which didn't come out formatted right)

    Though if the domain name is what you have a problem with you probably want to leave out DNSSL, RDNSS is the DNS server list.

    Just ctrl-F and look for the string. It only happens on the lines that need commented out. I can't walk you through every single step of editing the file.



  • @jimp

    I see the line '$radvdconf .= "\tDNSSL {$config['system']['domain']} { };\n";'

    Will removing ['domain'] from that line remove option 31 from the RA? Or just remove the domain name, leaving an empty option 31?

    The reason I'm trying to do this is so that the pfSense RA matches the one from the cell phone as closely as possible, to see if this option is causing the problem.