DNS hostname for dynamic IPv6 address

adhawkins · Jul 24, 2019, 3:42 AM

Hi,

I'm trying to move from a dnsmasq based VM to pfsense. One feature that I find useful with dnmasq, is that when it hands out an ipv4 lease, it will calculate the associated SLAAC address for that MAC and ping it. If it gets a response, it will add an AAAA and PTR record for the received hostname to its DNS, allowing you to use a DNS name to refer to that machine over ipv6.

I can't seem to get this working with pfsense.

I'm using Debian Buster and systemd-networkd to request the addresses. This is the network definition:

[Match]
Name=eth0

[Network]
DHCP=yes

[DHCP]
UseDomains=true
SendHostname=true
Hostname=deb-10-test-1-host
DUIDType=link-layer

When I do a packet capture, I can see that the specified hostname is sent in the fqdn field of the packet. However, if I use pfsense to look at the lease, no hostname is associated with it.

I've attached an image of the lease, as well as the packet capture (taken from pfsense) for the DHCP traffic.

Can anyone assist with getting this working?

(the blank bit between the MAC address and the first date / time is the 'hostname' field)

packetcapture (2).cap

Thanks

Andy

IsaacFL · Jul 24, 2019, 3:42 AM

@adhawkins I am familiar with what you were doing with dnsmasq, and I don't believe there is a way to do that with default pfsense setup.

I have found that it is easiest to just manually add the ipv6 slaac address in the DNS Resolver. Many of the newer OS's don't use the old method for generating the slaac address anyway.

But regardless, the slaac address is a static address, so it is a one time entry in the resolver unless the prefix changes. If the prefix were to change it is easy to backup the DNS Resolver info, search and replace the old prefix with the new and then restore the DNS Resolver.

JeGr · Jul 24, 2019, 6:29 AM

Newer Hosts tend to use EUI-64 if implemented so are not "predictable" by their MAC address anymore, so I think @IsaacFL has it right, that it's a better/simpler solution to just enter it manually in the resolver override.

https://howdoesinternetwork.com/2018/new-slaac

adhawkins · Jul 24, 2019, 8:19 AM

Thanks @IsaacFL and @JeGr .

I was actually coming to the conclusion that probably the easiest way is to use DHCPv6 to assign a static lease to the clients I want to resolve. That does seem to add an entry into the DNS for that least.

Does that sound like a viable option?

Thanks again.

Andy

IsaacFL · Jul 24, 2019, 5:03 PM

@adhawkins DHCPv6 is an option, but you will need to obtain the DUID of the device, which can be difficult to find.

The device will still have a slaac address in addition to the DHCPv6 one, so you might as well just use it in the DNS entry. Most devices it is easy to find the slaac address. Just "ip a" "ipconfig" at the console.

adhawkins · Jul 25, 2019, 9:04 AM

That's true @IsaacFL , but once the client has a lease, you can see that lease in pfsense and convert it to a 'static' lease.

Good point about the SLAAC address never changing though, might give that a go.

Andy

JKnott · Jul 25, 2019, 12:40 PM

@JeGr said in DNS hostname for dynamic IPv6 address:

Newer Hosts tend to use EUI-64 if implemented so are not "predictable" by their MAC address anymore

Actually, all IPv6 addresses are EUI-64. The host part can be either MAC based, random number or other. With IPv6, the EUI-48 MAC address is converted to EUI-64 by inserting FFFE in the middle and inverting bit 7.