  • pfSense 2.4.4-RELEASE-p3
    pfSense is configured to send DDNS updates (IPv4 and IPv4, forward and reverse) to BIND on a separate server (dnsmasq and unbound are not in use and clients are not allowed to update DNS themselves). This works well for hosts without static leases and for static IPv4 leases, but static IPv6 leases do not get added to DNS. I'm guessing this is because "update-static-leases on;" gets added to /var/dhcpd/etc/dhcpd.conf but not to /var/dhcpd/etc/dhcpdv6.conf. Hasn't anybody else reacted to this?

    I suppose there are reasons to add or not add static leases to DNS automatically, but surely the behaviour should be consistent or separately configurable?

  • Which IPv6 addresses? WAN side or LAN? DDNS would work only with the WAN side. There is no mechanism for LAN side addresses to be sent to the DDNS, so you'll have to manually add them to the DNS server.

  • I'm talking about the IPv6 addresses that the DHCP server on the firewall hands out to the clients on the LAN side. As I said, there's no problem getting them added to the DNS using DDNS as far as normal leases go, but static leases are skipped.

  • @millnet-maho

    Unless I'm mistaken (I thought I was wrong once, but I was mistaken <g>), DDNS is used to update a DNS server with the new IP, when the DHCP assigned address changes. By definition, static address don't change, so there's no need for anything like DDNS for them. You just configure the DNS as needed.

  • @millnet-maho :

    You mean this :


    on the Services > DHCPv6 Server & RA > LAN > DHCPv6 Server page ?

  • @JKnott As I said, different strategies certainly exist, but nevertheless, adding DNS RRs for static IPv4 leases with DDNS works. One reason for doing it that way is so you don't have to enter information in two places and you don't have to freeze the zone in BIND and edit the zone file manually. Sure, with DDNS you perhaps don't need static leases because you can always use the host name, but I like to set fixed addresses for monitoring reasons.

  • @Gertjan Exactly.

    Ok. What I thought.
    As you saw, I filled in the needed settings, so the (routable) IPv6 distributed by the DHCPv6 would be registered on an DNS master name server, that handles all my (sub)domain names.
    These sun domaine names would now be recognized all over the Internet, and I could easily access my devices from anywhere by just opening a the firewall of pfSense.
    But : DHCPv6 I never saw any "RFC 2136" communication happening to my 'bind' name server. I do use RFC 2136 for classic IPv4 DDNS with the same bind name server, and that works fine.

  • Patching the script generating the config to include "update-static-leases on" in dhcpdv6.conf doesn't seem to help. The man page says that this isn't recommended anyway, so maybe I should add the records manually after all, but then update-static-leases shouldn't be switched on for IPv4 either.

