DDNS IPv6 Cloudflare

Bob.Dig · Dec 13, 2019, 3:28 PM

@JKnott I talk to you in this thread because it is already cluttered up. I hadn't set that option, because I didn't knew, if I needed it in the firs place. Now I set it, thanks, and I have to watch this in the future.

Something different, in the Service DHCPv6 Server & RA I set up the DUID togehter with an hostname but no ip. There it says, if no IP is given, one will be dynamically allocated from the pool.
But the end result always is, that there is no connection between an ip and the hostname (in DNS).

So I guess I have to input an link-local ipv6 in the DNS (Unbound) to always have a functional DNS Setup for my LAN.

JKnott · Dec 13, 2019, 3:48 PM

@Bob-Dig

That's why I said to ensure it's set. Prior to that setting being available, all it took for my prefix to change is just disconnect/reconnect the WAN Ethernet cable.

What setting are you referring to re DUID? I have never had to set anything like that.

Bob.Dig · Dec 13, 2019, 5:19 PM

@JKnott I was talking about
ServicesDHCPv6 Server & RALANDHCPv6 Server

Finally got it working, I had to use those IPv6s, which the PCs made up by themselves and not the ones from the DHCPv6 Server.

Now the hostnames defined in the DHCP & DHCPv6 Server are automatically in DNS (unbound) and I can have the same Firewall-alias for IPv4 & v6.
This also means, next time (?) the prefix changes, there is nothing to do in pfSense anymore, I only have to update my DNS-Provider.

For that, I still don't have a solution, but I made up a "Dynamic DNS Client" with Cloudflare (v6) in pfSense for the LAN interface, then disabled this client. But those disabled Clients will still be checked by pfSense it seems, so I will see something red in the pfSense Dashboard, next time the prefix changes.

Bob.Dig · Dec 13, 2019, 6:48 PM

That was to quick, it is not possible to have the same Firewall alias (FQDN or hostname) for IPv4 & v6, is this a bug?

JKnott · Dec 13, 2019, 7:15 PM

@Bob-Dig

Where are you referring to? It is certainly possible to have the same hostname for both A & AAAA records. It is not possible to have the same name for an AAAA record and an IPv4 alias with my public DNS server. It is possible to configure that, but the IPv6 AAAA record will never be used.

Bob.Dig · Dec 13, 2019, 7:27 PM

@JKnott
@johnpoz

It seems to be a bug in pfSense.
In the screenshot you can see that I should be able to input a host or FQDN for IPv4 and v6, but pfSense is always puting a /32 behind it, so it is not possible for IPv6 right now. It will only allow /128 with a real IPv6 address.

I am getting nuts, please someone answer.

johnpoz · Dec 13, 2019, 7:27 PM

Can you not read??? Right above where you trying to put in what your putting in???

What does it say about host names and the /32

Bob.Dig · Dec 13, 2019, 7:32 PM

@johnpoz I can read and it says I can input a hostname or FQDN for IPv6, but it doens't do it, always getting back to /32...
It is also not working under Alias/host but here (Alias/networks) the problem is more visible.

johnpoz · Dec 13, 2019, 7:37 PM

What do you think is going to get put in there if you put in a fqdn??? What fqdn are you going to put in??

Bob.Dig · Dec 13, 2019, 7:44 PM

@johnpoz I tried hostnames from the dhcp servers, tried with DNS, tried host with parent domain...

I want a Firewall-Alias which comes from the dns-resolver, or something I can work with, is this possible?

e.g.

johnpoz · Dec 13, 2019, 7:48 PM

Dude how hard is it show what you want? hostU2 is not going to freaking resolve to anything - how and the F do you think that could work?

Bob.Dig · Dec 13, 2019, 7:49 PM

@johnpoz It is working for IPv4! Why not for v6.

johnpoz · Dec 13, 2019, 7:50 PM

What is in your alias???????? hostu2 is not a FQDN..

Bob.Dig · Dec 13, 2019, 7:52 PM

@johnpoz For IPv4 e.g.

and works, tried it right now with a friend.

johnpoz · Dec 13, 2019, 7:53 PM

And what does pfsense resolve that too??? It would be using its own search suffix?

What is in the table? Go to hostname and resolve u2.. What does it come back with..

Bob.Dig · Dec 13, 2019, 7:58 PM

@johnpoz Where should I look exactly? The firewall tab can't show it.

Bob.Dig · Dec 13, 2019, 8:10 PM

@johnpoz When I go to Diag/table it will only say 192.168.1.30
But why? Why can't I input the same for IPv6 there.

johnpoz · Dec 13, 2019, 8:10 PM

And where do you think it gets that from?? U2 is not a FQDN it can not resolve... you have it in your host file on pfsense.. or you append the domain to it when you query it...

Do you have IPv6 there... I can resolve any fqdn I want for ipv6...

Bob.Dig · Dec 13, 2019, 8:13 PM

@johnpoz So who put the 192.168.1.30 in that table? Where originated it? Why can't I do the same thing for IPv6?

johnpoz · Dec 13, 2019, 8:17 PM

Here

there is no ipv4 for pfsense, but there is a pfsense.local.lan IPv6 entry in my resolver host override... So when I tell ping to ping that host via ipv6 it gets the IPv6 address..