IPv6 and internal DNS registration

JKnott

Can you run a packet capture on the LAN, filtering on ICMP6? Attach the capture file here.

hmf

@jknott I can do that sometime in the next day or so… I assume you mean with the “broken” config (after adding the Virtual IP on the ULA subnet).

Are you some kind of network engineer who can actually fix problems like I think this is?

Jim-bob-the-grand

@hmf
What is the purpose of the virtual IP with IPv6?

RA should pump out the link local fe80 address for routing and pump out the ULA/GUA subnets used in the network.

Are you trying to use a GUA, ULA or link local as a VIP?

JKnott

@hmf

What the packet capture will show is the contents of the RAs so I can see what's being sent out. You appear to be miss configured somewhere.

I am a Cisco CCNA with a fair bit of experience with IPv6, going back over 11 years. I also seem to be the IPv6 expert around here.

Let the capture run for a few minutes.

JKnott

@jim-bob-the-grand said in IPv6 and internal DNS registration:

What is the purpose of the virtual IP with IPv6?

If you're adding a ULA prefix, the VIP is used to provide an address within that prefix for the interface, though you can get by without it.

hmf

@jim-bob-the-grand

Hi,

Literally, the VIP is to provide a ULA in the DNS/DC/NTP subnet being RA’d. I don’t need to have a well-known address for the Netgate in my current configuration, so the more pointed answer is “just for symmetry.”

I can (probably) think of a configuration where having a well-known ULA for the Netgate would be helpful (e.g., an intermediate router), but it’s not necessary here; it’s just something that should work.

I would also put money on the chances that this is a problem having nothing to do with ULAs… I bet if you assign a second IPv6 on a delegating interface (it being common to have multiple IPv6’s on an interface), it will mess up delegation.

…and I see that @JKnott just gave you a much shorter and probably better answer.

JKnott

Here's some info on using ULA.

hmf

@jknott, That is the exact post I used to set it up when we started this conversation, and exactly what was working before I installed the last update (to shut off the blinking yellow light, and for no good reason like a neat new feature, ironically).

JKnott

@hmf

Did you mention the update before? I don't recall it. However, if that's where your problem started, you should have said so. I thought you were just trying to set it up for the first time. What versions did you update from and to?

hmf

I did! (See below)

I have the current version now:

Version 21.05.2-RELEASE (amd64)
built on Fri Oct 22 15:24:02 UTC 2021

I don’t know how to get the previous version, but it was obviously current until a couple weeks ago (when the yellow light started annoying me).

@hmf said in IPv6 and internal DNS registration:

@jknott Oh, help...

I just upgraded by 6100 appliance and things stopped working again! Now, instead of RA just publishing the DNS ULA (fd...) it is using the IPv6 alias as the source for the network prefix instead of the PD prefix. Now none of the hosts are on the internet unless I remove the alias and exclusively use DNS / IPv4.

How do I get it to publish the PD prefix for SLAAC and the ULA for DNS again?

JKnott

@hmf said in IPv6 and internal DNS registration:

Version 21.05.2-RELEASE (amd64)

I'm on 2.5.2 (amd64), which is the latest for non Netgate gear. I didn't know there was a version 21 for AMD.