Best practices for local name resolution

ddbnj · Aug 30, 2022, 6:21 PM

Week 2 of IPv6...

I've decided to move away from DHCPv6 on my LAN due to the fact I have many google devices. All are connected via SLAAC and pass their respective ipv6 tests.

When pinging from one computer to another via their hostnames, the OSs fall back to the IPv4 address. If I ping the actual GUA, the pings work.

How can I register the client names to a name server? If IPv6 does not use a central server, why are my neighbor advertisements not working on the same network segment?

Thanks for any insights.

-Devan

the other · Aug 30, 2022, 6:28 PM

@ddbnj
hey there,
I do not know if this is "best practice" but it works for me...

Under DHCPv6 & RAs choose the RA tab, there set ULAs for your LAN / VLANs.
(I assume IPv6 works with Tracking WAN for your LAN in general)

Then put those adresses (fd:) under DNS resolver (if that's what your using) under the "host override" section.

Here, a PING6 clientname results in showing client's ULA adresses...

ddbnj · Aug 30, 2022, 6:33 PM

@the-other

Thanks.

I read the nice tutorial from I think from @jknott but I'm a bit lazy. I don't want to have to create a ULA table myself for all the devices. I would rather the devices advertise themselves by name and then be addressed accordingly, keeping the IP translation behind the scenes. This is how DNS resolver works for IPv4. There is an option to add the DHCP client hostnames automatically. I figured there is an equivalent for IPv6.

the other · Aug 30, 2022, 6:38 PM

@ddbnj
...yeah, would be nice. Haven't heard of something like that...
But maybe one of the pros here can enlight us with a real "best practice" way to do that.
;)

Bob.Dig · Aug 30, 2022, 6:48 PM

You can make static mappings and the hostname is given to the resolver, exactly like with IPv4.

the other · Aug 30, 2022, 6:58 PM

@bob-dig
This might be a stoopid question...
But that won't work when no dhcpv6 is used or am i lost?
When the te only wants (thanks Google) ra and slaac, then is there another way besides host override under dns resolver?

ddbnj · Aug 30, 2022, 7:07 PM

@the-other

I have avahi running on the linux server. If ping "server1.local" from the windows 10 computer, it goes to the ipv6 address and the ping works. So avahi/mdns is one solution to get to my server. It's not working in the other direction yet.

According to the microsoft data, a microsoft server should register a AAAA record with a DNS server. I'm not sure if that behavior extends to a regular client.

JKnott · Aug 30, 2022, 9:15 PM

@ddbnj

With SLAAC, DNS can be provided with RDNSS. On the RA page, enable Provide DNS configuration via radvd. Then add the host names to the DNS servers. You can have the same hostname for IPv4 and IPv6.

ddbnj · Aug 31, 2022, 6:08 AM

@jknott

Thank you.

I set up a ULA prefix on my IOT network full of google smart speakers. How would I identify the assigned ULA address for an individual device on pfsense itself? It's not in the NDP table. While looking at my pixel 4, I can identify the ULA as well as the GUA.

Is the only workflow consist of pulling the ULA from each device or is there a way I can get the assigned ULAs via pfsense. If that's not possible, it would make creating IPv6 host overrides quite onerous.

For anyone else reading this thread, this was also discussed in 2020:

https://forum.netgate.com/topic/156490/understanding-how-to-get-hostnames-in-ipv6-leases/8

Reading this yesterday, I learned that the ISC DHCPv6 server does not track hostnames for IPv6, unlike the behavior for IPv4 so it seems that this is a pretty big negative if you use local DNS populated by the clients themselves. This doesn't even address the issue with Android devices (SLAAC).

I may just let the IPv4 fallback and deal with the domain lookup speed loss. It was annoying asking the smart speaker to turn off the lights and there were these new 1 to 5 second delays.

ddbnj · Aug 31, 2022, 6:25 AM

If I create a ULA on the RA page, do I also have to create a static route? I can ping using the GUA across VLAN's with open firewall rules. I cannot with the ULA. There is no route entry for the ULAs but there is one for the GUA. Would a VIP on the network interface fix this?

JKnott · Sep 2, 2022, 1:37 AM

@ddbnj

I'm not sure I'm understanding your problem. If a device is working on IPv6, it should have some ICMP6 traffic, if nothing else. What do you see if you run Packet Capture, filtering on the MAC address? With SLAAC, the suffix is determined by the device, often based on the MAC address.

Routing works exactly the same with GUA and ULA.

ddbnj · Sep 2, 2022, 1:37 AM

@jknott

The packet capture via mac address is a good idea. If I decide to create an IPv6 table for my local devices, I'll use it.

Regarding routing, I realized that I have to add a route for ULA devices if I don't create an address for the interface itself. It's for devices on a different VLAN to reach ULA devices (admin to IOT).

Anyway, thanks for your insights. Learning and deploying IPv6 has been pretty time consuming, I got to catch up with my real life!

Thanks,

Devan