DHCPv6 cannot specify local DNS server if interface is set to track interface with ::local:portion format

QueBall

Ok, so I am not sure if this is considered a bug or not.
Running 23.05-release
Observed same issue on 2.6ce and 23.01

But assuming your ISP is like mine (Telus) using prefix delegation and you want to have a local DNS server for split DNS purposes on your local LAN. So I do not want to just pass on the ISP provided DNS servers.

In the DHCPv6 server on LAN
Subnet is Delegated Prefix WAN/0 (the:prefix:from:ISP::/64)
Available range :: to ::ffff:ffff:ffff:ffff
I set my range to ::d:1000 to ::d:ffff (The D shows me it was dynamic)

DNS servers I would ASSUME I can set ::1000 and ::2000 and it would properly append the delegated prefix.
But it DOES NOT. The client just gets exactly what I enter ::1000 or ::2000 which doesn't work

I must type the entire current ipv6 with the current dynamic prefix. When it changes I must manually change the setting for the DNS server.

For DHCPv6 Static mappings I have the DUID of the dns server getting ::1000 and the DNS server 2 gets ::2000 and that works.

Found bug #7384 which appears to address this issue from 2017. While it seems to perfectly describe the situation the bug as far as I can see still exists.
The PD-prefix obtained from the ISP is not being merged. The range field merges ok, but not the DNS server.

And client is assigned
DNS servers:
::1000
::2000

If I enter the full prefix the client gets the correct setting.

Bob.Dig

@QueBall said in DHCPv6 cannot specify local DNS server if interface is set to track interface with ::local:portion format:

if this is considered a bug

Probably not, would be a feature request. If your DNS-server isn't pfSense itself then you have to enter an address. You can assign an ULA-subnet and on the DNS-server itself an ULA-address for this to work I guess (or even a link-local address could work).

QueBall

@Bob-Dig

Except for the previous bug report already seems to describe the exact same problem but I'm confused because it claims to have a fix though maybe new code replaced the previously fixed version and it's a new version of the old bug.

bug #7384

Either way I would suggest the behaviour is not correct, and should be consistent with the other settings on the same page.
Just wish I could do more to fix the code myself, hopefully I have at least made my example clear enough someone who understands this can see where it can be fixed.

Bob.Dig

@QueBall said in DHCPv6 cannot specify local DNS server if interface is set to track interface with ::local:portion format:

because it claims to have a fix

Good point!

JKnott

@QueBall

Is there some reason you need to use DHCPv6? Android devices don't support it, thanks to some genius at Google. Normally, SLAAC does all you need.

Gertjan

A question in a question :

@JKnott said in DHCPv6 cannot specify local DNS server if interface is set to track interface with ::local:portion format:

@QueBall

Is there some reason you need to use DHCPv6?

There is a reason. That is, I have one, probably because I'm 'old' and I always used 'static DHCP' for my IPv4 devices. For some reason, I like (prefer) have some sort of phone book where all devices are listed by name and number.
The thing is : I like to do the same thing with my devices that use IPv6.

True : my 'prefix' is a static (I have to believe my ISP for that).

Android devices don't support it, thanks to some genius at Google.

I've solved that problem many years ago.

Normally, SLAAC does all you need.

That brings me to the final question, as I actually never gave it a chance : my devices will still have the same IPv6 over time ?
Can I put a IPv6 firewall rule that makes my printer (example) accsible form the Internet ?
Using an IPv6, or a alias that has a host name that is constantly resolved to the correct 'local' IPv6, whatever that might be ?

JKnott

@Gertjan said in DHCPv6 cannot specify local DNS server if interface is set to track interface with ::local:portion format:

That brings me to the final question, as I actually never gave it a chance : my devices will still have the same IPv6 over time ?
Can I put a IPv6 firewall rule that makes my printer (example) accsible form the Internet ?
Using an IPv6, or a alias that has a host name that is constantly resolved to the correct 'local' IPv6, whatever that might be ?

Assuming your prefix is consistent, yes you can. With SLAAC you have one consistent address and up to seven privacy addresses. You use the consistent address to get through the firewall, for external DNS, etc.. The consistent address can be based on either the MAC address or a random number. Either way, it doesn't change.

I have an external DNS that points to devices I may want to reach.