Local IPv6 DNS-Server with dynamic prefix
-
Hello,
haven't found anything about my following question here in this forum, so I hope somebody can help me:
I'm a customer of a regional German ISP (M-Net), who hands out native IPv6 with a dynamic /56 prefix and a lease time of about 1,5 hours. My ISP obliges me to use a FritzBox 7390, which is on the LAN side connected to the pfSense WAN interface. Prefix delegation (only /62 possible on a FB) from the FritzBox to the pfSense and assigning the prefix to the LAN and WLAN interfaces works well.
My problem is the local DNS with a dynamic IPv6 prefix.
I tried this three solutions, but each has it's deficits:-
Static addresses with SixXs or HE: working, DNS is easy with static addresses, but I actually want native IPv6
-
Local ULAs (Unique Local Address) and NPt (Network Prefix Translation) for global addressing: working, DNS is easy with static ULAs, but needs static SixXs or HE tunnel, because NPt can't handle dynamic prefixes. Also linux machines prefer IPv4 and do not use the ULA, if the destination is dual stack
-
WAN DHCP-PD and track WAN on LAN interface as described above: working, but DNS only working when updating every single device via dynamic dns every 1,5 hours
While searching I found this post: https://forum.pfsense.org/index.php?topic=83576.msg458478#msg458478
But is this DHCPv6 + track interface a proper solution? What about smartphones which only use SLAAC? I don't think this is the right way to get the problem managed.Is there a local DNS server, suitable for dynamic prefixes, where I can only put the device's static suffix, and the prefix will be updated dynamically like track interface WAN?
Example:-
Prefix: 2001:db8:1111:2222::/64 (dynamically assigned by ISP)
-
Device suffix: aabb:ccff:fedd:eeff (added in local DNS configuration)
-
Merged: 2001:db8:1111:2222:aabb:ccff:fedd:eeff (handed out as AAAA record)
How do you solve the "DNS-problem" in your local network with dynamic IPv6 prefixes?
-
-
What are you talking about… DNS or DHCP ?
Dynamic, so you get a different /56, every time you reboot the Fritz! ?
-
Thank you for your answer.
I'm talking about DNS. DHCP is only used when pfSense WAN is asking the FritzBox for a /62. ( /62 because FritzBox can't delegate more than that >:( )
To your second question:
Yes, everytime I reboot the FritzBox or reconnect it, I get a different /56 from my ISP. -
I still do not understand your problem or "DNS" request.
Or you want to build something which needs quasi-static or static IPv6 from ISP.
However: my tested settings with the FB/master (in cascade) with pfSense/slave:In FB7360/advanced:
1)Internet, Account Information, IPv6:
IPv6 enabled: true
Always use a native IPv6 connection
Derive global address using the assigned prefix
Use DHCPv6 Rapid Commit: true
Require certain length for the LAN prefix: true
Length: 64 bits2)Home Network, Network Settings, IPv6 Addresses:
Assign unique local addresses (ULA) as long as no IPv6 connection exists
Enable DHCPv6 server in the FRITZ!Box for the home network
Assign DNS server, prefix (IA_PD) and IPv6 address (IA_NA)In pfSense:
The FB has the /56, the pfSense box hasn't.
pfSense-WAN must ask the FB with DHCP6 a /64. FB decides/issues the prefix(subnet) for that request.
pfSense-LAN() askes with Tracking Interface, IPv6 Prefix ID=0.
With pfSense-LAN() Tracking Interface, SLAAC for that LAN works out-of-the-box.DNS addressing is supplied by FB to pfSense-box.
Reboot the total setup, upstream to downstream sequence.If you want more config wiggling room, with DHCPv6-server, you need quasi-Static/Static or with the pfSense directly onto an ISP-gateway, replacing the FB.
-
Hey, thanks for your long description. My configuration is very similar and delegating the prefix to pfsense, tracking the WAN and assigning the addresses to the clients works perfectly.
My only problem is how to realize a local DNS server on pfsense for resolving names like fritzbox.local / nas.local / printer.local for example. How do I get it managed, that if my prefix renews, my local DNS hands out the new addresses.
Thats why I wrote:
@e-cite:Is there a local DNS server, suitable for dynamic prefixes, where I can only put the device's static suffix, and the prefix will be updated dynamically like track interface WAN?
Example:-
Prefix: 2001:db8:1111:2222::/64 (dynamically assigned by ISP)
-
Device suffix: aabb:ccff:fedd:eeff (added in local DNS configuration)
-
Merged: 2001:db8:1111:2222:aabb:ccff:fedd:eeff (handed out as AAAA record)
To cut a long story short: I'm searching for a DNS resolver for resolving my local addresses correctly depending on a dynamic prefix. The device suffix is always constant, but the prefix is dynamic, depends on my ISP and changes every 1,5 hours.
How do I / How do you manage your local DNS addressing of client machines with a dynamic prefix. That's all I want to know.
And sry for my bad english, I hope you can understand the most important things and what I mean. I do my very best ;-)
-
-
I see now you want to manage a DNS-server without using /etc/hosts and ULA's
The combi FB & pfSense is an overly complicated and redundant hardware train.
Next you have also dynamic IP's around instead of static.The ultimate goal, or ideal design, is a pfSense on your ISP with (quasi-)static IP. So the ideal "Soll"-value.
Find out too how DNS Resolver can play.
-
You're right. I need a local DNS resolver for dynamic IPs.
I do know what a DNS Resolver is and how it plays. So that's the reason why I ask here, whether there is a better solution for local DNS addressing with dynamic IPs, but I suppose it isn't.
Unfortunately I can't remove the FritzBox, because there's VOIP on it and I don't have a modem for VDSL.
So I come to the conclusion, that assigning a global IP with "Track WAN" and an ULA will solve my problem in the best way. This way I can use my DNS resolver with the ULAs for local addressing and the globally assigned IPs for requests to the internet.
The only thing I'm wondering about is that there seems to be nobody else having the same problems I have. Do all of you use static, global IPs or static ULAs in your LAN?
Thank you for your help!
-
Yes, Germany has home-users (too) strong regulated.
I know a setup where the FB is replaced with a DrayTek to do ADSL/PPPoA/PPPoE passthrough, another location with VDSL/PPPoE and another with Fiber/NTU/PPPoE onto the pfSense-box.
But all are with IP's (quasi-) static with DHCP6-PD requests, and not in Germany…
-
@hda:
Yes, Germany has home-users (too) strong regulated.
You're absolutely right! I think I'll have to migrate to USA or somewhere else to get a static IP and everything will be fine - the only thing I'll have to manage then is to improve my english ;D ;D
Or I will go on using a SIXXS tunnel…
Thank's a lot for your great help!
Thread can be closed!
-
The ISP is useless. Get a tunnel from HE and ditch the ISP's IPv6 clusterfuck.