Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCPv6, SLAAC, and RDNSS no local domain hostnames in unbound on pfSense

    Scheduled Pinned Locked Moved IPv6
    14 Posts 7 Posters 8.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gnhb
      last edited by

      Hi,

      I've set up pfSense 2.2.4 with an he.net tunnel and IPv6 on LAN as well. I'm using "Assisted" mode in router advertisements, and DHCPv6 server is running and assigning addresses to clients (though it seems most of my linux/freebsd based boxes don't run DHCPv6 clients by default). OS X Yosemite and my iDevices are pulling DHCPv6 addresses. I've entered the LAN IPv6 IP in the "Router Advertisements" DNS servers and I'm not sending DNS servers via DHCPv6.

      I've checked the "Enable registration of DHCP client names in DNS" on the DHCPv6 config page (which BTW, took me a day to find because it's hidden under the "Dynamic DNS" Advanced button; definitely recommend changing the UX on that)

      All working nicely except I'm not getting hostnames propagating to unbound, so I can't ping6 local hosts by hostname or enter the local hostname of a device into my browser and connect via IPv6.

      I don't need DHCPv6 if there's some mechanism for hostnames/IPv6 addresses to get into unbound using SLAAC or NDP or some other mechanism, but I haven't seen any indication of that functionality in my reading (still learning IPv6).

      Any clues?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Try with latest 2.2.5 snapshot before debugging anything else.

        1 Reply Last reply Reply Quote 0
        • G
          gnhb
          last edited by

          Running 2.2.5 now. No visible difference in the behavior.

          1 Reply Last reply Reply Quote 0
          • M
            mrpink
            last edited by

            I can confirm that for pfsense 2.2.4.

            1 Reply Last reply Reply Quote 0
            • M
              mrpink
              last edited by

              The problem is still available with the official 2.2.5 release.

              1 Reply Last reply Reply Quote 0
              • MikeV7896M
                MikeV7896
                last edited by

                From my experience, hosts don't send a hostname when they request an address via DHCPv6. They send their DUID and that's it. So there's no hostname to associate to the IP address being assigned. If anyone has seen something different, please enlighten us all. The only way I've gotten hostnames linked to IPv6 addresses is by a static DHCP entry. Feel free to verify this by looking at Status > DHCPv6 Leases. You'll see there are no hostnames there to register with DNS.

                SLAAC is completely client-side… the client receives the RA, then selects an address, verifies it's not already in use, then starts using it if all is ok. Since there's nothing sent to a server under SLAAC, there's no way that pfSense would know the hostname of a device using SLAAC.

                The S in IOT stands for Security

                1 Reply Last reply Reply Quote 0
                • G
                  gnhb
                  last edited by

                  @virgiliomi:

                  From my experience, hosts don't send a hostname when they request an address via DHCPv6. They send their DUID and that's it. So there's no hostname to associate to the IP address being assigned.
                  …..........

                  there's nothing sent to a server under SLAAC, there's no way that pfSense would know the hostname of a device using SLAAC.

                  Ah, thanks for pointing that out. I didn't realize host didn't include their hostname in their reply.

                  Sooo, the next big question is what are best practices for network management in this scenario? I think we all need to be able to access hosts on the network right? preferably by name, which is why we have that cool service called DNS.

                  How is it supposed to work with IPv6?

                  Any ideas?

                  Thanks.

                  1 Reply Last reply Reply Quote 0
                  • C
                    Cybdex
                    last edited by

                    @gnhb:

                    Sooo, the next big question is what are best practices for network management in this scenario? I think we all need to be able to access hosts on the network right? preferably by name, which is why we have that cool service called DNS.

                    How is it supposed to work with IPv6?

                    Any ideas?

                    Thanks.

                    Uhm.. well.. If things are as they say with SLAAC, there is no real way to accomplish adding dynamic dhcp entries to dns. This tbh is in my oppinion kinda unreliable in ipv4 aswell when it comes to dynamic clients due to caching and/or lease time i guess.

                    So.. What to do?

                    Well.. most likely you dont really need dns name of your cellphone, or ipad or whatever things like that, so that leaves servers on your lan that could be useful to access via dns name (and not have to remember the ipv6 address). Then, you just set a static address on that device, and add a manual entry in pfsense to "DNS Resolver" with the manual set ipv6 address and name.

                    Sorry, thats really my best advice atm (but i'm still learning stuff :P )

                    C

                    PS. Remember to leave space in your dhcpv6 scope for those manual addresses tho, just in case. I guess SLAAC should figure out what address is in use by itself, but in theory if your "server" is shutdown when a new SLAAC client enter the network you COULD get a conflict when the server comes back online?

                    1 Reply Last reply Reply Quote 0
                    • G
                      gnhb
                      last edited by

                      @cybdex thanks for the reply mate.

                      Fankly, I'm surprised there isn't an easy answer here. I do have a file server on my LAN, but I also have 3 raspberry Pi doing various multimedia stuff, a TV, a DVD player, a printer, 3 network cameras, etc, etc. All these things have web interfaces that sometimes I want to access. I can't imagine that IPv6 got downgraded when it comes to LAN management. Its a lot of work to add static IP addresses for everything you want to manage on a LAN, especially if you have a small or medium size company, or if you're adding new gadgets constantly, or you're a R&D or Dev team spinning up new VPS instances all the time.

                      I'm guessing ipv6 dynamic DNS on my LAN is the way to go, but that means pfSense needs a dynamic DNS server in addition to all the possible dynamic client configs.

                      Anyway, not much activity on this thread, so I'm just waiting for the solution. I've researched this heavily on google, read Cisco white papers, ipv6 rollout docs, etc, etc. Nothing found yet… maybe I'm searching for the wrong terms

                      Onward and upward...  8)

                      1 Reply Last reply Reply Quote 1
                      • P
                        pablot
                        last edited by

                        Any advances in this scenario? Have you resolved this problem?. I'm facing this problem right now!

                        1 Reply Last reply Reply Quote 0
                        • K
                          kpa
                          last edited by

                          There's nothing to fix because with SLAAC the RA daemon doesn't register anything resembling a lease, it only advertises the router address and the available prefix. It doesn't even get notified when a client allocates an address. You could hack something on the clients that registers the acquired IPv6 address with the known host name to the resolver running on pfSense but that's primarily dependent on what you can do on the clients.

                          1 Reply Last reply Reply Quote 0
                          • P
                            pablot
                            last edited by

                            @kpa:

                            There's nothing to fix because with SLAAC the RA daemon doesn't register anything resembling a lease, it only advertises the router address and the available prefix. It doesn't even get notified when a client allocates an address. You could hack something on the clients that registers the acquired IPv6 address with the known host name to the resolver running on pfSense but that's primarily dependent on what you can do on the clients.

                            Ok, but how we are supposed to deal with this?. I mean, how can I access devices by their DNS names like if we were using DHCP on IPv4 ??

                            1 Reply Last reply Reply Quote 1
                            • K
                              kpa
                              last edited by

                              The first address you get from SLAAC is fixed by the MAC address (within the given /64 prefix, I will use 2001:db8:: below) and you can use that to make a static host override on the DNS resolver/forwarder. For example if the MAC address is "00-11-22-33-44-55" then the EUI-64 (the 64-bit host id) would be ::211:22FF:FE33:4455.

                              http://silmor.de/ipaddrcalc.html#ip6

                              With the EUI-64 known you can create the override as an AAAA record "myhost.mydomain.tld"  -> "2001:db8::211:22ff:fe33:4455".

                              1 Reply Last reply Reply Quote 1
                              • P
                                pablot
                                last edited by

                                @kpa:

                                The first address you get from SLAAC is fixed by the MAC address (within the given /64 prefix, I will use 2001:db8:: below) and you can use that to make a static host override on the DNS resolver/forwarder. For example if the MAC address is "00-11-22-33-44-55" then the EUI-64 (the 64-bit host id) would be ::211:22FF:FE33:4455.

                                http://silmor.de/ipaddrcalc.html#ip6

                                With the EUI-64 known you can create the override as an AAAA record "myhost.mydomain.tld"  -> "2001:db8::211:22ff:fe33:4455".

                                Thank you very much!!!, that was exactly what I needed. Now I have turned off DHCP6 and leave SLAAC for every client. I've created the overrides like you mention only for the ones I need to access.

                                Thank you!

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.