DHCPV6 and RA

m3xiz

I would like to share some of my experiences using the pfsense in an ipv6 environment.

The goal was to use the DHCPv6 to replace my ISC-DHCP-Server running on Ubuntu with pfsense. The final result would be to have my internal DNS servers updated dynamically.

Using the old config, everything is working fine although Ubuntu clients needs to have their configuration adapted to make it worked correctly but nothing related to pfsense.

Using pfsense, I observed different mechanism not working as expected:

• the PTR records are not created (but the AAAA are)
• if the clients is coming with a request for a specific ip address, pfsense accept it gracefully even if not inside the range specified. I had to remove the leased address on the client to make it work correctly
• the DNS server to be updated can only be an ipv4 address forcing to run a dual stack ipv4/ipv6 on the DNS.

Are these "observations " bugs or features? I let you comment on it ;-)

cmb

You're just going from one ISC dhcpd to another, it'll have the same behavior where the config's matching (assuming the same version, but diffs between versions should be minimal). Compare /var/dhcpd/etc/dhcpdv6.conf with what you had configured on Ubuntu (but you can't edit that file, just for review). See something that's not right/missing there?

@m3xiz:

• if the clients is coming with a request for a specific ip address, pfsense accept it gracefully even if not inside the range specified. I had to remove the leased address on the client to make it work correctly

Can't say I've tried that, but that would be the behavior of dhcpd if that's the case. I know with v4, dhcpd will reject leases outside the defined scope, and would assume it'd do the same for v6. Did it actually add a lease to the leases file with that?

@m3xiz:

• the DNS server to be updated can only be an ipv4 address forcing to run a dual stack ipv4/ipv6 on the DNS.

At the time, and I thought still though I haven't checked really recently, dhcpd couldn't do dynamic DNS updates via IPv6. You were doing that before?

m3xiz

My understanding is that the isc dhcp is not yet ready. I have being able to make update to the dns with IPv6 however dual stacks are causing a problem due to different ID using Ubuntu 14.04. I did stop as according to the isc I need to run a more recent version of the dhcp server to solve this issue which will come next month with Ubuntu 16.04.
I doubt very much pfsense is running such recent version of isc.

grandrivers

here the version in 2.3 beta

isc-dhcp43-client-4.3.3P1_1    The ISC Dynamic Host Configuration Protocol client
isc-dhcp43-relay-4.3.3P1_1    The ISC Dynamic Host Configuration Protocol relay
isc-dhcp43-server-4.3.3P1_1    ISC Dynamic Host Configuration Protocol server

m3xiz

I am gonna give it a try….in a lab ;)

I let you know the results...

m3xiz

So far I was able to make the update in a bind DNS dunning on another server.

The issues I found are that with the release of IP. It is working fine as far as I have only IV6 configured. If I am playing with double stack there isn't any update in my bind servers.

Still playing to find if I can detect where is the issue (client, pfsense, bind server….)