dhclient 4.2.1-P1 does not set IPv6 DNS servers

Mon Nov 7 15:21:10 UTC 2011

Hello Andreas,

> See my old mail post at
>
> https://lists.isc.org/pipermail/dhcp-users/2011-August/013553.html
>
> about the topic of a well working IPv6 autoconfiguration with stateless DHCPv6.

my stateless configuration works well for Windows 7 clients (but configuration through netcfg was necessary, since by default they were configured to ignore the OtherConfigFlag and some of them were even acting as routers, emitting conflicting RAs into the network).

The Linux dhclient probably has a bug that prevents it from modifying /etc/resolv.conf. This makes the whole DNS configuration unusable, since most clients in my network run Linux.

The only thing I need is a means to properly diagnose and report this issue. The query and the response both look sound in Wireshark, but *no* actions are taken based on the response. Windows 7 just sets the IPv6 DNS server as expected, whereas dhclient on Linux does *nothing*.

Neither your post nor other pages on the topic explain possible intricacies of dhclient configuration, so I have no idea whether I missed something or not. It fails all the time, no matter if I supply the configuration file mentioned in my previous message or not.

As far as dynamic DNS updates are concerned, I will try to get some debugging output. Right now dhcpd -6 neither tries to update any zones, nor outputs error messages, which is confusing. In this case, it might be a PEBKAC issue, since my zones currently don't match the subnets exactly. I have three subnets like this (for N in 1, 2, 3):

	subnet6 2001:db8:1:N::/64 {
	        option dhcp6.name-servers 2002:db8:1:N::1;
	        ddns-domainname "example.com";
	}

But there is only one common DNS zone (and a corresponding reverse zone), specified in dhcpd6.conf like this:

	zone 1.0.0.0.0.8.b.d.1.0.0.2.ip6.arpa. {
		primary localhost;
		key v6dhcpupdate;
	}

	zone example.com. {
	        primary localhost;
	        key v6dhcpupdate;
	}

Reconfiguring BIND and splitting the reverse zone into three would be somewhat painful, but I'd do it if need be. Is dhcpd really that strict in matching subnets to zones? I thought that a "superset" zone could work somehow...

There are quite many scenarios where one forward zone maps to multiple reverse zones (and I have that configured for IPv4), but the dynamic updates mostly don't work properly in such cases (failing in all but one reverse zeones and the like). That's why I wanted to avoid this in IPv6, where all the addresses are public.

Anyway, there are other obvious problems with IPv6 dynamic DNS updates based on stateless DHCP configuration:

	1) The client sends the request from its link-local address rather than the one assigned based on RA. How can the server know the client's public IPv6 address? The address does not seem to be contained in the request and man dhcp-options does not list any option that would inform the DHCPv6 server about the client's auto-assigned public address.

	2) Theoretically, the server could synthesize the expected client's public address based on it's MAC address and the subnet it belongs to. However, this would *not* work for Windows 7, since Windows 7 simply generate random IPv6 addresses all the time, no matter if you set randomizeidentifiers=disabled or not.

So ... how is this supposed to work?

>> AdvManagedFlag off;
>> AdvOtherConfigFlag on;
>
> I also had set AdvSendAdvert = on

Yes, I have AdvSendAdvert set. I just wanted to stress that radvd is used in combination with stateless DHCPv6, so I only mentioned the two flags to document this fact. My radvd.conf is (of course) much longer.

Andrej

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4381 bytes
Desc: Elektronick�� podpis S/MIME
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20111107/1625fc68/attachment.bin>