ISC DHCPv6-BIND9 DDNS update problem
Mirsad Goran Todorovac
mirsad.todorovac at alu.unizg.hr
Thu Jun 9 09:58:31 UTC 2022
P.P.S.
I have turned off NIC checksum offloading by `ethtool -K eth1 rx off tx
off`. Now the UDP checksum should be calculated in the kernel (slower).
11:54:40.438248 IP6 (hlim 1, next-header UDP (17) payload length: 103)
fe80::9418:9a22:54b8:743f.546 > ff02::1:2.547: [udp sum ok] dhcp6
solicit (xid=a1f102 (elapsed-time 0) (client-ID hwaddr/time type 1 time
499890753 f0761c5b0dd5) (IA_NA IAID:338441082 T1:0 T2:0) (Client-FQDN)
(vendor-class) (option-request DNS-search-list DNS-server
vendor-specific-info Client-FQDN))
11:54:40.438928 IP6 (flowlabel 0x82364, hlim 64, next-header UDP (17)
payload length: 159) fe80::f21f:afff:fef1:420a.547 >
fe80::9418:9a22:54b8:743f.546: *[udp sum ok]* dhcp6 advertise
(xid=a1f102 (IA_NA IAID:338441082 T1:3600 T2:7200 (IA_ADDR
2001:b68:2:2800::10:139d pltime:604800 vltime:3600)) (client-ID
hwaddr/time type 1 time 499890753 f0761c5b0dd5) (server-ID hwaddr/time
type 1 time 707489786 f01faff1420a) (preference 255) (DNS-search-list
local.alu.hr. alu.hr.) (DNS-server 2001:b68:2:2800::3 2001:b68:c:2::70:0))
11:54:41.445113 IP6 (hlim 1, next-header UDP (17) payload length: 103)
fe80::9418:9a22:54b8:743f.546 > ff02::1:2.547: [udp sum ok] dhcp6
solicit (xid=a1f102 (elapsed-time 100) (client-ID hwaddr/time type 1
time 499890753 f0761c5b0dd5) (IA_NA IAID:338441082 T1:0 T2:0)
(Client-FQDN) (vendor-class) (option-request DNS-search-list DNS-server
vendor-specific-info Client-FQDN))
Now the checksums are OK, however the server still doesn't receive
Request or Confirm message from the client.
I'm pretty much out of ideas.
Mirsad
On 9.6.2022. 11:22, Mirsad Goran Todorovac wrote:
>
> P.S.
>
> We are using ISC DHCP 4.4.3 and BIND 9.16.27 on a Debian 10 Buster
> system with 4.19.235-1 kernel and libc6:amd64 2.28-10+deb10u1.
>
> root at domac:~# ldd /usr/local/sbin/dhcpd
> linux-vdso.so.1 (0x00007ffc7afdb000)
> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f0671607000)
> /lib64/ld-linux-x86-64.so.2 (0x00007f0671c05000)
> root at domac:~#
>
> We have updated the network configuration on the router to not relay
> to DHCPv6 on our domac sever but to advertise DHCPv6 server presence
> on the subnet.
>
> Now the log looks like this:
>
> Jun 9 11:04:41 domac dhcpd: Solicit message from
> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00
> Jun 9 11:04:41 domac dhcpd: Picking pool address 2001:b68:2:2800::10:1228
> Jun 9 11:04:41 domac dhcpd: Advertise NA: address
> 2001:b68:2:2800::10:1228 to client with duid
> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds
> Jun 9 11:04:41 domac dhcpd: Sending Advertise to
> fe80::cff:4b3a:be79:cec0 port 546
> Jun 9 11:04:41 domac dhcpd: Solicit message from
> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00
> Jun 9 11:04:41 domac dhcpd: Picking pool address 2001:b68:2:2800::10:1228
> Jun 9 11:04:41 domac dhcpd: Advertise NA: address
> 2001:b68:2:2800::10:1228 to client with duid
> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds
> Jun 9 11:04:41 domac dhcpd: Sending Advertise to
> fe80::cff:4b3a:be79:cec0 port 546
> Jun 9 11:04:42 domac dhcpd: Solicit message from
> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00
> Jun 9 11:04:42 domac dhcpd: Picking pool address 2001:b68:2:2800::10:1228
> Jun 9 11:04:42 domac dhcpd: Advertise NA: address
> 2001:b68:2:2800::10:1228 to client with duid
> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds
> Jun 9 11:04:42 domac dhcpd: Sending Advertise to
> fe80::cff:4b3a:be79:cec0 port 546
> Jun 9 11:04:42 domac dhcpd: Solicit message from
> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00
> Jun 9 11:04:42 domac dhcpd: Picking pool address 2001:b68:2:2800::10:1228
> Jun 9 11:04:42 domac dhcpd: Advertise NA: address
> 2001:b68:2:2800::10:1228 to client with duid
> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds
> Jun 9 11:04:42 domac dhcpd: Sending Advertise to
> fe80::cff:4b3a:be79:cec0 port 546
> Jun 9 11:04:44 domac dhcpd: Solicit message from
> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00
> Jun 9 11:04:44 domac dhcpd: Picking pool address 2001:b68:2:2800::10:1228
> Jun 9 11:04:44 domac dhcpd: Advertise NA: address
> 2001:b68:2:2800::10:1228 to client with duid
> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds
> Jun 9 11:04:44 domac dhcpd: Sending Advertise to
> fe80::cff:4b3a:be79:cec0 port 546
> Jun 9 11:04:44 domac dhcpd: Solicit message from
> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00
> Jun 9 11:04:44 domac dhcpd: Picking pool address 2001:b68:2:2800::10:1228
> Jun 9 11:04:44 domac dhcpd: Advertise NA: address
> 2001:b68:2:2800::10:1228 to client with duid
> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds
> Jun 9 11:04:44 domac dhcpd: Sending Advertise to
> fe80::cff:4b3a:be79:cec0 port 546
> Jun 9 11:04:48 domac dhcpd: Solicit message from
> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00
> Jun 9 11:04:48 domac dhcpd: Picking pool address 2001:b68:2:2800::10:1228
> Jun 9 11:04:48 domac dhcpd: Advertise NA: address
> 2001:b68:2:2800::10:1228 to client with duid
> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds
> Jun 9 11:04:48 domac dhcpd: Sending Advertise to
> fe80::cff:4b3a:be79:cec0 port 546
> Jun 9 11:04:48 domac dhcpd: Solicit message from
> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00
> Jun 9 11:04:48 domac dhcpd: Picking pool address 2001:b68:2:2800::10:1228
> Jun 9 11:04:48 domac dhcpd: Advertise NA: address
> 2001:b68:2:2800::10:1228 to client with duid
> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds
> Jun 9 11:04:48 domac dhcpd: Sending Advertise to
> fe80::cff:4b3a:be79:cec0 port 546
>
> Apparently, the client fe80::cff:4b3a:be79:cec0 never receives DHCPv6
> Advertisement with assigned address from domac server, so it repeats
> soliciting for other DHCPv6 server 7 more times:
>
> 11:02:37.403227 IP6 (flowlabel 0x9ecff, hlim 1, next-header UDP (17)
> payload length: 94) fe80::3d9c:9ecd:42c:b76e.546 > ff02::1:2.547: [udp
> sum ok] dhcp6 solicit (xid=9e8166 (elapsed-time 0) (client-ID
> hwaddr/time type 1 time 641857482 1ca0b87d1191) (IA_NA IAID:102539448
> T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request
> vendor-specific-info DNS-server DNS-search-list Client-FQDN))
> 11:02:37.403352 IP6 (flowlabel 0x52e68, hlim 64, next-header UDP (17)
> payload length: 159) fe80::f21f:afff:fef1:420a.547 >
> fe80::3d9c:9ecd:42c:b76e.546: *[bad udp cksum 0x78d2 -> 0x8bad!]*
> dhcp6 advertise (xid=9e8166 (IA_NA IAID:102539448 T1:3600 T2:7200
> (IA_ADDR 2001:b68:2:2800::10:10ef pltime:604800 vltime:3600))
> (client-ID hwaddr/time type 1 time 641857482 1ca0b87d1191) (server-ID
> hwaddr/time type 1 time 707489786 f01faff1420a) (preference 255)
> (DNS-server 2001:b68:2:2800::3 2001:b68:c:2::70:0) (DNS-search-list
> local.alu.hr. alu.hr.))
>
> There is this problem with "bad udp checksum" in tcpdump-ed packets
> from domac's fe80::f21f:afff:fef1:420a interface: I'm new to IPv6, but
> I think the receiver party is mandated to discard UDP packets with bad
> checksum.
>
> So the DHCPv6 server on domac never sees a Request nor Confirm message
> from the client https://datatracker.ietf.org/doc/html/rfc3315#section-5.3
>
> REQUEST (3) A client sends a Request message to request
> configuration parameters, including IP
> addresses, from a specific server.
>
> CONFIRM (4) A client sends a Confirm message to any
> available server to determine whether the
> addresses it was assigned are still appropriate
> to the link to which the client is connected.
> My knowledge of DHCPv6 is very beginning level, but I'm afraid if we
> do not make DHCPv6 DDNS work no one will use IPv6 for the addresses
> like 2001:b68:2:2800::3 are very hard to configure manually, remember
> and type.
> The idea was that the users would be able to log in via VPN and access
> their work PC with a symbolic FQDN domain name.
>
> I think I am defeated here: some Googled articles say it is normal for
> checksum to be bad if it is generated by NIC, but on the other hand
> the client doesn't appear to receive any Advertise messages or send
> back Request or Confirm. This way the server never gets confirmation
> that the address is acceptable by the client and it never proceeds to
> DDNS name update to the zone at all.
>
> The clients worked with the IPv6 SLAAC configuration on the router,
> but we wanted dynamic DNS addresses on the subnet for the assigned
> IPv6 addresses to make it more usable.
>
> Thank you very much for help.
>
> Kind regards,
> Mirsad Todorovac
>
> On 8.6.2022. 6:14, Mirsad Goran Todorovac wrote:
>> Dear Sirs,
>>
>> Having compiled ISC DHCPD 4.4.3 with includes/site.h: #define
>> DEBUG_DNS_UPDATES
>> I get the following output. It appears that the DDNS update code
>> isn't even called for IPv6.
>>
>> Am I doing something terribly wrong?
>>
>> Thank you.
>>
>> Jun 8 06:09:02 domac dhcpd: ddns.c(150): Allocating
>> ddns_cb=0x5604136c60a0
>> Jun 8 06:09:02 domac dhcpd: DDNS: ddns_fwd_srv_connector: ddns_cb:
>> 0x5604136c60a0 flags: 50b state: DDNS_STATE_CLEANUP cur_func: <null>
>> eresult: 0
>> Jun 8 06:09:02 domac dhcpd: DDNS: ddns_modify_fwd
>> Jun 8 06:09:02 domac dhcpd: DDNS: build_fwd_add1:
>> pname:[R7000P.local.alu.hr] uname:[R7000P.local.alu.hr]
>> Jun 8 06:09:02 domac dhcpd: DDNS request: id ptr 0x7fdc349e8010
>> DDNS_STATE_ADD_FW_NXDOMAIN 192.168.100.215 for R7000P.local.alu.hr
>> zone: local.alu.hr.dhcid:
>> [00:01:01:52:62:16:06:17:56:5b:21:58:8f:69:59:ee:4e:bb:79:9d:5e:76:9b:3a:f3:b7:2c:0f:cf:01:db:4c:eb:6b:87
>>
>> Jun 8 06:09:02 domac dhcpd: ddns.c(1722): Updating lease_ptr for
>> ddns_cp=0x5604136c60a0 (addr=192.168.100.215)
>> Jun 8 06:09:02 domac dhcpd: DHCPREQUEST for 192.168.100.215 from
>> 9c:3d:cf:11:aa:a6 (R7000P) via eth1
>> Jun 8 06:09:02 domac dhcpd: DHCPACK on 192.168.100.215 to
>> 9c:3d:cf:11:aa:a6 (R7000P) via eth1
>> Jun 8 06:09:02 domac dhcpd: DDNS reply: id ptr 0x7fdc349e8010,
>> result: YXDOMAIN
>> Jun 8 06:09:02 domac dhcpd: DDNS: ddns_fwd_srv_add1: ddns_cb:
>> 0x5604136c60a0 flags: 50b state: DDNS_STATE_ADD_FW_NXDOMAIN cur_func:
>> ddns_fwd_srv_add1 eresult: 196614
>> Jun 8 06:09:02 domac dhcpd: DDNS: ddns_modify_fwd
>> Jun 8 06:09:02 domac dhcpd: DDNS: build_fwd_add2:
>> pname:[R7000P.local.alu.hr] uname:[R7000P.local.alu.hr]
>> Jun 8 06:09:02 domac dhcpd: DDNS request: id ptr 0x7fdc349e8010
>> DDNS_STATE_ADD_FW_YXDHCID 192.168.100.215 for R7000P.local.alu.hr
>> zone: local.alu.hr.dhcid:
>> [00:01:01:52:62:16:06:17:56:5b:21:58:8f:69:59:ee:4e:bb:79:9d:5e:76:9b:3a:f3:b7:2c:0f:cf:01:db:4c:eb:6b:87
>>
>> Jun 8 06:09:02 domac dhcpd: DDNS reply: id ptr 0x7fdc349e8010,
>> result: success
>> Jun 8 06:09:02 domac dhcpd: DDNS:ddns_fwd_srv_add2: ddns_cb:
>> 0x5604136c60a0 flags: 50b state: DDNS_STATE_ADD_FW_YXDHCID cur_func:
>> ddns_fwd_srv_add2 eresult: 0
>> Jun 8 06:09:02 domac dhcpd: Added new forward map from
>> R7000P.local.alu.hr to 192.168.100.215
>> Jun 8 06:09:02 domac dhcpd: DDNS: ddns_modify_ptr
>> Jun 8 06:09:02 domac dhcpd: DDNS request: id ptr 0x7fdc349e8010
>> DDNS_STATE_ADD_PTR R7000P.local.alu.hr for
>> 215.100.168.192.in-addr.arpa. zone: 168.192.in-addr.arpa.dhcid:
>> [00:01:01:52:62:16:06:17:56:5b:21:58:8f:69:59:ee:4e:bb:79:9d:5e:76:9b:3a:f3:b7:2c:0f:cf:01:db:4c:eb:6b:87
>>
>> Jun 8 06:09:02 domac dhcpd: DDNS reply: id ptr 0x7fdc349e8010,
>> result: success
>> Jun 8 06:09:02 domac dhcpd: Added reverse map from
>> 215.100.168.192.in-addr.arpa. to R7000P.local.alu.hr
>> Jun 8 06:09:02 domac dhcpd: ddns.c(1325): Updating lease_ptr for
>> ddns_cp=0x5604136c60a0 (addr=192.168.100.215)
>> Jun 8 06:09:02 domac dhcpd: ddns.c(1325):
>> find_lease_by_ip_addr(192.168.100.215) successful:lease=0x7fdc346b4e20
>> Jun 8 06:09:02 domac dhcpd: ddns.c(1326): freeing
>> ddns_cb=0x5604136c60a0
>> Jun 8 06:09:46 domac dhcpd: Solicit message from
>> fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00
>> Jun 8 06:09:46 domac dhcpd: Picking pool address
>> 2001:b68:2:2800::10:1208
>> Jun 8 06:09:46 domac dhcpd: Advertise NA: address
>> 2001:b68:2:2800::10:1208 to client with duid
>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid
>> for 3600 seconds
>> Jun 8 06:09:46 domac dhcpd: Sending Advertise to
>> fe80::8aad:43ff:fefa:3f96 port 546
>> Jun 8 06:09:46 domac dhcpd: Solicit message from
>> fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00
>> Jun 8 06:09:46 domac dhcpd: Picking pool address
>> 2001:b68:2:2800::10:1208
>> Jun 8 06:09:46 domac dhcpd: Advertise NA: address
>> 2001:b68:2:2800::10:1208 to client with duid
>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid
>> for 3600 seconds
>> Jun 8 06:09:46 domac dhcpd: Sending Advertise to
>> fe80::8aad:43ff:fefa:3f96 port 546
>> Jun 8 06:09:46 domac dhcpd: Relay-forward message from
>> fe80::babe:bfff:fe26:9542 port 547, link address 2001:b68:2:2800::1,
>> peer address fe80::8aad:43ff:fefa:3f96
>> Jun 8 06:09:46 domac dhcpd: Picking pool address
>> 2001:b68:2:2800::10:1208
>> Jun 8 06:09:46 domac dhcpd: Advertise NA: address
>> 2001:b68:2:2800::10:1208 to client with duid
>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid
>> for 3600 seconds
>> Jun 8 06:09:46 domac dhcpd: Sending Relay-reply to
>> fe80::babe:bfff:fe26:9542 port 547
>> Jun 8 06:11:57 domac dhcpd: Solicit message from
>> fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00
>> Jun 8 06:11:57 domac dhcpd: Picking pool address
>> 2001:b68:2:2800::10:1208
>> Jun 8 06:11:57 domac dhcpd: Advertise NA: address
>> 2001:b68:2:2800::10:1208 to client with duid
>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid
>> for 3600 seconds
>> Jun 8 06:11:57 domac dhcpd: Sending Advertise to
>> fe80::8aad:43ff:fefa:3f96 port 546
>> Jun 8 06:11:57 domac dhcpd: Solicit message from
>> fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00
>> Jun 8 06:11:57 domac dhcpd: Picking pool address
>> 2001:b68:2:2800::10:1208
>> Jun 8 06:11:57 domac dhcpd: Advertise NA: address
>> 2001:b68:2:2800::10:1208 to client with duid
>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid
>> for 3600 seconds
>> Jun 8 06:11:57 domac dhcpd: Sending Advertise to
>> fe80::8aad:43ff:fefa:3f96 port 546
>> Jun 8 06:11:57 domac dhcpd: Relay-forward message from
>> fe80::babe:bfff:fe26:9542 port 547, link address 2001:b68:2:2800::1,
>> peer address fe80::8aad:43ff:fefa:3f96
>> Jun 8 06:11:57 domac dhcpd: Picking pool address
>> 2001:b68:2:2800::10:1208
>> Jun 8 06:11:57 domac dhcpd: Advertise NA: address
>> 2001:b68:2:2800::10:1208 to client with duid
>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid
>> for 3600 seconds
>> Jun 8 06:11:57 domac dhcpd: Sending Relay-reply to
>> fe80::babe:bfff:fe26:9542 port 547
>>
>> On 07. 06. 2022. 19:13, Mirsad Goran Todorovac wrote:
>>> Hello all,
>>>
>>> I have a problem that our DHCPv6 DDNS update which works reliably
>>> with IPv4 doesn't work at all when we implemented
>>> the dual-stack operation with IPv6. There is not even a warning,
>>> notice or error in the log. No syntax errors in the config
>>> /etc/dhcp/dhcpd6.conf file.
>>>
>>> We are running Debian 10 Buster server with BIND 9.16.27 and ISC
>>> DHCPd 4.4.1
>>>
>>> root at domac:# dpkg -l ...
>>> Desired=Unknown/Install/Remove/Purge/Hold
>>> |
>>> Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
>>> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
>>> ||/ Name Version Architecture Description
>>> +++-==============-===========================-============-=================================
>>>
>>> ii bind9 1:9.16.27-1~deb11u1~bpo10+1 amd64 Internet Domain
>>> Name Server
>>> ii isc-dhcp-server 4.4.1-2+deb10u1 amd64 ISC DHCP server for
>>> automatic IP address assignment
>>>
>>> Here is a typical example of DHCPv6 transactions found in the log:
>>>
>>> Jun 7 16:53:27 domac dhcpd[2971]: Solicit message from
>>> fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00
>>> Jun 7 16:53:27 domac dhcpd[2971]: Picking pool address
>>> 2001:b68:2:2800::10:1208
>>> Jun 7 16:53:27 domac dhcpd[2971]: Advertise NA: address
>>> 2001:b68:2:2800::10:1208 to client with duid
>>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid
>>> for 3600 seconds
>>> Jun 7 16:53:27 domac dhcpd[2971]: Sending Advertise to
>>> fe80::8aad:43ff:fefa:3f96 port 546
>>> Jun 7 16:53:27 domac dhcpd[2971]: Solicit message from
>>> fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00
>>> Jun 7 16:53:27 domac dhcpd[2971]: Picking pool address
>>> 2001:b68:2:2800::10:1208
>>> Jun 7 16:53:27 domac dhcpd[2971]: Advertise NA: address
>>> 2001:b68:2:2800::10:1208 to client with duid
>>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid
>>> for 3600 seconds
>>> Jun 7 16:53:27 domac dhcpd[2971]: Sending Advertise to
>>> fe80::8aad:43ff:fefa:3f96 port 546
>>> Jun 7 16:53:27 domac dhcpd[2971]: Relay-forward message from
>>> fe80::babe:bfff:fe26:9542 port 547, link address 2001:b68:2:2800::1,
>>> peer address fe80::8aad:43ff:fefa:3f96
>>> Jun 7 16:53:27 domac dhcpd[2971]: Picking pool address
>>> 2001:b68:2:2800::10:1208
>>> Jun 7 16:53:27 domac dhcpd[2971]: Advertise NA: address
>>> 2001:b68:2:2800::10:1208 to client with duid
>>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid
>>> for 3600 seconds
>>> Jun 7 16:53:27 domac dhcpd[2971]: Sending Relay-reply to
>>> fe80::babe:bfff:fe26:9542 port 547
>>>
>>> fe80::babe:bfff:fe26:9542 is local-link address of our router.
>>>
>>> Our DNS/DHCP server is 161.53.235.3 or 2001:b68:2:2800::3, LLA for
>>> eth1 is fe80::f21f:afff:fef1:420a/64
>>>
>>> Here is our /etc/dhcp/dhcpd6.conf:
>>>
>>> default-lease-time 3600;
>>> preferred-lifetime 604800;
>>> option dhcp-renewal-time 3600;
>>> option dhcp-rebinding-time 7200;
>>> allow leasequery;
>>>
>>> option dhcp6.name-servers 2001:b68:2:2800::3,2001:b68:c:2::70:0;
>>> option dhcp6.domain-search "alu.hr";
>>>
>>> option dhcp6.info-refresh-time 21600;
>>>
>>> ddns-update-style standard;
>>> ddns-dual-stack-mixed-mode true;
>>> update-conflict-detection false;
>>> update-optimization false;
>>> deny client-updates;
>>> ddns-updates on;
>>> authoritative;
>>> log-facility local7;
>>> ddns-domainname "local.alu.hr.";
>>> ddns-rev-domainname "ip6.arpa.";
>>>
>>> include "/etc/bind/ddns.key";
>>>
>>> shared-network ilica85.alu.hr {
>>> subnet6 2001:b68:2:2800::/64 {
>>> range6 2001:b68:2:2800::10:1000 2001:b68:2:2800::10:13ff;
>>> option dhcp6.domain-search "local.alu.hr","alu.hr";
>>> option dhcp6.name-servers
>>> 2001:b68:2:2800::3,2001:b68:c:2::70:0;
>>> ddns-domainname "local.alu.hr";
>>>
>>> zone local.alu.hr. {
>>> # primary6 2001:b68:2:2800::3;
>>> primary 127.0.0.1;
>>> key DDNS_UPDATE;
>>> }
>>> zone 0.0.8.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa. {
>>> # primary6 2001:b68:2:2800::3;
>>> primary 127.0.0.1;
>>> key DDNS_UPDATE;
>>> }
>>> }
>>> }
>>>
>>> subnet6 2001:b68:2:2a00::/64 {
>>> range6 2001:b68:2:2a00::1000 2001:b68:2:2a00::10ff;
>>> option dhcp6.domain-search "slava.alu.hr","alu.hr";
>>> option dhcp6.name-servers
>>> 2001:b68:2:2800::3,2001:b68:c:2::70:0;
>>> ddns-domainname "slava.alu.hr";
>>>
>>> zone slava.alu.hr. {
>>> primary6 2001:b68:2:2800::3;
>>> key DDNS_UPDATE;
>>> }
>>>
>>> zone 0.0.a.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa. {
>>> primary6 2001:b68:2:2800::3;
>>> key DDNS_UPDATE;
>>> }
>>> }
>>>
>>> The corresponding entries in /etc/bind/named.conf.local are:
>>>
>>> zone "0.0.8.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa" in {
>>> type master;
>>> file
>>> "/var/cache/bind/0.0.8.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa.db";
>>> allow-update { key DDNS_UPDATE; };
>>> allow-transfer { 31.147.205.54; 161.53.2.70; };
>>> also-notify { 31.147.205.54; 161.53.2.70; };
>>> forwarders {};
>>> };
>>>
>>> zone "0.0.a.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa" in {
>>> type master;
>>> file
>>> "/var/cache/bind/0.0.a.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa.db";
>>> allow-update { key DDNS_UPDATE; };
>>> allow-transfer { 31.147.205.54; 161.53.2.70; };
>>> also-notify { 31.147.205.54; 161.53.2.70; };
>>> forwarders {};
>>> };
>>>
>>> zone "local.alu.hr" in {
>>> type master;
>>> file "/var/cache/bind/local.alu.hr.db";
>>> allow-update { key DDNS_UPDATE; };
>>> allow-transfer { 31.147.205.54; 161.53.2.70; };
>>> also-notify { 31.147.205.54; 161.53.2.70; };
>>> forwarders {};
>>> };
>>>
>>> zone "slava.alu.hr" in {
>>> type master;
>>> file "/var/cache/bind/slava.alu.hr.db";
>>> allow-update { key DDNS_UPDATE; };
>>> allow-transfer { 31.147.205.54; 161.53.2.70; };
>>> also-notify { 31.147.205.54; 161.53.2.70; };
>>> dnssec-policy "standard";
>>> key-directory "/var/cache/bind/keys";
>>> forwarders {};
>>> };
>>>
>>> We are also using views in BIND9, but they work well updating the
>>> "internal" and "universe" zones with DHCPv4, i.e.:
>>>
>>> Jun 7 16:48:21 domac dhcpd[986]: DHCPREQUEST for 192.168.100.215
>>> from 9c:3d:cf:11:aa:a6 (R7000P) via eth1
>>> Jun 7 16:48:21 domac dhcpd[986]: DHCPACK on 192.168.100.215 to
>>> 9c:3d:cf:11:aa:a6 (R7000P) via eth1
>>> Jun 7 16:48:21 domac dhcpd[986]: Added new forward map from
>>> R7000P.local.alu.hr to 192.168.100.215
>>> Jun 7 16:48:21 domac dhcpd[986]: Added reverse map from
>>> 215.100.168.192.in-addr.arpa. to R7000P.local.alu.hr
>>>
>>> As you can see in the options, I tried various combinations, and I
>>> seem to be out of options. But we are new to IPv6
>>> and DHCPv6, so there may be something obvious to you I cannot see
>>> (like DDNS not being enabled in ISC dhcpd binary
>>> with option -6)?
>>>
>>> I am very interested personally in IPv6 adoption for we are
>>> expecting a surge in multimedia content provided,
>>> possibly broadcasted, additional options with IoT, security,
>>> surveillance cameras (requiring public IP we are short of).
>>>
>>> All of this would be greatly simplified and more adopted if the
>>> users, professors, staff and students wouldn't
>>> have to remember IPv6 address like 2001:b68:2:2800::3 but used an
>>> automatically assigned domain name instead.
>>>
>>> Manual IPv6 configuration and static tables for this would be an
>>> overkill, we are understaffed to maintain it.
>>>
>>> Thank you very much for your time and help.
>>>
>>> Kind regards,
>>> Mirsad Todorovac
>>>
>> --
>> Mirsad Goran Todorovac
>> CARNet sistem inženjer
>> Grafički fakultet | Akademija likovnih umjetnosti
>> Sveučilište u Zagrebu
> --
> Mirsad Todorovac
> CARNet system engineer
> Faculty of Graphic Arts | Academy of Fine Arts
> University of Zagreb
> Republic of Croatia, the European Union
> --
> CARNet sistem inženjer
> Grafički fakultet | Akademija likovnih umjetnosti
> Sveučilište u Zagrebu
>
--
Mirsad Todorovac
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb
Republic of Croatia, the European Union
--
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20220609/55968960/attachment-0001.htm>
More information about the dhcp-users
mailing list