ISC DHCPv6-BIND9 DDNS update problem
Mirsad Goran Todorovac
mirsad.todorovac at alu.unizg.hr
Thu Jun 9 13:27:07 UTC 2022
P.P.P.S.
It seems that I have identified the culprit. Our subnet has 6 rogue
DHCPv6 servers according to this nmap scan:
root at domac:~# ip neigh | grep fe80 | grep eth1 | awk '{ print $1 }' |
xargs nmap -6 -p 547
Starting Nmap 7.70 ( https://nmap.org ) at 2022-06-09 15:24 CEST
Nmap scan report for fe80::ac42:4146:51fa:6f1d
Host is up (-0.100s latency).
PORT STATE SERVICE
547/tcp filtered dhcpv6-server
MAC Address: 4C:CC:6A:93:95:B9 (Micro-star Intl)
Nmap scan report for fe80::babe:bfff:fe26:9542
Host is up (-0.072s latency).
PORT STATE SERVICE
547/tcp filtered dhcpv6-server
MAC Address: B8:BE:BF:26:95:42 (Cisco Systems)
Nmap scan report for fe80::98d4:2331:7505:8107
Host is up (0.00058s latency).
PORT STATE SERVICE
547/tcp filtered dhcpv6-server
MAC Address: 04:42:1A:E9:09:9B (Unknown)
Nmap scan report for fe80::7d16:fb12:a937:fb04
Host is up (0.0012s latency).
PORT STATE SERVICE
547/tcp filtered dhcpv6-server
MAC Address: 1C:A0:B8:7D:12:A3 (Hon Hai Precision Ind.)
Nmap scan report for fe80::ad7f:3404:1b4d:4f0d
Host is up (-0.099s latency).
PORT STATE SERVICE
547/tcp filtered dhcpv6-server
MAC Address: 8C:8C:AA:43:FC:5E (Unknown)
Nmap scan report for fe80::8aad:43ff:fefa:3f96
Host is up (0.00078s latency).
PORT STATE SERVICE
547/tcp filtered dhcpv6-server
MAC Address: 88:AD:43:FA:3F:96 (Pegatron)
Nmap done: 19 IP addresses (6 hosts up) scanned in 0.91 seconds
root at domac:~#
I'm afraid we will have to clear one by one before our DHCPv6 on domac
starts receiving any Requests or Confirms.
Mirsad
On 9.6.2022. 11:58, Mirsad Goran Todorovac wrote:
>
> P.P.S.
>
> I have turned off NIC checksum offloading by `ethtool -K eth1 rx off
> tx off`. Now the UDP checksum should be calculated in the kernel (slower).
>
> 11:54:40.438248 IP6 (hlim 1, next-header UDP (17) payload length: 103)
> fe80::9418:9a22:54b8:743f.546 > ff02::1:2.547: [udp sum ok] dhcp6
> solicit (xid=a1f102 (elapsed-time 0) (client-ID hwaddr/time type 1
> time 499890753 f0761c5b0dd5) (IA_NA IAID:338441082 T1:0 T2:0)
> (Client-FQDN) (vendor-class) (option-request DNS-search-list
> DNS-server vendor-specific-info Client-FQDN))
> 11:54:40.438928 IP6 (flowlabel 0x82364, hlim 64, next-header UDP (17)
> payload length: 159) fe80::f21f:afff:fef1:420a.547 >
> fe80::9418:9a22:54b8:743f.546: *[udp sum ok]* dhcp6 advertise
> (xid=a1f102 (IA_NA IAID:338441082 T1:3600 T2:7200 (IA_ADDR
> 2001:b68:2:2800::10:139d pltime:604800 vltime:3600)) (client-ID
> hwaddr/time type 1 time 499890753 f0761c5b0dd5) (server-ID hwaddr/time
> type 1 time 707489786 f01faff1420a) (preference 255) (DNS-search-list
> local.alu.hr. alu.hr.) (DNS-server 2001:b68:2:2800::3 2001:b68:c:2::70:0))
> 11:54:41.445113 IP6 (hlim 1, next-header UDP (17) payload length: 103)
> fe80::9418:9a22:54b8:743f.546 > ff02::1:2.547: [udp sum ok] dhcp6
> solicit (xid=a1f102 (elapsed-time 100) (client-ID hwaddr/time type 1
> time 499890753 f0761c5b0dd5) (IA_NA IAID:338441082 T1:0 T2:0)
> (Client-FQDN) (vendor-class) (option-request DNS-search-list
> DNS-server vendor-specific-info Client-FQDN))
>
> Now the checksums are OK, however the server still doesn't receive
> Request or Confirm message from the client.
> I'm pretty much out of ideas.
>
> Mirsad
>
> On 9.6.2022. 11:22, Mirsad Goran Todorovac wrote:
>>
>> P.S.
>>
>> We are using ISC DHCP 4.4.3 and BIND 9.16.27 on a Debian 10 Buster
>> system with 4.19.235-1 kernel and libc6:amd64 2.28-10+deb10u1.
>>
>> root at domac:~# ldd /usr/local/sbin/dhcpd
>> linux-vdso.so.1 (0x00007ffc7afdb000)
>> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f0671607000)
>> /lib64/ld-linux-x86-64.so.2 (0x00007f0671c05000)
>> root at domac:~#
>>
>> We have updated the network configuration on the router to not relay
>> to DHCPv6 on our domac sever but to advertise DHCPv6 server presence
>> on the subnet.
>>
>> Now the log looks like this:
>>
>> Jun 9 11:04:41 domac dhcpd: Solicit message from
>> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00
>> Jun 9 11:04:41 domac dhcpd: Picking pool address
>> 2001:b68:2:2800::10:1228
>> Jun 9 11:04:41 domac dhcpd: Advertise NA: address
>> 2001:b68:2:2800::10:1228 to client with duid
>> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds
>> Jun 9 11:04:41 domac dhcpd: Sending Advertise to
>> fe80::cff:4b3a:be79:cec0 port 546
>> Jun 9 11:04:41 domac dhcpd: Solicit message from
>> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00
>> Jun 9 11:04:41 domac dhcpd: Picking pool address
>> 2001:b68:2:2800::10:1228
>> Jun 9 11:04:41 domac dhcpd: Advertise NA: address
>> 2001:b68:2:2800::10:1228 to client with duid
>> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds
>> Jun 9 11:04:41 domac dhcpd: Sending Advertise to
>> fe80::cff:4b3a:be79:cec0 port 546
>> Jun 9 11:04:42 domac dhcpd: Solicit message from
>> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00
>> Jun 9 11:04:42 domac dhcpd: Picking pool address
>> 2001:b68:2:2800::10:1228
>> Jun 9 11:04:42 domac dhcpd: Advertise NA: address
>> 2001:b68:2:2800::10:1228 to client with duid
>> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds
>> Jun 9 11:04:42 domac dhcpd: Sending Advertise to
>> fe80::cff:4b3a:be79:cec0 port 546
>> Jun 9 11:04:42 domac dhcpd: Solicit message from
>> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00
>> Jun 9 11:04:42 domac dhcpd: Picking pool address
>> 2001:b68:2:2800::10:1228
>> Jun 9 11:04:42 domac dhcpd: Advertise NA: address
>> 2001:b68:2:2800::10:1228 to client with duid
>> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds
>> Jun 9 11:04:42 domac dhcpd: Sending Advertise to
>> fe80::cff:4b3a:be79:cec0 port 546
>> Jun 9 11:04:44 domac dhcpd: Solicit message from
>> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00
>> Jun 9 11:04:44 domac dhcpd: Picking pool address
>> 2001:b68:2:2800::10:1228
>> Jun 9 11:04:44 domac dhcpd: Advertise NA: address
>> 2001:b68:2:2800::10:1228 to client with duid
>> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds
>> Jun 9 11:04:44 domac dhcpd: Sending Advertise to
>> fe80::cff:4b3a:be79:cec0 port 546
>> Jun 9 11:04:44 domac dhcpd: Solicit message from
>> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00
>> Jun 9 11:04:44 domac dhcpd: Picking pool address
>> 2001:b68:2:2800::10:1228
>> Jun 9 11:04:44 domac dhcpd: Advertise NA: address
>> 2001:b68:2:2800::10:1228 to client with duid
>> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds
>> Jun 9 11:04:44 domac dhcpd: Sending Advertise to
>> fe80::cff:4b3a:be79:cec0 port 546
>> Jun 9 11:04:48 domac dhcpd: Solicit message from
>> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00
>> Jun 9 11:04:48 domac dhcpd: Picking pool address
>> 2001:b68:2:2800::10:1228
>> Jun 9 11:04:48 domac dhcpd: Advertise NA: address
>> 2001:b68:2:2800::10:1228 to client with duid
>> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds
>> Jun 9 11:04:48 domac dhcpd: Sending Advertise to
>> fe80::cff:4b3a:be79:cec0 port 546
>> Jun 9 11:04:48 domac dhcpd: Solicit message from
>> fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00
>> Jun 9 11:04:48 domac dhcpd: Picking pool address
>> 2001:b68:2:2800::10:1228
>> Jun 9 11:04:48 domac dhcpd: Advertise NA: address
>> 2001:b68:2:2800::10:1228 to client with duid
>> 00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for 3600 seconds
>> Jun 9 11:04:48 domac dhcpd: Sending Advertise to
>> fe80::cff:4b3a:be79:cec0 port 546
>>
>> Apparently, the client fe80::cff:4b3a:be79:cec0 never receives DHCPv6
>> Advertisement with assigned address from domac server, so it repeats
>> soliciting for other DHCPv6 server 7 more times:
>>
>> 11:02:37.403227 IP6 (flowlabel 0x9ecff, hlim 1, next-header UDP (17)
>> payload length: 94) fe80::3d9c:9ecd:42c:b76e.546 > ff02::1:2.547:
>> [udp sum ok] dhcp6 solicit (xid=9e8166 (elapsed-time 0) (client-ID
>> hwaddr/time type 1 time 641857482 1ca0b87d1191) (IA_NA IAID:102539448
>> T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request
>> vendor-specific-info DNS-server DNS-search-list Client-FQDN))
>> 11:02:37.403352 IP6 (flowlabel 0x52e68, hlim 64, next-header UDP (17)
>> payload length: 159) fe80::f21f:afff:fef1:420a.547 >
>> fe80::3d9c:9ecd:42c:b76e.546: *[bad udp cksum 0x78d2 -> 0x8bad!]*
>> dhcp6 advertise (xid=9e8166 (IA_NA IAID:102539448 T1:3600 T2:7200
>> (IA_ADDR 2001:b68:2:2800::10:10ef pltime:604800 vltime:3600))
>> (client-ID hwaddr/time type 1 time 641857482 1ca0b87d1191) (server-ID
>> hwaddr/time type 1 time 707489786 f01faff1420a) (preference 255)
>> (DNS-server 2001:b68:2:2800::3 2001:b68:c:2::70:0) (DNS-search-list
>> local.alu.hr. alu.hr.))
>>
>> There is this problem with "bad udp checksum" in tcpdump-ed packets
>> from domac's fe80::f21f:afff:fef1:420a interface: I'm new to IPv6,
>> but I think the receiver party is mandated to discard UDP packets
>> with bad checksum.
>>
>> So the DHCPv6 server on domac never sees a Request nor Confirm
>> message from the client
>> https://datatracker.ietf.org/doc/html/rfc3315#section-5.3
>>
>> REQUEST (3) A client sends a Request message to request
>> configuration parameters, including IP
>> addresses, from a specific server.
>>
>> CONFIRM (4) A client sends a Confirm message to any
>> available server to determine whether the
>> addresses it was assigned are still appropriate
>> to the link to which the client is connected.
>> My knowledge of DHCPv6 is very beginning level, but I'm afraid if we
>> do not make DHCPv6 DDNS work no one will use IPv6 for the addresses
>> like 2001:b68:2:2800::3 are very hard to configure manually, remember
>> and type.
>> The idea was that the users would be able to log in via VPN and
>> access their work PC with a symbolic FQDN domain name.
>>
>> I think I am defeated here: some Googled articles say it is normal
>> for checksum to be bad if it is generated by NIC, but on the other
>> hand the client doesn't appear to receive any Advertise messages or
>> send back Request or Confirm. This way the server never gets
>> confirmation that the address is acceptable by the client and it
>> never proceeds to DDNS name update to the zone at all.
>>
>> The clients worked with the IPv6 SLAAC configuration on the router,
>> but we wanted dynamic DNS addresses on the subnet for the assigned
>> IPv6 addresses to make it more usable.
>>
>> Thank you very much for help.
>>
>> Kind regards,
>> Mirsad Todorovac
>>
>> On 8.6.2022. 6:14, Mirsad Goran Todorovac wrote:
>>> Dear Sirs,
>>>
>>> Having compiled ISC DHCPD 4.4.3 with includes/site.h: #define
>>> DEBUG_DNS_UPDATES
>>> I get the following output. It appears that the DDNS update code
>>> isn't even called for IPv6.
>>>
>>> Am I doing something terribly wrong?
>>>
>>> Thank you.
>>>
>>> Jun 8 06:09:02 domac dhcpd: ddns.c(150): Allocating
>>> ddns_cb=0x5604136c60a0
>>> Jun 8 06:09:02 domac dhcpd: DDNS: ddns_fwd_srv_connector: ddns_cb:
>>> 0x5604136c60a0 flags: 50b state: DDNS_STATE_CLEANUP cur_func: <null>
>>> eresult: 0
>>> Jun 8 06:09:02 domac dhcpd: DDNS: ddns_modify_fwd
>>> Jun 8 06:09:02 domac dhcpd: DDNS: build_fwd_add1:
>>> pname:[R7000P.local.alu.hr] uname:[R7000P.local.alu.hr]
>>> Jun 8 06:09:02 domac dhcpd: DDNS request: id ptr 0x7fdc349e8010
>>> DDNS_STATE_ADD_FW_NXDOMAIN 192.168.100.215 for R7000P.local.alu.hr
>>> zone: local.alu.hr.dhcid:
>>> [00:01:01:52:62:16:06:17:56:5b:21:58:8f:69:59:ee:4e:bb:79:9d:5e:76:9b:3a:f3:b7:2c:0f:cf:01:db:4c:eb:6b:87
>>>
>>> Jun 8 06:09:02 domac dhcpd: ddns.c(1722): Updating lease_ptr for
>>> ddns_cp=0x5604136c60a0 (addr=192.168.100.215)
>>> Jun 8 06:09:02 domac dhcpd: DHCPREQUEST for 192.168.100.215 from
>>> 9c:3d:cf:11:aa:a6 (R7000P) via eth1
>>> Jun 8 06:09:02 domac dhcpd: DHCPACK on 192.168.100.215 to
>>> 9c:3d:cf:11:aa:a6 (R7000P) via eth1
>>> Jun 8 06:09:02 domac dhcpd: DDNS reply: id ptr 0x7fdc349e8010,
>>> result: YXDOMAIN
>>> Jun 8 06:09:02 domac dhcpd: DDNS: ddns_fwd_srv_add1: ddns_cb:
>>> 0x5604136c60a0 flags: 50b state: DDNS_STATE_ADD_FW_NXDOMAIN
>>> cur_func: ddns_fwd_srv_add1 eresult: 196614
>>> Jun 8 06:09:02 domac dhcpd: DDNS: ddns_modify_fwd
>>> Jun 8 06:09:02 domac dhcpd: DDNS: build_fwd_add2:
>>> pname:[R7000P.local.alu.hr] uname:[R7000P.local.alu.hr]
>>> Jun 8 06:09:02 domac dhcpd: DDNS request: id ptr 0x7fdc349e8010
>>> DDNS_STATE_ADD_FW_YXDHCID 192.168.100.215 for R7000P.local.alu.hr
>>> zone: local.alu.hr.dhcid:
>>> [00:01:01:52:62:16:06:17:56:5b:21:58:8f:69:59:ee:4e:bb:79:9d:5e:76:9b:3a:f3:b7:2c:0f:cf:01:db:4c:eb:6b:87
>>>
>>> Jun 8 06:09:02 domac dhcpd: DDNS reply: id ptr 0x7fdc349e8010,
>>> result: success
>>> Jun 8 06:09:02 domac dhcpd: DDNS:ddns_fwd_srv_add2: ddns_cb:
>>> 0x5604136c60a0 flags: 50b state: DDNS_STATE_ADD_FW_YXDHCID cur_func:
>>> ddns_fwd_srv_add2 eresult: 0
>>> Jun 8 06:09:02 domac dhcpd: Added new forward map from
>>> R7000P.local.alu.hr to 192.168.100.215
>>> Jun 8 06:09:02 domac dhcpd: DDNS: ddns_modify_ptr
>>> Jun 8 06:09:02 domac dhcpd: DDNS request: id ptr 0x7fdc349e8010
>>> DDNS_STATE_ADD_PTR R7000P.local.alu.hr for
>>> 215.100.168.192.in-addr.arpa. zone: 168.192.in-addr.arpa.dhcid:
>>> [00:01:01:52:62:16:06:17:56:5b:21:58:8f:69:59:ee:4e:bb:79:9d:5e:76:9b:3a:f3:b7:2c:0f:cf:01:db:4c:eb:6b:87
>>>
>>> Jun 8 06:09:02 domac dhcpd: DDNS reply: id ptr 0x7fdc349e8010,
>>> result: success
>>> Jun 8 06:09:02 domac dhcpd: Added reverse map from
>>> 215.100.168.192.in-addr.arpa. to R7000P.local.alu.hr
>>> Jun 8 06:09:02 domac dhcpd: ddns.c(1325): Updating lease_ptr for
>>> ddns_cp=0x5604136c60a0 (addr=192.168.100.215)
>>> Jun 8 06:09:02 domac dhcpd: ddns.c(1325):
>>> find_lease_by_ip_addr(192.168.100.215) successful:lease=0x7fdc346b4e20
>>> Jun 8 06:09:02 domac dhcpd: ddns.c(1326): freeing
>>> ddns_cb=0x5604136c60a0
>>> Jun 8 06:09:46 domac dhcpd: Solicit message from
>>> fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00
>>> Jun 8 06:09:46 domac dhcpd: Picking pool address
>>> 2001:b68:2:2800::10:1208
>>> Jun 8 06:09:46 domac dhcpd: Advertise NA: address
>>> 2001:b68:2:2800::10:1208 to client with duid
>>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid
>>> for 3600 seconds
>>> Jun 8 06:09:46 domac dhcpd: Sending Advertise to
>>> fe80::8aad:43ff:fefa:3f96 port 546
>>> Jun 8 06:09:46 domac dhcpd: Solicit message from
>>> fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00
>>> Jun 8 06:09:46 domac dhcpd: Picking pool address
>>> 2001:b68:2:2800::10:1208
>>> Jun 8 06:09:46 domac dhcpd: Advertise NA: address
>>> 2001:b68:2:2800::10:1208 to client with duid
>>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid
>>> for 3600 seconds
>>> Jun 8 06:09:46 domac dhcpd: Sending Advertise to
>>> fe80::8aad:43ff:fefa:3f96 port 546
>>> Jun 8 06:09:46 domac dhcpd: Relay-forward message from
>>> fe80::babe:bfff:fe26:9542 port 547, link address 2001:b68:2:2800::1,
>>> peer address fe80::8aad:43ff:fefa:3f96
>>> Jun 8 06:09:46 domac dhcpd: Picking pool address
>>> 2001:b68:2:2800::10:1208
>>> Jun 8 06:09:46 domac dhcpd: Advertise NA: address
>>> 2001:b68:2:2800::10:1208 to client with duid
>>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid
>>> for 3600 seconds
>>> Jun 8 06:09:46 domac dhcpd: Sending Relay-reply to
>>> fe80::babe:bfff:fe26:9542 port 547
>>> Jun 8 06:11:57 domac dhcpd: Solicit message from
>>> fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00
>>> Jun 8 06:11:57 domac dhcpd: Picking pool address
>>> 2001:b68:2:2800::10:1208
>>> Jun 8 06:11:57 domac dhcpd: Advertise NA: address
>>> 2001:b68:2:2800::10:1208 to client with duid
>>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid
>>> for 3600 seconds
>>> Jun 8 06:11:57 domac dhcpd: Sending Advertise to
>>> fe80::8aad:43ff:fefa:3f96 port 546
>>> Jun 8 06:11:57 domac dhcpd: Solicit message from
>>> fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00
>>> Jun 8 06:11:57 domac dhcpd: Picking pool address
>>> 2001:b68:2:2800::10:1208
>>> Jun 8 06:11:57 domac dhcpd: Advertise NA: address
>>> 2001:b68:2:2800::10:1208 to client with duid
>>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid
>>> for 3600 seconds
>>> Jun 8 06:11:57 domac dhcpd: Sending Advertise to
>>> fe80::8aad:43ff:fefa:3f96 port 546
>>> Jun 8 06:11:57 domac dhcpd: Relay-forward message from
>>> fe80::babe:bfff:fe26:9542 port 547, link address 2001:b68:2:2800::1,
>>> peer address fe80::8aad:43ff:fefa:3f96
>>> Jun 8 06:11:57 domac dhcpd: Picking pool address
>>> 2001:b68:2:2800::10:1208
>>> Jun 8 06:11:57 domac dhcpd: Advertise NA: address
>>> 2001:b68:2:2800::10:1208 to client with duid
>>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid
>>> for 3600 seconds
>>> Jun 8 06:11:57 domac dhcpd: Sending Relay-reply to
>>> fe80::babe:bfff:fe26:9542 port 547
>>>
>>> On 07. 06. 2022. 19:13, Mirsad Goran Todorovac wrote:
>>>> Hello all,
>>>>
>>>> I have a problem that our DHCPv6 DDNS update which works reliably
>>>> with IPv4 doesn't work at all when we implemented
>>>> the dual-stack operation with IPv6. There is not even a warning,
>>>> notice or error in the log. No syntax errors in the config
>>>> /etc/dhcp/dhcpd6.conf file.
>>>>
>>>> We are running Debian 10 Buster server with BIND 9.16.27 and ISC
>>>> DHCPd 4.4.1
>>>>
>>>> root at domac:# dpkg -l ...
>>>> Desired=Unknown/Install/Remove/Purge/Hold
>>>> |
>>>> Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
>>>> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
>>>> ||/ Name Version Architecture
>>>> Description
>>>> +++-==============-===========================-============-=================================
>>>>
>>>> ii bind9 1:9.16.27-1~deb11u1~bpo10+1 amd64 Internet
>>>> Domain Name Server
>>>> ii isc-dhcp-server 4.4.1-2+deb10u1 amd64 ISC DHCP server
>>>> for automatic IP address assignment
>>>>
>>>> Here is a typical example of DHCPv6 transactions found in the log:
>>>>
>>>> Jun 7 16:53:27 domac dhcpd[2971]: Solicit message from
>>>> fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00
>>>> Jun 7 16:53:27 domac dhcpd[2971]: Picking pool address
>>>> 2001:b68:2:2800::10:1208
>>>> Jun 7 16:53:27 domac dhcpd[2971]: Advertise NA: address
>>>> 2001:b68:2:2800::10:1208 to client with duid
>>>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid
>>>> for 3600 seconds
>>>> Jun 7 16:53:27 domac dhcpd[2971]: Sending Advertise to
>>>> fe80::8aad:43ff:fefa:3f96 port 546
>>>> Jun 7 16:53:27 domac dhcpd[2971]: Solicit message from
>>>> fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00
>>>> Jun 7 16:53:27 domac dhcpd[2971]: Picking pool address
>>>> 2001:b68:2:2800::10:1208
>>>> Jun 7 16:53:27 domac dhcpd[2971]: Advertise NA: address
>>>> 2001:b68:2:2800::10:1208 to client with duid
>>>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid
>>>> for 3600 seconds
>>>> Jun 7 16:53:27 domac dhcpd[2971]: Sending Advertise to
>>>> fe80::8aad:43ff:fefa:3f96 port 546
>>>> Jun 7 16:53:27 domac dhcpd[2971]: Relay-forward message from
>>>> fe80::babe:bfff:fe26:9542 port 547, link address
>>>> 2001:b68:2:2800::1, peer address fe80::8aad:43ff:fefa:3f96
>>>> Jun 7 16:53:27 domac dhcpd[2971]: Picking pool address
>>>> 2001:b68:2:2800::10:1208
>>>> Jun 7 16:53:27 domac dhcpd[2971]: Advertise NA: address
>>>> 2001:b68:2:2800::10:1208 to client with duid
>>>> 00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid
>>>> for 3600 seconds
>>>> Jun 7 16:53:27 domac dhcpd[2971]: Sending Relay-reply to
>>>> fe80::babe:bfff:fe26:9542 port 547
>>>>
>>>> fe80::babe:bfff:fe26:9542 is local-link address of our router.
>>>>
>>>> Our DNS/DHCP server is 161.53.235.3 or 2001:b68:2:2800::3, LLA for
>>>> eth1 is fe80::f21f:afff:fef1:420a/64
>>>>
>>>> Here is our /etc/dhcp/dhcpd6.conf:
>>>>
>>>> default-lease-time 3600;
>>>> preferred-lifetime 604800;
>>>> option dhcp-renewal-time 3600;
>>>> option dhcp-rebinding-time 7200;
>>>> allow leasequery;
>>>>
>>>> option dhcp6.name-servers 2001:b68:2:2800::3,2001:b68:c:2::70:0;
>>>> option dhcp6.domain-search "alu.hr";
>>>>
>>>> option dhcp6.info-refresh-time 21600;
>>>>
>>>> ddns-update-style standard;
>>>> ddns-dual-stack-mixed-mode true;
>>>> update-conflict-detection false;
>>>> update-optimization false;
>>>> deny client-updates;
>>>> ddns-updates on;
>>>> authoritative;
>>>> log-facility local7;
>>>> ddns-domainname "local.alu.hr.";
>>>> ddns-rev-domainname "ip6.arpa.";
>>>>
>>>> include "/etc/bind/ddns.key";
>>>>
>>>> shared-network ilica85.alu.hr {
>>>> subnet6 2001:b68:2:2800::/64 {
>>>> range6 2001:b68:2:2800::10:1000 2001:b68:2:2800::10:13ff;
>>>> option dhcp6.domain-search "local.alu.hr","alu.hr";
>>>> option dhcp6.name-servers
>>>> 2001:b68:2:2800::3,2001:b68:c:2::70:0;
>>>> ddns-domainname "local.alu.hr";
>>>>
>>>> zone local.alu.hr. {
>>>> # primary6 2001:b68:2:2800::3;
>>>> primary 127.0.0.1;
>>>> key DDNS_UPDATE;
>>>> }
>>>> zone 0.0.8.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa. {
>>>> # primary6 2001:b68:2:2800::3;
>>>> primary 127.0.0.1;
>>>> key DDNS_UPDATE;
>>>> }
>>>> }
>>>> }
>>>>
>>>> subnet6 2001:b68:2:2a00::/64 {
>>>> range6 2001:b68:2:2a00::1000 2001:b68:2:2a00::10ff;
>>>> option dhcp6.domain-search "slava.alu.hr","alu.hr";
>>>> option dhcp6.name-servers
>>>> 2001:b68:2:2800::3,2001:b68:c:2::70:0;
>>>> ddns-domainname "slava.alu.hr";
>>>>
>>>> zone slava.alu.hr. {
>>>> primary6 2001:b68:2:2800::3;
>>>> key DDNS_UPDATE;
>>>> }
>>>>
>>>> zone 0.0.a.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa. {
>>>> primary6 2001:b68:2:2800::3;
>>>> key DDNS_UPDATE;
>>>> }
>>>> }
>>>>
>>>> The corresponding entries in /etc/bind/named.conf.local are:
>>>>
>>>> zone "0.0.8.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa" in {
>>>> type master;
>>>> file
>>>> "/var/cache/bind/0.0.8.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa.db";
>>>> allow-update { key DDNS_UPDATE; };
>>>> allow-transfer { 31.147.205.54; 161.53.2.70; };
>>>> also-notify { 31.147.205.54; 161.53.2.70; };
>>>> forwarders {};
>>>> };
>>>>
>>>> zone "0.0.a.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa" in {
>>>> type master;
>>>> file
>>>> "/var/cache/bind/0.0.a.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa.db";
>>>> allow-update { key DDNS_UPDATE; };
>>>> allow-transfer { 31.147.205.54; 161.53.2.70; };
>>>> also-notify { 31.147.205.54; 161.53.2.70; };
>>>> forwarders {};
>>>> };
>>>>
>>>> zone "local.alu.hr" in {
>>>> type master;
>>>> file "/var/cache/bind/local.alu.hr.db";
>>>> allow-update { key DDNS_UPDATE; };
>>>> allow-transfer { 31.147.205.54; 161.53.2.70; };
>>>> also-notify { 31.147.205.54; 161.53.2.70; };
>>>> forwarders {};
>>>> };
>>>>
>>>> zone "slava.alu.hr" in {
>>>> type master;
>>>> file "/var/cache/bind/slava.alu.hr.db";
>>>> allow-update { key DDNS_UPDATE; };
>>>> allow-transfer { 31.147.205.54; 161.53.2.70; };
>>>> also-notify { 31.147.205.54; 161.53.2.70; };
>>>> dnssec-policy "standard";
>>>> key-directory "/var/cache/bind/keys";
>>>> forwarders {};
>>>> };
>>>>
>>>> We are also using views in BIND9, but they work well updating the
>>>> "internal" and "universe" zones with DHCPv4, i.e.:
>>>>
>>>> Jun 7 16:48:21 domac dhcpd[986]: DHCPREQUEST for 192.168.100.215
>>>> from 9c:3d:cf:11:aa:a6 (R7000P) via eth1
>>>> Jun 7 16:48:21 domac dhcpd[986]: DHCPACK on 192.168.100.215 to
>>>> 9c:3d:cf:11:aa:a6 (R7000P) via eth1
>>>> Jun 7 16:48:21 domac dhcpd[986]: Added new forward map from
>>>> R7000P.local.alu.hr to 192.168.100.215
>>>> Jun 7 16:48:21 domac dhcpd[986]: Added reverse map from
>>>> 215.100.168.192.in-addr.arpa. to R7000P.local.alu.hr
>>>>
>>>> As you can see in the options, I tried various combinations, and I
>>>> seem to be out of options. But we are new to IPv6
>>>> and DHCPv6, so there may be something obvious to you I cannot see
>>>> (like DDNS not being enabled in ISC dhcpd binary
>>>> with option -6)?
>>>>
>>>> I am very interested personally in IPv6 adoption for we are
>>>> expecting a surge in multimedia content provided,
>>>> possibly broadcasted, additional options with IoT, security,
>>>> surveillance cameras (requiring public IP we are short of).
>>>>
>>>> All of this would be greatly simplified and more adopted if the
>>>> users, professors, staff and students wouldn't
>>>> have to remember IPv6 address like 2001:b68:2:2800::3 but used an
>>>> automatically assigned domain name instead.
>>>>
>>>> Manual IPv6 configuration and static tables for this would be an
>>>> overkill, we are understaffed to maintain it.
>>>>
>>>> Thank you very much for your time and help.
>>>>
>>>> Kind regards,
>>>> Mirsad Todorovac
>>>>
>>> --
>>> Mirsad Goran Todorovac
>>> CARNet sistem inženjer
>>> Grafički fakultet | Akademija likovnih umjetnosti
>>> Sveučilište u Zagrebu
>> --
>> Mirsad Todorovac
>> CARNet system engineer
>> Faculty of Graphic Arts | Academy of Fine Arts
>> University of Zagreb
>> Republic of Croatia, the European Union
>> --
>> CARNet sistem inženjer
>> Grafički fakultet | Akademija likovnih umjetnosti
>> Sveučilište u Zagrebu
>>
> --
> Mirsad Todorovac
> CARNet system engineer
> Faculty of Graphic Arts | Academy of Fine Arts
> University of Zagreb
> Republic of Croatia, the European Union
> --
> CARNet sistem inženjer
> Grafički fakultet | Akademija likovnih umjetnosti
> Sveučilište u Zagrebu
>
--
Mirsad Todorovac
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb
Republic of Croatia, the European Union
--
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20220609/7767e09d/attachment-0001.htm>
More information about the dhcp-users
mailing list