Ralphred
l33t
Joined: 31 Dec 2013
Posts: 767
|
 Posted: Fri Apr 11, 2025 6:10 pm Post subject: Exerting control over IPV6 addressing. |
 |
|
Known hosts within my local LAN have DHCP assigned pseudo-static addresses, and my local "caching" named instance has a zone file for these so it can resolve and machines can be found from inside the network nice and easily (without any SNAT shenanigans).
Replicating this for IPV6 was a chore, firstly because it tries to auto-configure (as any instructions I read set this up without real explaination), and secondly because dhcp6d is kinda deprecated in favour of net-misc/kea, which is a "more complicated solution" than net-misc/dhcp at first glance.
To save others taking the same complicated reading journey I did, I'll post a snippet of my original /etc/dhcp/dhcpd.conf as a reference to what I was doing, then /etc/kea/dhcp{4,6}.conf snippets that replicate the original in both ipv4 and ipv6. | /etc/dhcp/dhcpd.conf: | ## option definitions common to all supported networks...
include "/etc/dhcp/rndc.key";
ddns-updates on;
ddns-update-style interim;
update-static-leases on;
option domain-name "example.co.uk";
default-lease-time 172800;
max-lease-time 172800;
authoritative;
log-facility local7;
zone example.co.uk. { primary localhost; key rndc-key; }
zone 0.0.10.in-addr.arpa. { primary localhost; key rndc-key; }
subnet 10.0.0.0 netmask 255.255.255.0 {
option routers 10.0.0.254;
option domain-name-servers 10.0.0.254;
option ntp-servers 10.0.0.254;
option domain-name "example.co.uk";
ddns-domainname "example.co.uk.";
ddns-rev-domainname "in-addr.arpa.";
pool {
range 10.0.0.1 10.0.0.31;
deny unknown-clients;
host gentoo1 { hardware ethernet ab:cd:ef:01:23:45; fixed-address 10.0.0.1; }
~~snipped long list of clients~~
}
pool {
range 10.0.0.101 10.0.0.150;
max-lease-time 7200;
}
pool {
max-lease-time 7200;
option domain-name-servers 10.0.0.254;
option ntp-servers 10.0.0.254;
range 10.0.0.241 10.0.0.253;
deny unknown-clients;
host switch1 { hardware ethernet ab:cd:ef:01:23:46; fixed-address 10.0.0.241; }
~~snipped longish list of "infrastructure" clients~~
}
} |
| /etc/kea/dhcp4.conf: | {
"Dhcp4": {
# First we set up global values
"valid-lifetime": 4000,
"renew-timer": 1000,
"rebind-timer": 2000,
#Next we set up the interfaces to be used by the server.
"interfaces-config": {
"interfaces": [ "eth0.1", "eth0.3" ]
},
# And we specify the type of lease database
"lease-database": {
"type": "memfile",
"persist": true,
"name": "/var/lib/kea/dhcp4.leases",
"lfc-interval": 1800
},
# Finally, we list the subnets from which we will be leasing addresses.
"subnet4": [
{ "id": 1,
"subnet": "10.0.0.0/24",
"interface": "eth0.1",
"option-data": [
{ "space": "dhcp4", "name": "routers", "data": "10.0.0.254" },
{ "space": "dhcp4", "name": "domain-name-servers", "data": "10.0.0.254" },
{ "space": "dhcp4", "name": "ntp-servers", "data": "10.0.0.254" },
{ "space": "dhcp4", "name": "domain-name", "data": "example.co.uk" }
],
"pools": [
{ "pool": "10.0.0.1 - 10.0.0.31", "client-class": "know_clients" },
{ "pool": "10.0.0.101 - 10.0.0.150" },
{ "pool": "10.0.0.241 - 10.0.0.253", "client-class": "known_clients"}
],
"reservations": [
{ "hostname": "gentoo1", "hw-address": "ab:cd:ef:01:23:45", "ip-address": "10.0.0.1" },
~~snipped long list of clients~~
{ "hostname": "switch1", "hw-address": "ab:cd:ef:01:23:46", "ip-address": "10.0.0.241" },
~~snipped longish list of "infrastructure" clients~~
]
},
{ "id": 3,
"subnet": "192.168.3.0/24",
"interface": "eth0.3",
"option-data": [
{ "space": "dhcp4", "name": "routers", "data": "192.168.3.254" },
{ "space": "dhcp4", "name": "domain-name-servers", "data": "8.8.4.4, 8.8.8.8" }
],
"pools": [
{ "pool": "192.168.3.1 - 192.168.3.50" }
]
}
],
"loggers": [
{ "name": "kea-dhcp4",
"output_options": [
{ "output": "/var/log/kea/dhcp4.log",
"maxsize": 1048576,
"maxver": 8
}
],
#FATAL, ERROR, WARN, INFO, DEBUG
"severity": "INFO",
#For serverity=DEBUG. 0 is least verbose, 99 is most verbose.
"debuglevel": 0
}
]
}
} |
As the keen eyed will see, during the "upgrade" I split eth0 into separate VLAN's, something that net-misc/dhcp didn't let me do so easily, hence it was just on a "todo" list, and not actually done. | /etc/kea/dhcp6.conf: | {
"Dhcp6": {
# First we set up global values
"valid-lifetime": 4000,
"renew-timer": 1000,
"rebind-timer": 2000,
# Next we set up the interfaces to be used by the server.
"interfaces-config": { "interfaces": [ "eth0.1" ] },
# And we specify the type of lease database
"lease-database": {
"type": "memfile",
"persist": true,
"name": "/var/lib/kea/dhcp6.leases",
"lfc-interval": 1800
},
"subnet6": [
{ "id": 1,
"subnet": "2001:db8:fea1:94c6:258e::/80",
"interface": "eth0.1",
"pools": [ { "pool": "2001:db8:fea1:94c6:258e::1 - 2001:db8:fea1:94c6:258e::50" } ],
"option-data": [
{ "space": "dhcp6", "name": "dns-servers", "data": "2001:db8:fea1:94c6:258e::254" },
{ "space": "dhcp6", "name": "domain-search", "data": "example.co.uk" }
]
}
],
"reservations": [
{"hostname": "gentoo1", "hw-address": "ab:cd:ef:01:23:45", "ip-addresses": [ "2001:db8:fea1:94c6:258e::1" ] },
~~snipped long list of clients~~
],
"loggers": [
{ "name": "kea-dhcp6",
"output_options": [
{ "output": "/var/log/kea/dhcp6.log",
"maxsize": 1048576,
"maxver": 8
}
],
#FATAL, ERROR, WARN, INFO, DEBUG
"severity": "INFO",
#0 is least verbose, 99 is most verbose
"debuglevel": 0
}
]
}
} |
I haven't done any "guest LAN" config in IPV6 (eth0.1 is "my LAN", eth0.3 is "guest LAN") but the similarities between the dhcp4 and dhcp6 config files means someone could without bother. I find JSON a chore to read, so have tried to rationalise it a best as possible with indentation, YMMV in reading it though.
So, to the final piece of the puzzle | /etc/radvd.conf: | interface eth0.1
{
AdvSendAdvert on;
AdvManagedFlag on;
AdvRASrcAddress {2001:db8:fea1:94c6:258e::254;};
AdvSourceLLAddress off;
prefix 2001:db8:fea1:94c6:258e::254/80
{
AdvOnLink on;
AdvAutonomous off;
AdvRouterAddr on;
};
}; |
The prefix for this rhetorical network would be 2001:db8:fea1:94c6::/64. There is a reason to list it as 258e::254/80 as opposed to just 258e::/80, I remember it having something to do with "Mobile IPv6 extensions", but can't find the source right now.
net-misc/dhcp's ddns-updates on; was making a proper mess of my zone files, so I'm kind of glad it's gone. Kea does have a ddns update thingy bundled with it, but I'm gonna steer clear because a tidy zone file is a happy admin, also as the AAAA records don't change inside/outside the LAN I can just cut/paste them into my real DNS hosts zone records at will. |
|
Networking & Security
