The default AdvRDNSSLifetime and AdvDNSSLLifetime at this point appear to be equal to the MaxRtrAdvInterval. That seems to risk loss of RDNSS and DNSSL if a single RA is lost.
RFC 8106 5.1 (https://datatracker.ietf.org/doc/html/rfc8106#section-5.1) indicates that that the lifetime of DNS options should by default be 3x MaxRtrAdvInterval.
Is it intentional that this is currently equal to MaxRtrAdvInterval instead?
By default, OPNsense doesn't configure AdvRDNSSLifetime / AdvDNSSLLifetime values at all, so radvd uses its own defaults. This should be 2*MaxRtrAdvInterval according to the radvd man page (https://man.freebsd.org/cgi/man.cgi?query=radvd.conf). If it isn't, then raising an issue with radvd would be preferable to adding default overrides in OPNsense, imho.
Cheers
Maurice
Ah, gotcha. Thx, I see that now under `/var/etc/radvd.conf`, that AdvRDNSSLifetime and AdvDNSSLLifetime are left empty / unset, not autogenerated explicitly. Thx. I will check over with radvd.
k, it looks like this was fixed/updated in https://github.com/radvd-project/radvd/commit/17c43bff200bbc1d4786eb917860a79db4f95c2e, with a reference to https://github.com/radvd-project/radvd/issues/143
That's in master, but currently in the v2.20_rc1 tag. So, it's not present in the current 2.19 release. in the meantime, the online published docs appear to reflect that 3*MaxRtrAdvInterval, while 2.19 still does AdvRDNSSLifetime = MaxRtrAdvInterval.
We'll just have to wait for the proper 2.20 release of radvd, from the looks of it.