I currently use Services->Router Advertisements->LAN in stateless mode to squirt out some IPv6 addresses to my LAN.
Specifically, the key part I need is AdvLinkMTU, which for me is set to 1280, due to the fact I get my IPv6 over Wireguard from a VPS.
I've moved everything from ISC and Unbound to fully use DnsMasq, which works great, but left my RA as above.
As an exercise, I was looking to move my RA to DnsMasq, but stumbled across the AdvLinkMTU issue, which you dont appear to be able to configure.
I haven't got an issue sticking with the current method, but wondered if I was missing a trick here?
If I move it to DnsMasq, the MTU wont be set to 1280......and I don't want to lower my whole LAN, as the above works just fine.
TIA
Set an explicit RA mode in the dhcp-range, then you can set an MTU for RA.
https://github.com/opnsense/docs/blob/e46dfd4cb78dd2459716785a4ca46950e70b8a92/source/manual/dnsmasq.rst?plain=1#L290
https://docs.opnsense.org/manual/dnsmasq.html#dhcp-settings
Quote from: Monviech (Cedrik) on July 21, 2025, 03:04:16 PMSet an explicit RA mode in the dhcp-range, then you can set an MTU for RA.
https://github.com/opnsense/docs/blob/e46dfd4cb78dd2459716785a4ca46950e70b8a92/source/manual/dnsmasq.rst?plain=1#L290
https://docs.opnsense.org/manual/dnsmasq.html#dhcp-settings
Absolutely brilliant.....thanks.....
Just to confirm this worked perfectly.
Thanks....
Now using DNSMasq for DHCP, DNS, and RA.
Sorry, but I'm back again.
It seems that DNSMasq is sending out RDNSS when I dont want it to....:(
Anyway to stop that? I dont want any DNS info sent with the RA.
In the other method it was a checkbox, but struggling to find it in DNSMasq...
Sorry for the trouble....
In DHCP Options, create one like this:
Type: Set
Option6: dns-server [23]
Interface: Any
Value: (you leave this field empty)
Description: Strip DHCPv6 and RDDNS dns server option
That should strip it, empty value DHCP option should do the trick.
If not, please tell me and I'll double check on my end.
I *think* that may have done it:
No rdnss option showing now
15:26:32.529712 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 64) fe80::aab8:e0ff:fe02:d25 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 64
hop limit 255, Flags [other stateful], pref medium, router lifetime 600s, reachable time 0ms, retrans timer 0ms
prefix info option (3), length 32 (4): fd76:192:168:76::/64, Flags [onlink, auto], valid time 86400s, pref. time 86400s
0x0000: 40c0 0001 5180 0001 5180 0000 0000 fd76
0x0010: 0192 0168 0076 0000 0000 0000 0000
mtu option (5), length 8 (1): 1280
0x0000: 0000 0000 0500
source link-address option (1), length 8 (1): xx:xx:e0:02:0d:xx
0x0000: a8b8 e002 0d25
Great.
Dnsmasq does some shenanigans here.
It combines the DHCPv6 dns-server option with RA to also send it out as RDDNS option.
So by stripping it, it surpresses the RDDNS option, was my assumption. And I think it was right.
It seems fine on iOS devices, but one of my windows devices still has the DNS, even after a reboot.
It's a Proxmox VM so need some digging.
Might need to get wireshark involved here.
Definitely can't see the rdnss in the RA on Linux.
Thank you so much for your help thus far....
Windows might cache it until a reboot its a bit weird there.
Or try "ipconfig -release6"
If you find anything else weird let me know :)
Thanks Cedric,
Thankfully a reboot of Proxmox itself seems to have resolved it.
I can only imagine RDNSS got stuck on vmbr0, which is what the windows VM uses.
I truly love OPNsense, and I am so appreciative of your help.