OPNsense Forum

English Forums => 25.7, 25.10 Series => Topic started by: OzziGoblin on November 04, 2025, 05:18:02 AM

Title: dnsmasq and ipv6 config
Post by: OzziGoblin on November 04, 2025, 05:18:02 AM
Hi

I've been able to migrate to dnsmasq but there are some IPv6 settings I'm confused about.

I have been assigned a /48 IPv6 address by my ISP, it's segmented this into various /64s for each interface in OpnSense.  Each interface is configured with IPv6 Configuration Type of "Track Interface"  WAN as the parenjt address.
I used to use Router Advertisements, but I've been able to stop using that with the use of dnsmasq ranges, see below.

(about:invalid)

The question is, what setting do I need on each network interface for IPv6 Configuration Type, testing reveals I can disable it, but I'm not sure if that is correct.

Thanks for your help
Title: Re: dnsmasq and ipv6 config
Post by: sifrmoja on November 04, 2025, 05:32:53 AM
The official guide (https://docs.opnsense.org/manual/ipv6.html) for IPv6 goes through setting up exactly what you are doing. What exactly are you struggling with?
Title: Re: dnsmasq and ipv6 config
Post by: OzziGoblin on November 04, 2025, 05:42:30 AM
Hi

Basically, if I'm using dnsmasq ipv6 RA modes to assign ipv6 addresses, do I need the setting enabled on the network interface to track the WAN and what should it be?

ATM each client is getting 2 ipv6 addresses, one seems to be from dnsmasq and the other appears be from the network interface

thanks

Title: Re: dnsmasq and ipv6 config
Post by: sifrmoja on November 04, 2025, 05:54:11 AM
Is the second one the privacy address? They both appear to be on the same /64.

Edit: it appears you are using DHCPv6 to send out client IPs as well as SLAAC. You should only use DHCPv6 for prefix delegation and maybe DNS server information.
Title: Re: dnsmasq and ipv6 config
Post by: OzziGoblin on November 04, 2025, 06:44:14 AM
Thanks, I think it's because I followed the instructions and used slaac,ra-names in dnsmasq.

Title: Re: dnsmasq and ipv6 config
Post by: OzziGoblin on November 04, 2025, 11:58:32 AM
In the end I've reverted to snapshot, I can't figure out the required IPv6 DHCP settings if not using ISC and RA.

Hopefully I can continue using ISC until I can get it working in a lab and then put into my system
Title: Re: dnsmasq and ipv6 config
Post by: Monviech (Cedrik) on November 04, 2025, 01:04:22 PM
Either you configure the IPv6 statically, or you use track interface and use the dnsmasq constructor, pointing each DHCPv6 range to the interface it should construct the RAs from.

E.g. this example works when having LAN on "Track Interface" /or/ a static IPv6 address

https://docs.opnsense.org/manual/dnsmasq.html#dhcpv6-and-router-advertisements
Title: Re: dnsmasq and ipv6 config
Post by: muchacha_grande on November 04, 2025, 04:36:51 PM
You can use the following guide as an additional source:

https://homenetworkguy.com/how-to/migrate-from-isc-dhcp-to-dnsmasq-or-kea-dhcp-in-opnsense/

I'm studying the migration right now as I'll be moving to dnsmasq in the following days.
Title: Re: dnsmasq and ipv6 config
Post by: OzziGoblin on November 04, 2025, 10:32:53 PM
Thanks, I did follow this guide

I'll be interested to hear how your migration goes, specifically around the interface IPv6 settings (tracking vs dhcp vs slaac) and the dnsmasq IPv6 dhcp ranges and their RA modes. Also whether you were able to completely remove ISC and dependancy on the seperate Router Advertisement service, as it's built into dnsmasq.
If you'd be willing to share how you went it would really be appreciated.  After spending too many hours researching, implementing and testing I wasn't able to get IPv6 working without duplicate addresses being assigned and Testipv6 failing so just reverted.

thanks
Title: Re: dnsmasq and ipv6 config
Post by: OzziGoblin on November 07, 2025, 01:42:09 AM
Right here is an update on the second migration attempt...

I have IPv4 working
IPv6 addresses are being assigned from the interfaces, which are set to track the wan. 
However, there are no IPv6 leases being registed in dnsmasq.  The only way I am able to get the leases registed is if I enter start and end IPv6 addresses, which adds an EXTRA IPv6 address to each device.

here are the settings on the DHCP range that I'm applying (can't seem to include an image for some reason?)

start address ::3000
end address ::4000
constructor - same as Interface
RA Mode slaac, ra-names
Domain Type - Interface

With the above configured, I get  the IPv6 address registed which looks something like this - xxxx:xxxx:c3ca:dd30::33cc

on the client I have the following now

DHCP Enabled. . . . . . . . . . . : Yes
  Autoconfiguration Enabled . . . . : Yes
  IPv6 Address. . . . . . . . . . . : xxxx:xxxx:c3ca:dd30::33cc(Preferred)        EXTRA IPv6 Address  ************
  Lease Obtained. . . . . . . . . . : Friday, 7 November 2025 11:28:33 AM
  Lease Expires . . . . . . . . . . : Friday, 7 November 2025 11:33:33 AM
  IPv6 Address. . . . . . . . . . . : xxxx:xxxx:c3ca:dd30:1a5d:5283:b231:d91a(Preferred)
  Link-local IPv6 Address . . . . . : xxxx::xxxx:xxxx:f53a:fe3d%3(Preferred)
  IPv4 Address. . . . . . . . . . . : 10.0.30.2(Preferred)
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Lease Obtained. . . . . . . . . . : Friday, 7 November 2025 11:30:25 AM
  Lease Expires . . . . . . . . . . : Friday, 7 November 2025 11:35:24 AM
  Default Gateway . . . . . . . . . : xxxx::xxx:xxxx:fe01:82c6%3
                                      10.0.30.1
  DHCP Server . . . . . . . . . . . : 10.0.30.1
  DHCPv6 IAID . . . . . . . . . . . : 194570051
  DHCPv6 Client DUID. . . . . . . . :
  DNS Servers . . . . . . . . . . . : xxxx:xxxx:c3ca:dd30:2e2:59ff:fe01:82c6
                                      10.0.30.1
                                      xxxx:xxxx:c3ca:dd30:2e2:59ff:fe01:82c6
  NetBIOS over Tcpip. . . . . . . . : Enabled

Does anyone know how to resolve the IPv6 address registration issue and remove the extra address?

thanks
Title: Re: dnsmasq and ipv6 config
Post by: Maurice on November 07, 2025, 04:52:52 AM
Two addresses is what you configured - one SLAAC address and one DHCPv6 address.

If you want only DHCPv6, remove 'slaac' from RA Mode.

If you want only SLAAC, remove 'slaac', add 'ra-stateless' and remove start / end address.
Title: Re: dnsmasq and ipv6 config
Post by: OzziGoblin on November 07, 2025, 06:27:13 AM
Hi Maurice

Thanks for the help.

I'd like to remove all dependancies on the old ISC, so I've removed DHCP6 from the interface.  I'm now only left with the dnsmasq config.
I've tried the suggestions you've given me, but I don't get an IPv6 address on that interface anymore.

Just to clarify, I specifiy the same interface for the constructor?
And should the WAN interface still be set to DHCPv6 and if it changes what should I set it to SLAAC?  My ISP supports slaac and I currently get a /48 via DHCPv6.
thanks


Title: Re: dnsmasq and ipv6 config
Post by: Maurice on November 07, 2025, 06:48:23 PM
Quote from: OzziGoblin on November 07, 2025, 06:27:13 AMI don't get an IPv6 address on that interface anymore.
The interface itself doesn't get an IPv6 address? That would be unrelated to the Dnsmasq settings.
Or clients connected to that interface don't get IPv6 addresses? Then Dnsmasq isn't configured correctly. Did you enable Router Advertisements in its general settings?

Quote from: OzziGoblin on November 07, 2025, 06:27:13 AMAnd should the WAN interface still be set to DHCPv6
Yes. That's the DHCPv6 client, unrelated to the Dnsmasq DHCPv6 server.
Title: Re: dnsmasq and ipv6 config
Post by: OzziGoblin on November 08, 2025, 01:11:38 AM
Unfortunately I'm not having any success with this.

Router Advertisements in general settings is enabled, although I didn't believe this was required if configured on each interface, when reading the help for the setting.
WAN interface IPv6 is set to DHCPv6
LAN Interface IPv6 configuration is set to none, so no entry available for ISC DHCPv6 or Router Advertisements.

Re the DNSMASQ RA configuration I've tried all the options and no IPv6 address is assigned to the client.

I'm starting to think that dnsmasq is incapable of assigning an ipv6 address to the clients.

Where am I going wrong?
Title: Re: dnsmasq and ipv6 config
Post by: Maurice on November 08, 2025, 01:18:19 AM
Quote from: OzziGoblin on November 08, 2025, 01:11:38 AMLAN Interface IPv6 configuration is set to none, so no entry available for ISC DHCPv6 or Router Advertisements.

The LAN interface obviously must track the WAN, otherwise it won't have an IPv6 address and Dnsmasq can't construct a range.
Title: Re: dnsmasq and ipv6 config
Post by: OzziGoblin on November 08, 2025, 01:23:59 AM
that would mean I can't remove isc dhcpv6 or the router advertisement service as it's enabled when tracking is enabled.

So it would seem that dnsmasq is not able to completely replace ISC yet?
Title: Re: dnsmasq and ipv6 config
Post by: Maurice on November 08, 2025, 01:55:04 AM
Services: ISC DHCPv6: [LAN interface]: uncheck 'Enable'
Services: Router Advertisements: [LAN interface]: set Router Advertisements to 'Disabled'
Title: Re: dnsmasq and ipv6 config
Post by: OzziGoblin on November 08, 2025, 02:00:18 AM
Yip, they are configured exactly like that :-)

But then dnsmasq isn't assigning the ipv6 address is it?
Title: Re: dnsmasq and ipv6 config
Post by: Maurice on November 08, 2025, 02:01:22 AM
... and?
Title: Re: dnsmasq and ipv6 config
Post by: OzziGoblin on November 08, 2025, 02:05:46 AM
sorry I don't mean to appear rude, but wasn't the point of migrating to dnsmasq to remove dependancy on ISC so it can be removed at the next major update?

thanks
Title: Re: dnsmasq and ipv6 config
Post by: Maurice on November 08, 2025, 02:11:45 AM
I don't get your point, sorry.

Quote from: Maurice on November 08, 2025, 01:55:04 AMServices: ISC DHCPv6: [LAN interface]: uncheck 'Enable'

This disables ISC DHCPv6. It stops the service. So there is no more dependency.
Title: Re: dnsmasq and ipv6 config
Post by: OzziGoblin on November 08, 2025, 02:18:18 AM
ok, thanks for all your patience with me Maurice, you've been a big help
Title: Re: dnsmasq and ipv6 config
Post by: muchacha_grande on December 23, 2025, 04:11:21 AM
Hi OzziGoblin, as we talked earlier I'm reporting my still ongoing migration from ISC DHCP 4 and 6 to Dnsmasq.
I made a first try today and it didn't work as expected. I couldn't make DHCPv6 working as it is with ISC DHCPv6.

My setup is somewhat weird because my OPNSense is behind the ISP router already acting as NAT router with a configured DMZ pointing to OPNSense WAN.
The ISP doesn't allow me to use bridge mode, so this is what I have.

The rare thing is the way I could get IPv6 to work. The ISP assigns a single /64 IPv6, no PD, no nothing. So I'm doing NATv6 and DHCPv6 assigns /80 addresses to local PCs. I chose /80 because I have some VLANs and I had to create different subnets for each one.

This way I have IPv6 /80 networks on each VLAN and it works perfect. Is not the ideal situation because I'm NATing IPv6, but I didn't find a single problem yet in the daily use.

THE MIGRATION:
I could make work the IPv4 part, but I couldn't make DHCPv6 assign an address. It doesn't work. The Dnsmask log says "dnsmask no address range available for DHCPv6".
I tried different RA flags, and even external radvd in assisted mode as the docs says, but still nothing.
One thing I noted is that I can't select other prefix than 64. Higher numbers throws an "integer" error on the GUI and lower values makes Dnsmask to abort at start telling that the prefix has to be at least 64. So the only choice is 64.

With ISC DHCPv6 I have /80 configured as prefix for the assigned addresses on each VLAN.

Well... that's all for now. I'll keep trying...

Cheers
Title: Re: dnsmasq and ipv6 config
Post by: Maurice on December 23, 2025, 12:53:46 PM
Quote from: muchacha_grande on December 23, 2025, 04:11:21 AMThe ISP assigns a single /64 IPv6, no PD, no nothing.

Is this /64 on-link on the ISP router's LAN interface? Then I'd recommend trying the new os-ndp-proxy-go plugin. It allows you to use the same /64 for the OPNsense LANs and you won't need NAT.

Cheers
Maurice
Title: Re: dnsmasq and ipv6 config
Post by: muchacha_grande on December 23, 2025, 01:03:41 PM
Hi Maurice.

Quote from: Maurice on December 23, 2025, 12:53:46 PMIs this /64 on-link on the ISP router's LAN interface?

Yes it is. I saw this plugin recently. I've tested NDP proxy in the past. The no "go" version, and it worked fine on a test router. I'll give this a try.
Do you know if this works fine when there are multiple subnets?
Title: Re: dnsmasq and ipv6 config
Post by: Maurice on December 23, 2025, 01:13:18 PM
ndp-proxy-go was developed from scratch by OPNsense OG @Monviech. It's way ahead of ndproxy. And yes, you can use it for multiple LANs. They will all share the same /64, the proxy can handle this.
Title: Re: dnsmasq and ipv6 config
Post by: Monviech (Cedrik) on December 23, 2025, 01:31:32 PM
Please also read the documentation:
https://docs.opnsense.org/manual/ndp-proxy-go.html
Title: Re: dnsmasq and ipv6 config
Post by: muchacha_grande on December 23, 2025, 02:35:03 PM
Quote from: Monviech (Cedrik) on December 23, 2025, 01:31:32 PMPlease also read the documentation:
https://docs.opnsense.org/manual/ndp-proxy-go.html (https://docs.opnsense.org/manual/ndp-proxy-go.html)


Excellent, thank you, I will.


About, my failed Dnsmask DHCPv6 migration attempt. Do you know have an idea of what could be wrong?

I couldn't make DHCPv6 assign an address on any VLAN. Neither a reserved address nor a dynamic one.
Title: Re: dnsmasq and ipv6 config
Post by: Monviech (Cedrik) on December 23, 2025, 04:01:31 PM
What you have been doing wrong is simple. /64 is the smallest possible prefix. Do not try to fight well established IPv6 standards with assumptions like using /80 is fine.

Title: Re: dnsmasq and ipv6 config
Post by: muchacha_grande on December 23, 2025, 04:58:55 PM
I suppose that I'm misunderstanding some basic concept here.

I'm using /80 because I've configured a different subnet for each VLAN. The first 16 bits after the 64 bits prefix are the subnet, so I set each VLAN interface with a /80 address and I ask DHCPv6 to assign each PC an address inside the range of the VLAN it is connected to.

As my ISP doesn't assigns a larger prefix, how could I divide a network into smaller subnets?
Title: Re: dnsmasq and ipv6 config
Post by: Patrick M. Hausen on December 23, 2025, 05:01:50 PM
You can't. A /64 is the only possible network size on a broadcast (Ethernet) interface. Your ISP is supposed (by recommendation of all regional Internet registries like e.g. RIPE for Europe) to assign you a /56 and never anything smaller.
Title: Re: dnsmasq and ipv6 config
Post by: Monviech (Cedrik) on December 23, 2025, 05:11:03 PM
Or you use the ndp proxy from earlier which helps you to provide the same /64 to any amount of downstream vlans. You dont need to think about subnetting when using it since it targets each individual host automatically via host routes.

Just turn off any dhcpv6 and RA service when using it.
Title: Re: dnsmasq and ipv6 config
Post by: muchacha_grande on December 23, 2025, 05:23:12 PM
Ok, from what Patrick said, if I can't subnet a /64 I have two options from here:

1. Pin to ISC that will be soon a plugin and discontinued afterwards

2. Implement NDP and forget about subnets (have to change my mind) and after that migrate to Dnsmask


Thank you Patrick and Monviech for you advice. I think I'll go on with the second option. Will post the results here of course.
Title: Re: dnsmasq and ipv6 config
Post by: Maurice on December 23, 2025, 05:29:35 PM
Why do you feel the need to internally use /80s based on your public /64? You could choose any unused /48 and subnet it into /64s for your VLANs. Since you use NAT anyway, your internal addresses don't really matter.

The ND proxy solution (without NAT) is preferrable though.

While it's technically possible to use prefixes longer than /64, it's not recommended and issues are to be expected.
Title: Re: dnsmasq and ipv6 config
Post by: Patrick M. Hausen on December 23, 2025, 05:36:19 PM
3. Kick your ISP until they follow recommended practice 🙂

https://www.rfc-editor.org/rfc/rfc3177

3. Address Delegation Recommendations

   The IESG and the IAB recommend the allocations for the boundary
   between the public and the private topology to follow those general
   rules:

      -  /48 in the general case, except for very large subscribers.
      -  /64 when it is known that one and only one subnet is needed by
         design.
      -  /128 when it is absolutely known that one and only one device
         is connecting.

   In particular, we recommend:

      -  Home network subscribers, connecting through on-demand or
         always-on connections should receive a /48.
      -  Small and large enterprises should receive a /48.
      -  Very large subscribers could receive a /47 or slightly shorter
         prefix, or multiple /48's.
[...]

So even a /56 is debatable although in most cases enough (I can theoretically have 256 VLANs with my /56 I get from Deutsche Telekom).
Title: Re: dnsmasq and ipv6 config
Post by: muchacha_grande on December 24, 2025, 12:18:01 AM
Quote from: Patrick M. Hausen on December 23, 2025, 05:36:19 PMKick your ISP until they follow recommended practice

Patrick, here in Argentina ISPs are offering to home user, services like the one I have. If I want a /48 prefix I need to pay a business plan and the costs are much higher. They argue that business plans has less downtime also, but I can see on the streets that the infrastructure is the same that of the home users (cables and equipment) so paying more money only to have a fixed IP or a /48 prefix doesn't worth it, for now. The game changer will be the day that they put me in a CGNAT network. That day I will have to go for a higher plan to keep a public IP.

Quote from: Maurice on December 23, 2025, 05:29:35 PMWhy do you feel the need to internally use /80s based on your public /64?

Some years ago, when I was configuring IPv6 for the first time, I had to chose between using GUAs or ULAs and someone advice me to use GUAs because Windows had some problems with ULAs. As I was using Windows at that time, I went with GUAs. Now I'm mostly using Linux and could try using ULAs.
I understand that when you say that I could chose any unused /48, you are talking about ULAs. Are you?
Title: Re: dnsmasq and ipv6 config
Post by: Patrick M. Hausen on December 24, 2025, 12:28:32 AM
You could write to LACNIC asking if there is any way to exert some pressure on ISPs who do not follow proper conventions. ISPs in your country get their IP addresses from LACNIC and with almost certainty signed that they will use them adhering to standards.

Yes, for NAT66 you could use some GUA that you know are unused. ULA is not recommended, because happy eyeballs prioritises it after IPv4.
Title: Re: dnsmasq and ipv6 config
Post by: OPNenthu on December 24, 2025, 01:13:04 AM
Quote from: OzziGoblin on November 07, 2025, 01:42:09 AMHowever, there are no IPv6 leases being registed in dnsmasq.  The only way I am able to get the leases registed is if I enter start and end IPv6 addresses, which adds an EXTRA IPv6 address to each device.

Quote from: OzziGoblin on November 08, 2025, 01:11:38 AMRe the DNSMASQ RA configuration I've tried all the options and no IPv6 address is assigned to the client.

I'm starting to think that dnsmasq is incapable of assigning an ipv6 address to the clients.

Where am I going wrong?

Ozzi, I think you might be getting mixed up about the different IPv6 RA modes and expectations with regard to the Leases table.  It's only when you're using DHCPv6 that IPv6 addresses are assigned to clients and the leases are tracked.  If you're using SLAAC (and only SLAAC) then those are stateless addresses generated on the clients themselves and they aren't tracked like leases.

DHCPv6 and SLAAC can be used together but it's unconventional unless you have a need.  I don't know for sure, but I think you might be trying to use DHCPv6 ranges in Dnsmasq just to get the IPv6 addresses to show up in the Leases table?

I know you said you were using RAs before, but I have some clarifying questions:

1) Were you also using ISC DHCPv6 before?  If so, do you have a specific reason or need for that? (e.g. some oddball clients that don't do SLAAC)
2) Are you OK with not having IPv6 entries in the Leases table?

Title: Re: dnsmasq and ipv6 config
Post by: muchacha_grande on December 24, 2025, 02:32:38 AM
Quote from: Patrick M. Hausen on December 24, 2025, 12:28:32 AMYou could write to LACNIC asking if there is any way to exert some pressure on ISPs who do not follow proper conventions.

I will pass from that for now.

Quote from: Patrick M. Hausen on December 24, 2025, 12:28:32 AMYes, for NAT66 you could use some GUA that you know are unused. ULA is not recommended, because happy eyeballs prioritises it after IPv4.

That's ok. It is possible because NAT66 do the translation into a routable IP. Will do that.

Thank you.
Title: Re: dnsmasq and ipv6 config
Post by: Maurice on December 24, 2025, 04:59:56 AM
Quote from: muchacha_grande on December 24, 2025, 12:18:01 AMI understand that when you say that I could chose any unused /48, you are talking about ULAs. Are you?
No, I'm talking about GUAs. ULAs are not recommended for the NAT use case.
You can use any unassigned prefix. It's a little ugly, but less ugly than using /80.
Title: Re: dnsmasq and ipv6 config
Post by: muchacha_grande on December 24, 2025, 12:06:12 PM
Thank you Maurice. Before migrating to Dnsmask I will change all interface addresses to some presumably unused GUA /64. After testing that will go on with the migration.
Title: Re: dnsmasq and ipv6 config
Post by: Monviech (Cedrik) on December 24, 2025, 12:34:48 PM
Why not give the ndp proxy a try its for this exact usecase and you dont need any other tricks.

No nat, no ulas, no unused guas...
Title: Re: dnsmasq and ipv6 config
Post by: muchacha_grande on December 24, 2025, 12:50:14 PM
Hi Monviech. I'd try ndp proxy, but how could I solve the IPv6 addresses assignment on the different VLANs? I have a single /64 IP on WAN and I need different networks with different /64 prefixes on each VLAN to be able to route between them.
Title: Re: dnsmasq and ipv6 config
Post by: Patrick M. Hausen on December 24, 2025, 12:52:05 PM
The NDP proxy does that as far as I understand. The hosts think they are all in one single network. You can still firewall on each interface based on IP address.
Title: Re: dnsmasq and ipv6 config
Post by: muchacha_grande on December 24, 2025, 01:02:36 PM
How should I configure IPv6 addresses on each VLAN interface. Should I just put fixed addresses in the same subnet?

Sorry for the dumb question, but I'm rather new on this as you may already see.
Title: Re: dnsmasq and ipv6 config
Post by: Monviech (Cedrik) on December 24, 2025, 02:12:09 PM
You just have to read the manual it explains everything. If you still have questions afterwards or something does not work I'll try to help.
Title: Re: dnsmasq and ipv6 config
Post by: muchacha_grande on December 24, 2025, 03:56:13 PM
Ok, I've read the manual. I'm going to install the proxy and configure it.

I'll report the results for the record.

Thanks.

EDIT: it will take more time than expected at first. I have various services exposed on Internet using the router address and NAT66. Have to reconfigure everything :-(
Title: Re: dnsmasq and ipv6 config
Post by: muchacha_grande on December 26, 2025, 11:46:31 PM
Finally I went with changing the local IPv6 addresses to an ULA range maintaining NAT66.

I didn't implement ndp-proxy-go yet because as soon as I started to plan the migration I realized that the amount of work to be done was too much.

My main goal was to migrate from ISC to Dnsmasq and now it's working fine with DHCPv4 and DHCPv6, RA and static entries are being assigned.

In a future instance I will implement ndp-proxy-go.

The only caveat is that static configured addresses are not resolved by Dnsmasq. So I had to add them manually in Unbound overrides.
If the device is configured to get the IP via DHCP the name resolution work with both dynamic and reserved addresses, but if the IP is fixed on the device and it doesn't get it from DHCP, the name resolution doesn't work.
With ISC-DHCP, the name resolution worked both in the cases of static IPs configured on the devices and in IPs assigned via DHCP.
Title: Re: dnsmasq and ipv6 config
Post by: OPNenthu on December 27, 2025, 02:45:27 AM
Quote from: muchacha_grande on December 26, 2025, 11:46:31 PMThe only caveat is that static configured addresses are not resolved by Dnsmasq. So I had to add them manually in Unbound overrides.
If the device is configured to get the IP via DHCP the name resolution work with both dynamic and reserved addresses, but if the IP is fixed on the device and it doesn't get it from DHCP, the name resolution doesn't work.
With ISC-DHCP, the name resolution worked both in the cases of static IPs configured on the devices and in IPs assigned via DHCP.

I'm not sure which approach is better (appreciate advice from others), but I have been adding Host entries in Dnsmasq even for statically configured ones.  They don't show up in Leases, but they do get added to DNS and I presume also marks that IP as reserved from the pool.

I make sure all the static IPs I use fall within the Dnsmasq range, which is a difference from ISC.  This can obviously leave unused IPs if your Dnsmasq pool is, for example, .100 to .254.  Then the entire range .2 to .99 is wasted.

I can think of a couple solutions:

1) Define the Dnsmasq range as .2 to .254 (.1 being for the gateway in this example)
2) Define two ranges:  192.168.1.2 - 192.168.1.99 (static pool) and 192.168.1.100 - 192.168.1.254 (DHCP pool) for the same domain

Question for @Monviech/@Maurice or others - is #2 viable and a good idea?  I haven't tested.

Title: Re: dnsmasq and ipv6 config
Post by: muchacha_grande on December 27, 2025, 01:35:01 PM
Quote from: OPNenthu on December 27, 2025, 02:45:27 AMThey don't show up in Leases, but they do get added to DNS and I presume also marks that IP as reserved from the pool.

This is what I couldn't make work. When the IPs are fixed they don't respond to DNS queries.

Will redefine my DHCP ranges better.