Messages

This sounds like stale RA lifetimes rather than dnsmasq itself, clients keep old prefixes until they expire. Have you checked if your RA settings properly deprecate old prefixes or tried lowering valid/preferred lifetimes?

Dnsmasq should deprecate old prefixes automatically if I use it for the RAs, when set up new, or? But it doesn't. All machines accumulate and try to use these prefixes until their lifetime is up (that was 84600 secs (unconfigured). I set these down to 7200 seconds, but these have still to time out the full lifetime until they are not (erronoeusly) used anymore.

And if I restart my OpnSense Router with dnsmasq set up three times, I get a new set of three "valid" IPv6 addresses on each machine, although the prefixes are deprecated, which are all tried to be used despite being deprecated. I haven't tested but it's also possible that these deprecated addresses are renewed once the lifetime is up despite being deprecated. I'm not sure what's wrong with dnsmasq but it doesn't deprecate old prefixes, it seems. Not sure what settings are wrong.

In the meantime I've gone back to the old, original RA service in the router by completely rolling back my settings from backup. So now I'm using the original RA service with th the old ISC DHCP server and the problems are gone for now. But I really want to use dnsmasq for its advantages in future (together with unbound), because it completely resolves also dynamic IPv6 addresses (DNS) for dhcp(v6), dns and RAs. But if it stays this way, there's no way for me to use dnsmasq.

I would be really thankful, if someone could point out which settings I have to apply to correctly deprecates old prefixes and what could be wrong.

Thank you,
fab

Hello dear forum. I'm trying to migrate to the new dnsmasq DNS/DHCP server at the moment. But I have a strange problem, that if upstream [WAN] changes the delegated /56 prefix (when restarting the router for example), my WHOLE network accumulates these new addresses without invalidating the old defunct IPv6 addresses and the servers and workstations still try to use these invalid addresses, which of course ends with an error. And I can't test this without completely restarting my router. I still haven't found an option to trigger this dnsmasq functionality without restarting my router (sorry for being such a noob). It worked flawlessly with the old ISC dhcp server, and the old addresses were invalidated properly. I'm really frustrated, because I have no idea why this is happening. The only thing I can do if upstream [WLAN] disconnects (through a reboot of OpnSense), is restart all my servers and workstations, to get a good set of IPv6 addresses until [WLAN] goes down again.

And there's another problem (which many people seem to have according to google). On some machines there are still "valid" IPv6 addresses which have a lifetime of 24h and I can't get rid of them.

I can't give much of logs (there aren't many informative messages anyway), but I hope someone can help me anyway. But please be a little patient, I'm not dumb, but this kind of problem is completely new to me and IPv6 is really complicated. On one side I want the new functionality (if it worked) and on the other side my old setup with ISC dhcp worked as expected (I have 7 VLANs which worked flawlessly).

Thanks alot,
fab

Jo, das hab ich jetzt rausbekommen mit unbound und dnsmasq und local name queries.

Jetzt hab ich ein anderes Problem. Wenn ich meinen Router neu starte und ein neues /56 Prefix bekomme, wird die preferred_lft (lifetime) bzw. die valid_lft nicht auf 0 gesetzt, sodass meine Rechner und Server mehrere IPv6 haben und einige ungültige, die aber noch zu benutzen versucht werden. Hab meine Schnittstellen auf "SLAAC" und "RA-Names" stehen. Das Einzige was dann hilft, ist ein Neustart aller Rechner und Server.

Kann mir jemand sagen, was da nicht stimmt?

Hallo liebes Forum,

wie kann ich meine unbound Blocklists (DNSBL) mit dem neuen dnsmasq nutzen, dass ja jetzt ISC DHCP ersetzen soll? Ich weiß, dass die Frage sehr allgemein ist und wahrscheinlich nicht leicht zu beantworten.

Aber vielleicht gibt es eine Möglichkeit, meine Blocklists in eine "hosts" Datei zu exportieren und regelmäßig upzudaten? Das ist echt ein Feature, dass ich vermissen werde, wenn ich von unbound zu dnsmasq wechseln soll. dnsmasq ist zwar besser (glaub ich jedenfalls), dynamische IPv6 Adressen aufzulösen, was mir sehr zu Gute kommen würde, aber ich möchte nicht noch zusätzlich ein PiHole oder ähnliches betreiben.

Was für Möglichkeiten habe ich?

Vielen Dank,
fab