Static DHCPv6 leases not registering in unbound

Started by ipanda, October 28, 2020, 01:30:38 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 28, 2020, 01:30:38 PM Last Edit: October 28, 2020, 01:45:31 PM by ipanda
Hi,

I have static IPv6 addresses assigned for some devices on the network.

Since I have a dynamic WAN IPv6 prefix, these addresses are set as, e.g. ::1. DHCPv6 automatically assigns them the IPv6 address of <WANPREFIX>::1

However, unbound DNS is only picking up the static mapping of ::1 and is returning that as the AAAA record:

Code Select
nslookup computer.mydomain.tld
Server:  OPNsense.mydomain.tld
Address:  xxxx:xxxx:xxxx:xxxx:2e0:67ff:fe1f:23f9

Name:    computer.mydomain.tld
Addresses:  ::1
          192.168.1.105

I think this is a bug in unbound. Is anyone else having the same issue?

Versions:
Versions    OPNsense 20.7.4-amd64
FreeBSD 12.1-RELEASE-p10-HBSD
OpenSSL 1.1.1h 22 Sep 2020

Regards
October 30, 2020, 12:10:24 PM #1
This issue is still ongoing after restarting unbound and dhcpv6
November 04, 2020, 03:43:46 PM #2
Is anyone else experiencing this issue? I have no reliable internal DNS resolution while this issue continues.
January 13, 2021, 05:57:00 PM #3
I just noticed yesterday that I appear to be having the same problem.

I have my internal interfaces set to "Track Interface" for IPv6.  (I'm on Comcast with DHCPv6-PD on my WAN.)  I have several static DHCPv6 leases and use the "suffix notation" (e.g. "::23") to designate the IPv6 address in their configuration.

The clients receive the correct IPv6 address via DHCPv6 (e.g., "<delegated-interface-prefix>::23") but only the suffix (e.g., "::23") is registered in Unbound as a local override.

As you point out, this makes name resolution fail for local clients.  Trying "ping6 foo" results in trying to ping "::23", not "<delegated-interface-prefix>::23".

I just recently switched to OPNsense from pfSense and this method of defining static DHCPv6 IPv6 addresses for "Track Interface" IPv6 interfaces worked in pfSense (both DHCPv6 and Unbound).  I presumed it would work the same way in OPNsense.

Do DHCPv6 static mappings work for "Track Interface" interfaces in OPNsense (20.7.7_1), or do they only work for "Static IPv6" interfaces?  As I said, I'm very new in switching over to OPNsense (having used pfSense for years), and don't know whether this has ever worked for me on OPNsense or whether it has just stopped working with a recent update.
January 13, 2021, 06:08:02 PM #4
Just to follow up on my previous posting, I do get DHCPv6 static leases appearing in Unbound (in /var/unbound/host_entries.conf)---as both local-data and local-data-ptr records, but they are incorrect: they are the literal entries set in the "DHCPv6 Static Mappings for this interface" IPv6 address (e.g., "::23") and not the expanded (full) IPv6 address that should result from prepending the "Track Interface" delegated prefix.
January 15, 2021, 01:41:42 PM #5
This is a long known issue, you can look it up on GitHub. DNS registration of static DHCPv6 mappings does not work with dynamic prefixes.

If I remember correctly, there are no plans for a fix because the core devs won't allow more entanglements between services (the DHCPv6 server and Unbound in this case). The same is true for other well-known limitations regarding dynamic prefixes (firewall rules etc.). I wouldn't expect significant improvements in this field anytime soon. It's more of a philosophical question whether properly supporting dynamic prefix scenarios is a priority. For OPNsense, the answer seems to be "no".
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
Print
Go Up Pages1
User actions