dnsmasq not listening on track6 interface after WAN IPv6 change (since 22.7)

sbellon · August 21, 2022, 08:39:36 AM

Hi all,

I've recently updated my OPNsense from 22.1.10 to 22.7.2 and noticed one regression that I haven't been able to solve yet.

I'm on a German Telekom VDSL dual IP stack via PPPoE where LAN has a static IPv4 with DHCPv4 and track6 for IPv6 with DHCPv6 also enabled.

The LAN interface on the OPNsense looks like:

Code Select


igb1: ...
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        inet6 fe80::xxxx%igb1 prefixlen 64 scopeid 0x2
        inet6 2003:de:yyyy prefixlen 64

On the OPNsense, after an WAN IP renewal, I get the following behaviour:

Code Select


root@opnsense:~ # host www.google.com 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases: 

www.google.com has address 172.217.16.164
www.google.com has IPv6 address 2a00:1450:4016:80c::2004


root@opnsense:~ # host www.google.com ::1
Using domain server:
Name: ::1
Address: ::1#53
Aliases: 

www.google.com has address 172.217.16.164
www.google.com has IPv6 address 2a00:1450:4016:80c::2004


root@opnsense:~ # host www.google.com 192.168.1.1
Using domain server:
Name: 192.168.1.1
Address: 192.168.1.1#53
Aliases: 

www.google.com has address 172.217.16.164
www.google.com has IPv6 address 2a00:1450:4016:80c::2004


root@opnsense:~ # host www.google.com 2003:de:yyyy
;; connection timed out; no servers could be reached

As you can see, dnsmasq is working for all but the LAN's IPv6 address. Only after a restart of the dnsmasq service, I also get it running on the IPv6 address:

Code Select


root@opnsense:~ # host www.google.com 2003:de:yyyy
Using domain server:
Name: 2003:de:f724:b400:2a1:ecff:fe68:f1c0
Address: 2003:de:f724:b400:2a1:ecff:fe68:f1c0#53
Aliases: 

www.google.com has address 172.217.16.164
www.google.com has IPv6 address 2a00:1450:4016:80c::2004

1) Is this a know issue or a configuration problem of my setup?

2) If so, how can I fix it?

Greetings,
Stefan

sbellon · August 23, 2022, 08:47:12 AM

Nobody any idea?

This is really annoying as each morning (after the nightly forced disconnection) I have to manually restart dnsmasq in order to not have degraded DNS lookup in the network.

Alternatively: Is there a way to configure DHCP to only hand out the IPv4 of the OPNsense as nameserver and not also the IPv6 (where dnsmasq stopped listening)?

franco · August 23, 2022, 02:38:48 PM

This could be an (intentional) side effect from https://github.com/opnsense/core/commit/7aaa6a263b1351 added to 22.7.1.

DNSmasq never had a good handling of this but it's possible to add it to the right spot if you can confirm the suspicion.

Cheers,
Franco

sbellon · August 23, 2022, 03:20:44 PM

How would I confirm your suspicion? Using some "opnsense-patch 7aaa6a263b1351" or similar (which I've never done before) and then waiting?

franco · August 23, 2022, 04:40:37 PM

Yes. opnsense-patch either removes or adds the patch depending on the previous state. On 22.7.2 the patch is present and running the command removes it.

Cheers,
Franco

sbellon · August 23, 2022, 05:44:22 PM

Ok, done ("All patches have been applied successfully. Have a nice day.").

Do I have to restart some services for the changes to take effect?

franco · August 23, 2022, 08:51:37 PM

The theory is that DHCP(v6) calling /usr/local/etc/rc.newwanip(v6) will restart Dnsmasq. You don't have to do anything else other than wait and verify.

Cheers,
Franco

sbellon · August 29, 2022, 07:43:32 AM

I just wanted to report back that applying this patch did not fix the issue. After an IPv6 renewal on the track6 LAN interface, dnsmasq still does not listen until I restart it, even with the patch applied.

Any other ideas?

And: Should I revert the patch (or does it not make future updates problematic)?

franco · August 29, 2022, 11:22:32 AM

Next firmware update will remove the patch(es) and in this case it's not critical to leave it.

How about this then? https://github.com/opnsense/core/commit/87b3d351a

# opnsense-patch 87b3d351a

Cheers,
Franco

sbellon · August 29, 2022, 11:31:41 AM

Ok, this seems to have worked now. :-)

After a manually forced PPPoE reload via Interfaces -> Overview the IPv6 address changed and dnsmasq is successfully listening on the new one.

I'll keep watching whether it also works for nightly forced disconnects (but I assume so).

franco · August 29, 2022, 11:33:43 AM

Should be good, but please report back in any case :)

Cheers,
Franco

sbellon · September 06, 2022, 08:49:36 AM

Reporting back that I had a forced disconnect tonight, LAN track6 interface got new IPv6 and dnsmasq started to listen on it as well, so with

Code Select


opnsense-patch 7aaa6a263b1351
opnsense-patch 87b3d351a

on top of 22.7.3 it works for me. Would be happy if that could somehow go into future releases.

franco · September 06, 2022, 09:11:46 AM

It's been queued up for 22.7.4. Thanks for following up :)

Cheers,
Franco

dnsmasq not listening on track6 interface after WAN IPv6 change (since 22.7)

sbellon

August 21, 2022, 08:39:36 AM Last Edit: August 21, 2022, 08:56:55 AM by sbellon

sbellon

August 23, 2022, 08:47:12 AM #1

franco

August 23, 2022, 02:38:48 PM #2 Last Edit: August 23, 2022, 02:43:27 PM by franco

sbellon

August 23, 2022, 03:20:44 PM #3

franco

August 23, 2022, 04:40:37 PM #4

sbellon

August 23, 2022, 05:44:22 PM #5

franco

August 23, 2022, 08:51:37 PM #6

sbellon

August 29, 2022, 07:43:32 AM #7

franco

August 29, 2022, 11:22:32 AM #8

sbellon

August 29, 2022, 11:31:41 AM #9

franco

August 29, 2022, 11:33:43 AM #10

sbellon

September 06, 2022, 08:49:36 AM #11

franco

September 06, 2022, 09:11:46 AM #12