[SOLVED] IPv6 hosts registered in DNS with the domain of the last DHCP6 range added

[RutgerDiehard]

I've spent a lot of time following the docs to set up ISP IPv6 PD + dnsmasq + DHCP6 which has been successful apart from one issue. All IPv6 hosts are registered in dnsmasq as host.home.arpa rather than the domain name that's listed in the DHCP6 range in dnsmasq.

I know there's been a lot of dicussions on dnsmasq recently and some fixes have been created for other issues. Is this a known issue or is it something new?

I can provide further information on setup if required.

[RutgerDiehard]

I've made some changes to my current configuration - basically, I'm rolling out IPV6 to additional VLANs within my environment - and I've noticed some strange behavior with DNS registrations. I had hoped that this was a known issue but as my first post had no responses, I thought it may have been an error in my configuration.

So I've been back through the configuration to make sure I've not made any mistakes.

My configuration is as follows:

Adguard home running on DNS port 53
dnsmasq running on 53053
Unbound running on 65353

Adguard home is configured to send all queries to 127.0.0.1:65353. It also uses 127.0.0.1:65353 for Private Reverse DNS Servers with "Use private reverse DNS servers" and "Enable reverse resolving of clients' IP addresses" ticked.

Unbound has query forwarding for all internal domains and in-addr.arpa/ip6.arpa sent to 127.0.0.1:53053 with external resolvers using DoT to Google/Cloudflare.

With this configuration, everything works. Adguard home shows correct host names in its console, reports in OPNsense (traffic and Insights) show correct hostnames and Zenarmor reporting/live sessions show correct hostnames also.

I have a ::/56 prefix from my ISP which I have created multiple /64 ranges. For each range, I have created a static IPV6 address and assigned it to the interface I want to provide IPV6 addresses on. I then create a DHCP6 range in dnsmasq with the correct interface, start address within the range and end address. No constructor and a prefix length of 64. RA mode as default and use domain of domain.internal.

When I enable Router Announcements in dnsmaq and reset my network adapter, I get an IPV6 IP from the correct range and all external IPV6 test sites work correctly. At this point reverse DNS for hostname (host.domain.internal) resolution works successfully.

Then I add a new IPV6 address to another interface and create a new DHCP6 range for this interface with a new domain - domain2.internal, I then add a device to the new VLAN and it correctly gets a new IPV6 address from the correct range. I check in Adguard home, OPNsense, or manually run an nslookup for the IPV6 address, the reverse DNS is also correct for the new range.

However, If i reset the adapter of the first device - host.domain.internal - that sits in the first domain, it picks up the correct IPV6 address but its DNS name is registered as host.domain2.internal. This is shown whether I check Adguard Home console or use nslookup.

Interestingly, OPNsense Reporting -> Traffic -> Top Talkers does not resolve an IPV6 address to a hostname but it will for an IPV4 address.

So, has anyone seen this before? Is there anything I can check or test to see where this is going wrong?

I've used static IPV6 addresses in this example but I've also followed the instructions and used tracked WAN address and constructors in the DHCP6 ranges; the result is the same.

[RutgerDiehard]

Stumbled across another thread with similar sounding symptoms which has been fixed by an update here https://github.com/opnsense/core/issues/8797

I applied the fix, removed a device from a network and connected to another. Then reconnected the device back to the original network. Now when I check Adguard Home/nslookup the host has the correct DNS name.