dnsmasq not listening on track6 interface after WAN IPv6 change (since 22.7)

[sbellon]

Hi all,

I've recently updated my OPNsense from 22.1.10 to 22.7.2 and noticed one regression that I haven't been able to solve yet.

I'm on a German Telekom VDSL dual IP stack via PPPoE where LAN has a static IPv4 with DHCPv4 and track6 for IPv6 with DHCPv6 also enabled.

The LAN interface on the OPNsense looks like:

Code: [Select]

igb1: ...
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        inet6 fe80::xxxx%igb1 prefixlen 64 scopeid 0x2
        inet6 2003:de:yyyy prefixlen 64

On the OPNsense, after an WAN IP renewal, I get the following behaviour:

Code: [Select]

root@opnsense:~ # host www.google.com 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

www.google.com has address 172.217.16.164
www.google.com has IPv6 address 2a00:1450:4016:80c::2004


root@opnsense:~ # host www.google.com ::1
Using domain server:
Name: ::1
Address: ::1#53
Aliases:

www.google.com has address 172.217.16.164
www.google.com has IPv6 address 2a00:1450:4016:80c::2004


root@opnsense:~ # host www.google.com 192.168.1.1
Using domain server:
Name: 192.168.1.1
Address: 192.168.1.1#53
Aliases:

www.google.com has address 172.217.16.164
www.google.com has IPv6 address 2a00:1450:4016:80c::2004


root@opnsense:~ # host www.google.com 2003:de:yyyy
;; connection timed out; no servers could be reached

As you can see, dnsmasq is working for all but the LAN's IPv6 address. Only after a restart of the dnsmasq service, I also get it running on the IPv6 address:

Code: [Select]

root@opnsense:~ # host www.google.com 2003:de:yyyy
Using domain server:
Name: 2003:de:f724:b400:2a1:ecff:fe68:f1c0
Address: 2003:de:f724:b400:2a1:ecff:fe68:f1c0#53
Aliases:

www.google.com has address 172.217.16.164
www.google.com has IPv6 address 2a00:1450:4016:80c::2004

1) Is this a know issue or a configuration problem of my setup?

2) If so, how can I fix it?

Greetings,
Stefan

[sbellon]

Nobody any idea?

This is really annoying as each morning (after the nightly forced disconnection) I have to manually restart dnsmasq in order to not have degraded DNS lookup in the network.

Alternatively: Is there a way to configure DHCP to only hand out the IPv4 of the OPNsense as nameserver and not also the IPv6 (where dnsmasq stopped listening)?

[franco]

This could be an (intentional) side effect from https://github.com/opnsense/core/commit/7aaa6a263b1351 added to 22.7.1.

DNSmasq never had a good handling of this but it's possible to add it to the right spot if you can confirm the suspicion.


Cheers,
Franco

[sbellon]

How would I confirm your suspicion? Using some "opnsense-patch 7aaa6a263b1351" or similar (which I've never done before) and then waiting?

[franco]

Yes. opnsense-patch either removes or adds the patch depending on the previous state. On 22.7.2 the patch is present and running the command removes it.


Cheers,
Franco

[sbellon]

Ok, done ("All patches have been applied successfully.  Have a nice day.").

Do I have to restart some services for the changes to take effect?

[franco]

The theory is that DHCP(v6) calling /usr/local/etc/rc.newwanip(v6) will restart Dnsmasq. You don't have to do anything else other than wait and verify.


Cheers,
Franco

[sbellon]

I just wanted to report back that applying this patch did not fix the issue. After an IPv6 renewal on the track6 LAN interface, dnsmasq still does not listen until I restart it, even with the patch applied.

Any other ideas?

And: Should I revert the patch (or does it not make future updates problematic)?

[franco]

Next firmware update will remove the patch(es) and in this case it's not critical to leave it.

How about this then? https://github.com/opnsense/core/commit/87b3d351a

# opnsense-patch 87b3d351a


Cheers,
Franco

[sbellon]

Ok, this seems to have worked now. :-)

After a manually forced PPPoE reload via Interfaces -> Overview the IPv6 address changed and dnsmasq is successfully listening on the new one.

I'll keep watching whether it also works for nightly forced disconnects (but I assume so).

[franco]

Should be good, but please report back in any case


Cheers,
Franco

[sbellon]

Reporting back that I had a forced disconnect tonight, LAN track6 interface got new IPv6 and dnsmasq started to listen on it as well, so with

Code: [Select]

opnsense-patch 7aaa6a263b1351
opnsense-patch 87b3d351a
on top of 22.7.3 it works for me. Would be happy if that could somehow go into future releases.

[franco]

It's been queued up for 22.7.4. Thanks for following up


Cheers,
Franco