Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Default AdvRDNSSLifetime and AdvDNSSLLifetime
« previous
next »
Print
Pages: [
1
]
Author
Topic: Default AdvRDNSSLifetime and AdvDNSSLLifetime (Read 1347 times)
hugo
Newbie
Posts: 6
Karma: 0
Default AdvRDNSSLifetime and AdvDNSSLLifetime
«
on:
January 19, 2024, 05:42:09 pm »
The default AdvRDNSSLifetime and AdvDNSSLLifetime at this point appear to be
equal
to the MaxRtrAdvInterval. That seems to risk loss of RDNSS and DNSSL if a single RA is lost.
RFC 8106 5.1 (
https://datatracker.ietf.org/doc/html/rfc8106#section-5.1
) indicates that that the lifetime of DNS options should by default be 3x MaxRtrAdvInterval.
Is it intentional that this is currently equal to MaxRtrAdvInterval instead?
Logged
Maurice
Hero Member
Posts: 1173
Karma: 147
Re: Default AdvRDNSSLifetime and AdvDNSSLLifetime
«
Reply #1 on:
January 19, 2024, 07:05:56 pm »
By default, OPNsense doesn't configure AdvRDNSSLifetime / AdvDNSSLLifetime values at all, so radvd uses its own defaults. This should be 2*MaxRtrAdvInterval according to the
radvd man page
. If it isn't, then raising an issue with radvd would be preferable to adding default overrides in OPNsense, imho.
Cheers
Maurice
Logged
OPNsense virtual machine images
OPNsense aarch64 firmware repository
Available for commercial support & engineering (de / en). PM for details.
hugo
Newbie
Posts: 6
Karma: 0
Re: Default AdvRDNSSLifetime and AdvDNSSLLifetime
«
Reply #2 on:
January 19, 2024, 07:13:00 pm »
Ah, gotcha. Thx, I see that now under `/var/etc/radvd.conf`, that AdvRDNSSLifetime and AdvDNSSLLifetime are left empty / unset, not autogenerated explicitly. Thx. I will check over with radvd.
Logged
hugo
Newbie
Posts: 6
Karma: 0
Re: Default AdvRDNSSLifetime and AdvDNSSLLifetime
«
Reply #3 on:
January 19, 2024, 07:24:59 pm »
k, it looks like this was fixed/updated in
https://github.com/radvd-project/radvd/commit/17c43bff200bbc1d4786eb917860a79db4f95c2e
, with a reference to
https://github.com/radvd-project/radvd/issues/143
That's in master, but currently in the v2.20_rc1 tag. So, it's not present in the current 2.19 release. in the meantime, the online published docs appear to reflect that 3*MaxRtrAdvInterval, while 2.19 still does AdvRDNSSLifetime = MaxRtrAdvInterval.
We'll just have to wait for the proper 2.20 release of radvd, from the looks of it.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
Default AdvRDNSSLifetime and AdvDNSSLLifetime