Default AdvRDNSSLifetime and AdvDNSSLLifetime

[hugo]

The default AdvRDNSSLifetime and AdvDNSSLLifetime at this point appear to be equal to the MaxRtrAdvInterval. That seems to risk loss of RDNSS and DNSSL if a single RA is lost.

RFC 8106 5.1 (https://datatracker.ietf.org/doc/html/rfc8106#section-5.1) indicates that that the lifetime of DNS options should by default be 3x MaxRtrAdvInterval.

Is it intentional that this is currently equal to MaxRtrAdvInterval instead?

[Maurice]

By default, OPNsense doesn't configure AdvRDNSSLifetime / AdvDNSSLLifetime values at all, so radvd uses its own defaults. This should be 2*MaxRtrAdvInterval according to the radvd man page. If it isn't, then raising an issue with radvd would be preferable to adding default overrides in OPNsense, imho.

Cheers
Maurice

[hugo]

Ah, gotcha. Thx, I see that now under `/var/etc/radvd.conf`, that AdvRDNSSLifetime and AdvDNSSLLifetime are left empty / unset, not autogenerated explicitly. Thx. I will check over with radvd.

[hugo]

k, it looks like this was fixed/updated in https://github.com/radvd-project/radvd/commit/17c43bff200bbc1d4786eb917860a79db4f95c2e, with a reference to https://github.com/radvd-project/radvd/issues/143

That's in master, but currently in the v2.20_rc1 tag. So, it's not present in the current 2.19 release. in the meantime, the online published docs appear to reflect that 3*MaxRtrAdvInterval, while 2.19 still does AdvRDNSSLifetime = MaxRtrAdvInterval.

We'll just have to wait for the proper 2.20 release of radvd, from the looks of it.