[SOLVED] Dnsmasq: IPv6 lease registered under the wrong domain

[olmo1501]

Hi there,

I just raised an issue on Github on this one but wanted to see if anybody is also running into this issue:

Over the past days I migrated from ISC DHCP to Dnsmasq. My setup consists of multiple VLANs, each of them using a unique domain i.e. something like

Code Select Expand

intern.domain.de and

Code Select Expand

iot.domain.deWith the first one being the system-/ default.domain. While this is working perfectly fine for IPv4 it is not working as expected for IPv6. All A-Records created by Dnsmasq are within the correct domain whereas all AAAA-Records are within the default-domain.

Assign IPv4 and IPv6 configuration via Dnsmasq
Query a host on the default-domain

Code Select Expand

olli@MacBook-Olli ~ % nslookup -type=Any monitoring.intern.domain.de
Server: 2a02:8071:<snip>
Address: 2a02:8071:<snip>#53

Non-authoritative answer:
Name: monitoring.intern.domain.de
Address: 192.168.241.4
monitoring.intern.domain.de has AAAA address 2a02:8071:<snip>
Now do this with a host on one of the other domains:

Code Select Expand

olli@MacBook-Olli ~ % nslookup -type=Any pv.iot.domain.de
Server: 2a02:8071:<snip>
Address: 2a02:8071:<snip>#53

Non-authoritative answer:
Name: pv.iot.domain.de
Address: 192.168.51.20
As you can see, there's just an A-record, the AAAA ist missing. But interestingly:

Code Select Expand

olli@MacBook-Olli ~ % nslookup -type=Any pv.intern.domain.de
Server: 2a02:8071:<snip>
Address: 2a02:8071:<snip>#53

Non-authoritative answer:
Name: pv.intern.domain.de
pv.intern.domain.de has AAAA address 2a02:8071:<snip>
As you can tell the AAAA-Record is being registered with the default-domain instead of the domain assigned to the VLAN. With ISC DHCP this has been working flawlessly

I have found older issues regarding Dnsmasq only supporting one domain but all of them said this had been fixed. But obviously only for IPv4

Is there anything that can be done about this as reverting back to ISC does not seem to be like an option? Am i missing out on something?

[olmo1501]

If anybody is interested: this has been fixed in https://github.com/opnsense/core/issues/8797

The patch is scheduled to be released with version 25.7.

Thanks a lot to the team for the immediate feedback and fix.

[Monviech (Cedrik)]

Thanks again for testing.

In hindsight it makes sense that an IPv6 domain with partial IPv6 addresses as range will not catch anything.

If a constructor is used the domain must be set on an interface so it can also catch dynamic addressing.

[RutgerDiehard]

Sounds like this may also apply to my issue here https://forum.opnsense.org/index.php?topic=47488.0

Is it worth trying the patch to see?

[Monviech (Cedrik)]

Yes please try it out if you think it fixes your issue.

[RutgerDiehard]

Looks like this fixes the issue I'm experiencing!

I do have to connect to a new network, then change back to the original for DNS to reflect the correct host.domain name. Simply resetting the network adapter does not work.

Is there a way of removing all current hosts registered via DHCP6 so when they renew their addresses, they will automatically register the correct domain?

[Monviech (Cedrik)]

If you dont mind your network potentially running havoc, you could delete /var/db/dnsmasq.leases

Though be careful, as duplicate IP addresses could happen.

Best wait for the normal Lease timeouts over time.

[olmo1501]

Is there a way of removing all current hosts registered via DHCP6 so when they renew their addresses, they will automatically register the correct domain?

In my case a simple

Code Select Expand

dhclient -6 -r
 followed by a

Code Select Expand

dhclient -6
was sufficient (expand with -v if you like to have more verbosity). So i would expect that just waiting for the lease to expire and be renewed by the client should sort that out.