Router advertisements via dnsmasq

Started by wallaby501, August 18, 2025, 10:10:32 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 18, 2025, 10:10:32 PM
I am planning out my migrations from ISC DHCP to dnsmasq as my install shouldn't need all the bells and whistles of Kea.

The question I am running into is what the 1:1 match is for router advertisement modes from the old ISC implementation (Services-Router Advertisements) to dnsmasq (dnsmasq-DHCP Ranges-RA mode). Hoping this also serves as a clarifying post for people who come after me (I searched and didn't find what I needed.

dnsmasq

```
ra-only tells dnsmasq to offer Router Advertisement only on this subnet, and not DHCP.

slaac tells dnsmasq to offer Router Advertisement on this subnet and to set the A bit in the router advertisement, so that the client will use SLAAC addresses. When used with a DHCP range or static DHCP address this results in the client having both a DHCP-assigned and a SLAAC address.

ra-stateless sends router advertisements with the O and A bits set, and provides a stateless DHCP service. The client will use a SLAAC address, and use DHCP for other configuration information.

ra-names enables a mode which gives DNS names to dual-stack hosts which do SLAAC for IPv6. Dnsmasq uses the host's IPv4 lease to derive the name, network segment and MAC address and assumes that the host will also have an IPv6 address calculated using the SLAAC algorithm, on the same network segment. The address is pinged, and if a reply is received, an AAAA record is added to the DNS for this IPv6 address. Note that this is only happens for directly-connected networks, (not one doing DHCP via a relay) and it will not work if a host is using privacy extensions. ra-names can be combined with ra-stateless and slaac.

ra-advrouter enables a mode where router address(es) rather than prefix(es) are included in the advertisements. This is described in RFC-3775 section 7.2 and is used in mobile IPv6. In this mode the interval option is also included, as described in RFC-3775 section 7.3.

off-link tells dnsmasq to advertise the prefix without the on-link (aka L) bit set.
```

So I am wondering if my translation is right as I am using unmanaged currently on ISC-

(dnsmasq / ISC )
- ra-only = unmanaged (will basically serve DNS servers but clients use SLAAC for addressing)
- slaac = assisted
- ra-stateless = stateless DHCP
- ra-names = NA - seems an additional option you can use with slaac to resolve names for both v4 and v6 addresses on the same network
- ra-advrouter = router only?
- off-link = or this is router only?

I'm mainly interested for my use case in unmanaged. What this did for me in ISC was
- SLAAC addresses
- doled out DNS servers
- doled out a ULA prefix for clients

I didn't need dhcpv6 and it properly allowed clients to use ipv6 DNS which did ad blocking, etc. via unbound. Looking to replicate the same for dnsmasq. Apologies for formatting. I am trying to see about doing it a little cleaner.
August 19, 2025, 01:50:55 AM #1 Last Edit: August 19, 2025, 01:53:22 AM by wallaby501
Perhaps I should've read the opnsense config examples a bit more but now it's still a bit odd-

ra-stateless will generate ONLY a slaac address but slaac will receive a dhcpv6 address as well...

Honestly would volunteer to update the docs if I can figure out what option goes with what. I think it would make it a bit easier for people migrating. I just don't know what goes to what yet. :)
August 19, 2025, 05:58:53 AM #2
Hardware:
DEC740
August 20, 2025, 04:33:17 PM #3
Woof- I love the new (to me) docs with the tabs but man, I should've looked way closer and have seen that. Thank you.

For me I suppose ra-stateless would be the best for me. Thanks again.
August 20, 2025, 04:43:10 PM #4
NP, glad the docs could help :)
Hardware:
DEC740
Print
Go Up Pages1
User actions