Migrating from ISC to Dnsmasq

[fbantgat7]

Hi All,

I am trying to migrate from ISC DHCPv4 and DHCPv6 to Dnsmasq,  with only partial success so far.  I have followed the docs and example provided, but my understanding of Dnsmasq is rather poor and consequently the result is only partly working as intended.

1. When SIP phones are set with their own static IPv4 (no DHCPv4 solicitation) and also configured to obtain a stateful DHCPv6 address from the router, plus SLAAC, they fail to obtain an IPv6 address:

https://service.snom.com/display/wiki/HowTo+-+Networking+-+IPv6

The logs show a sequence of DHCPSOLICIT from the phones and DHCPADVERTISE from the router's interface, but eventually they time out and do not obtain any IPv6 address whatsoever.  Interestingly, other hosts receive IPv6 stateful addresses off the same router NIC, so far it is only the phones which fail to do so.  The ISC DHCPv6 had no problem serving the phones with an address from within the IPv6 range allocated to the router's NIC.

I still have Services > Router Advertisements enabled, rather than the Dnsmasq > General > Router advertisements, which is left disabled.  I understand this is the recommended approach, have I got this wrong?  Is there anything else I need to configure to have Dnsmasq working with IPv6 as ICS is able to do?

2. LAN clients receive the configured Dnsmasq host 'name.internal' as set in  Services > Dnsmasq > Hosts, but nslookup fails to resolve local domain names returning NXDOMAIN, while reverse lookups against the host's IP address return correctly the host name.  What could have I missed or misconfigured?

Grateful for any pointers.

[fbantgat7]

A quick update on progress.

I had another go at configuring Dnsmasq.  DHCPv4 just works^(TM).  DHCPv6 does not work with the phones, but works with PCs.  There seems to be an issue related to the current phone firmware, which solicits via DHCPv6 an IPv6 address only at phone boot time and does not seek to renew it thereafter.  For some reason, the phones do not pick up an IPv6 address on this initial transaction with Dnsmasq and they end up with no IPv6 address at all - unless I have configured their firmware to use SLAAC.  I have set radvd to 'Assisted' and works fine with ISC and KEA.  I have not tried to configure RA on Dnsmasq itself.  I rebooted the phones with ISC DHCPv6 enabled (Dnsmasq disabled) in order for them to obtain an IPv6 address, then disabled ISC and enabled Dnsmasq to see what happens.  The Dnsmasq DHCPv6 does not recognise the IPv6 already allocated to the phones and continues to advertise different IPv6 addresses to them non-stop once a second flooding the logs.

The resolving of local domain names with Dnsmasq has been a hit & miss affair.  When I connect a host with a reserved IP address to the router, it obtains its address and its local domain name can then be resolved.  A few hours later I get NXDOMAIN responses from the router on port 53, while it resolves successfully the host's name on port 53053.  Restarting unbound didn't fix it.  This is not a major issue for my simple use case with less than two dozen hosts at any time and LAN servers/printers having reserved addresses anyway.  Perhaps setting lease renewal in more frequent intervals would address this local DNS issue, but given the above I decided to move on from Dnsmasq for now.

I then tried to set up KEA DHCPv4 and DHCPv6 with no DNS for local addresses. This was overall an easier and quicker setup than Dnsmasq for me.  DHCPv4 works reliably, leases are renewed regularly and more frequently than Dnsmasq.  KEA DHCPv6 has no problem allocating IPv6 addresses to the phones when they boot and extending their leases (every 20 minutes) on the same IPv6 addresses they obtained initially without fuss.

The only thing which caused some concern was the GUI table with all KEA DHCPv6 leases showed the phones' interface as WAN, instead of OPT1.  See attached screenshot, the top 4 entries show the phones connected on OPT1 NIC, but the GUI shows WAN interface instead.  Is this a parsing error, or something more critical?  After I rebooted the router the problem was gone.

PS. I removed some of the addresses to retain privacy.

[meyergru]

DHCPv6 works only for some clients - and sometimes, it is only being used to fetch DNS info, not IPs nor routes. What it is used for depends also on the RA mode.

Take a look at this for a more in-depth explanation and a remedy.

And before you ask: I do not use DNSmasqs RA mode (I do not use DNSmasq at all, but Kea), but the normal RA daemon.

[fbantgat7]

DHCPv6 works only for some clients - and sometimes, it is only being used to fetch DNS info, not IPs nor routes.

I was only testing Dnsmasq local address resolution for IPv4 - I had no IPv6 reserved addresses configured, only subnets for PD.  The DUID and/or MAC address of the client did not prove effective to allow local address resolution for IPv6 at all and for IPv4 it only worked some times.

Take a look at this for a more in-depth explanation and a remedy.

When I click on your link I don't arrive at the correct page.

[meyergru]

The inability to use DHCPv6 for some clients is independent of static reservations and DUIDs are even a different story. I fixed the link.

[fbantgat7]

I fixed the link.

Thank you for sharing your hard work.  Amazing write up!  :D

I have a permanent 48 and a different 64, from which I have allocated PDs/subnets to two separate LANs.  The LAN NICs are configured with a corresponding static 64 each.  I don't host public services, so some of your good advice won't be applicable to my setup.  Thanks again.

Any idea why on the KEA leases table GUI, IPv6 addresses leased to LAN devices showed up as belonging to the WAN interface until I rebooted the router?

Other than this little glitch, the KEA DHCPv4 and v6 services are both working faultlessly so far.

[meyergru]

No good idea, apart from a prefix disambiguation glitch.