RA with dnsmasq

Started by stylishly, February 06, 2026, 11:12:39 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 06, 2026, 11:12:39 AM
Hi, I have just migrated to 26.1 and also moved from radvd to dnsmasq and I am a bit confused by the documentation, especially the help from Router advertisements checkbox in General tab that says:

QuoteSetting this will enable Router Advertisements for all configured DHCPv6 ranges with the managed address bits set, and the use SLAAC bit reset. To change this default, select a combination of the possible options in the individual DHCPv6 ranges. Keep in mind that this is a global option; if there are configured DHCPv6 ranges, RAs will be sent unconditionally and cannot be deactivated selectively. Setting Router Advertisement modes in DHCPv6 ranges will have no effect without this global option enabled.

The last phrase is the part I dont get as I have this option disabled and SLAAC is working just fine. This is my dnsmasq configuration
Code Select
# DO NOT EDIT THIS FILE -- OPNsense auto-generated file
#
rebind-localhost-ok
stop-dns-rebind
port=53053

# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
interface=bridge0
dhcp-fqdn
domain=<domain masked>
# This tells dnsmasq that a domain is local and it may answer queries from /etc/hosts
# or DHCP but should never forward queries on that domain to any upstream servers.
local=<domain masked>
# Never forward to servers in /etc/resolv.conf
no-resolv
# host entries flushed via dnsmasq_watcher.py [isc] and a dump of the static reservations
addn-hosts=/var/etc/dnsmasq-hosts
addn-hosts=/var/etc/dnsmasq-leases
dns-forward-max=5000
cache-size=10000
local-ttl=1
conf-dir=/usr/local/etc/dnsmasq.conf.d,*.conf
dhcp-range=tag:bridge0,10.0.10.50,10.0.10.200,255.255.255.0,86400
dhcp-range=tag:bridge0,::,constructor:bridge0,slaac,64,86400
ra-param=bridge0,60,1200
dhcp-host=<masked>,10.0.10.2,saturn
# default IPv4 DNS mapped to this server (0.0.0.0)
dhcp-option=6,0.0.0.0
# default IPv6 DNS mapped to this server (::)
dhcp-option=option6:23,[::]
no-ident

In Wireshark I can see the RA working
Code Select
ICMPv6 Option (Prefix information : <masked>:/64)
    Type: Prefix information (3)
    Length: 4 (32 bytes)
    Prefix Length: 64
    Flag: 0xc0, On-link Flag (L), Autonomous Address Configuration Flag (A)
        1... .... = On-link Flag (L): Set
        .1.. .... = Autonomous Address Configuration Flag (A): Set
        ..0. .... = Router Address Flag (R): Not set
        ...0 .... = DHCPv6-PD Preferred Flag (P): Not set
        .... 0000 = Reserved: 0
    Valid Lifetime: 7200 (2 hours)
    Preferred Lifetime: 7200 (2 hours)
    Reserved
    Prefix: <masked>:

Am I missing something? Is the RA checkbox in General required or not?
February 06, 2026, 11:48:21 AM #1
I also just upgraded and am a bit confused by the phrasing on the IPv6 changes.

"Dnsmasq is now the default for DHCPv4 and DHCPv6 as well as RA out of the box.  One thing that the upstream software cannot cover is prefix delegation so that is no longer offered by default.  Use another DHCPv6 server in this case."

I previously used Track interface and ISC was handling the DHCPv6, KEA is handling DHCPv4.

Now I switched from Track Interface (legacy) to Identity association and obviously my clients cannot get any DHCPv6.

What would be the correct way forward?
Can I keep KEA for DHCPv4 and use DNSmasq for DHCPv6?
Or should I migrate everything from KEA and use DNSmasq for both?
26.1.1 - Intel N150 4x 3.6GHz, 8GB
Cisco L3 switch OSPF + FRR
DoT, Chrony, HAProxy + NAXSI, Suricata
VPN: IPSec, OpenVPN, Wireguard
MultiWAN: 1Gbit fiber dual stack + 4G failover

--
Available for private support.
Did my answer help you? Feel free to click [applaud] to the left
February 06, 2026, 02:16:29 PM #2
I understood it as "Setting Router Advertisement modes in DHCPv6 ranges will have no effect without this global option enabled."
In the DHCP ranges for IPv6 there are several modes, e.g. SLAAC, ra-stateless etc.

Quote from: sorano on February 06, 2026, 11:48:21 AMWhat would be the correct way forward?
I added an IPv6 range like this, not sure what the default for new installs is...
February 06, 2026, 04:36:59 PM #3
Same configuration for me as well.

February 06, 2026, 04:53:00 PM #4
You can find all configuration defaults in this file.

The dnsmasq section is very simple :D


https://github.com/opnsense/core/blob/72cea55c1a8387b201b19d27e0cfafe762ba4447/src/etc/config.xml.sample#L80-L99


Hardware:
DEC740
Print
Go Up Pages1
User actions