Proxy-ND causes incorrect DNS server selection

openwrt / odhcpd

This repository is a mirror of https://git.openwrt.org/?p=project/odhcpd.git. Pull requests will be accepted which will be merged in odhcpd.git

GNU General Public License v2.0

161 stars 98 forks source link

Proxy-ND causes incorrect DNS server selection #47

Closed jech closed 9 years ago

jech commented 9 years ago

Happy to have native IPv6 again, now that proxy-ND works.

The one issue I've noticed is that now I have an inconsistent DNS configuration. DHCPv4 points at the OpenWRT box:

$ cat /var/run/resolvconf/interface/wlan0.dhcp 
nameserver 192.168.2.1

while RAs point at the ISP's name servers:

$ cat /var/run/resolvconf/interface/wlan0.ra 
nameserver 2a01:e00::2
nameserver 2a01:e00::1

This, of course, causes the .lan domain to behave erratically.

I think the solution would be to act a little more as an RA client and server, i.e. to run distinct instances of the RA protocol on the master and slave sides. I'm not sure if doing that would cause any issues.

sbyx commented 9 years ago

You should be able to set: list dns fd00::... To override the dns and set it to your router

sbyx commented 9 years ago

On the lan interface in /etc/config/dhcp that is

jech commented 9 years ago

You should be able to set: list dns fd00::... To override the dns and set it to your router

Ah, cool. Shouldn't this be done automatically?

Btw, I'm unable to reach my router on its WAN interface over IPv6.

jech commented 9 years ago

Btw, I'm unable to reach my router on its WAN interface over IPv6.

Only intermittently, when the sender is not in the router's neighbour table.

The symptoms are that the router is sending NDs for the sender over the master interface, and nothing over the slaves.

Please let me know if you want me to file a separate ticket with tcpdump traces.

-- Juliusz

sbyx commented 9 years ago

I just reintroduced address replication (i.e. slave interfaces getting addresses of master). With that you should be able to disable the relay for ra and dhcpv6 and actually just use: option ra master option dhcpv6 master on the lan interface.

Care should be taken if you have multiple (on each side) stateful DHCPv6 servers though since they might clash in pools.

jech commented 9 years ago

I just reintroduced address replication (i.e. slave interfaces getting addresses of master).

Excellent idea, much cleaner than proxying.

With that you should be able to disable the relay for ra and dhcpv6 and actually just use: option ra master option dhcpv6 master on the lan interface.

Will that work with multiple slaves?

Care should be taken if you have multiple (on each side) stateful DHCPv6 servers though since they might clash in pools.

What do you mean? Do I need to disable "option dhcpv6 master" on all but one slave interface?

sbyx commented 9 years ago

If there is a DHCPv6 on master you might leave dhcpv6 to relay. Optionally option ra_management 0 (equals A=1, M=0) on all slaves might be relatively save, so clients will not use stateful dhcpv6 usually.

in general the whole relaying stuff is still a hack.

jech commented 9 years ago

Solved with

option ra server
option ndp relay

Thanks, Steven.