<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>
</p>
<div class="moz-text-flowed" style="font-family: -moz-fixed;
font-size: 13px;" lang="x-unicode">Hello all,
<br>
<br>
I have a problem that my DHCPv6 DDNS update which works reliably
with IPv4 doesn't work at all when we implemented
<br>
the dual-stack operation. There is not even a warning, notice or
error in the log. No syntax errors in the config
/etc/dhcp/dhcpd6.conf file.
<br>
<br>
We are running Debian 10 Buster server with BIND 9.16.27 and ISC
DHCPd 4.4.1
<br>
<br>
root@domac:# dpkg -l ...
<br>
Desired=Unknown/Install/Remove/Purge/Hold
<br>
|
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend<br>
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
<br>
||/ Name Version Architecture
Description
<br>
+++-==============-===========================-============-=================================
<br>
ii bind9 1:9.16.27-1~deb11u1~bpo10+1 amd64 Internet
Domain Name Server
<br>
ii isc-dhcp-server 4.4.1-2+deb10u1 amd64 ISC DHCP server
for automatic IP address assignment
<br>
<br>
Here is a typical example of DHCPv6 transactions found in the log:
<br>
<br>
Jun 7 16:53:27 domac dhcpd[2971]: Solicit message from
fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00
<br>
Jun 7 16:53:27 domac dhcpd[2971]: Picking pool address
2001:b68:2:2800::10:1208
<br>
Jun 7 16:53:27 domac dhcpd[2971]: Advertise NA: address
2001:b68:2:2800::10:1208 to client with duid
00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid
for 3600 seconds
<br>
Jun 7 16:53:27 domac dhcpd[2971]: Sending Advertise to
fe80::8aad:43ff:fefa:3f96 port 546
<br>
Jun 7 16:53:27 domac dhcpd[2971]: Solicit message from
fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00
<br>
Jun 7 16:53:27 domac dhcpd[2971]: Picking pool address
2001:b68:2:2800::10:1208
<br>
Jun 7 16:53:27 domac dhcpd[2971]: Advertise NA: address
2001:b68:2:2800::10:1208 to client with duid
00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid
for 3600 seconds
<br>
Jun 7 16:53:27 domac dhcpd[2971]: Sending Advertise to
fe80::8aad:43ff:fefa:3f96 port 546
<br>
Jun 7 16:53:27 domac dhcpd[2971]: Relay-forward message from
fe80::babe:bfff:fe26:9542 port 547, link address
2001:b68:2:2800::1, peer address fe80::8aad:43ff:fefa:3f96
<br>
Jun 7 16:53:27 domac dhcpd[2971]: Picking pool address
2001:b68:2:2800::10:1208
<br>
Jun 7 16:53:27 domac dhcpd[2971]: Advertise NA: address
2001:b68:2:2800::10:1208 to client with duid
00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061 valid
for 3600 seconds
<br>
Jun 7 16:53:27 domac dhcpd[2971]: Sending Relay-reply to
fe80::babe:bfff:fe26:9542 port 547
<br>
<br>
fe80::babe:bfff:fe26:9542 is local-link address of our router.
<br>
<br>
Our DNS/DHCP server is 161.53.235.3 or 2001:b68:2:2800::3, LLA for
eth1 is fe80::f21f:afff:fef1:420a/64
<br>
<br>
Here is our /etc/dhcp/dhcpd6.conf:
<br>
<br>
default-lease-time 3600;
<br>
preferred-lifetime 604800;
<br>
option dhcp-renewal-time 3600;
<br>
option dhcp-rebinding-time 7200;
<br>
allow leasequery;
<br>
<br>
option dhcp6.name-servers 2001:b68:2:2800::3,2001:b68:c:2::70:0;
<br>
option dhcp6.domain-search "alu.hr";
<br>
<br>
option dhcp6.info-refresh-time 21600;
<br>
<br>
ddns-update-style standard;
<br>
ddns-dual-stack-mixed-mode true;
<br>
update-conflict-detection false;
<br>
update-optimization false;
<br>
deny client-updates;
<br>
ddns-updates on;
<br>
authoritative;
<br>
log-facility local7;
<br>
ddns-domainname "local.alu.hr.";
<br>
ddns-rev-domainname "ip6.arpa.";
<br>
<br>
include "/etc/bind/ddns.key";
<br>
<br>
shared-network ilica85.alu.hr {
<br>
subnet6 2001:b68:2:2800::/64 {
<br>
range6 2001:b68:2:2800::10:1000 2001:b68:2:2800::10:13ff;
<br>
option dhcp6.domain-search "local.alu.hr","alu.hr";
<br>
option dhcp6.name-servers
2001:b68:2:2800::3,2001:b68:c:2::70:0;
<br>
ddns-domainname "local.alu.hr";
<br>
<br>
zone local.alu.hr. {
<br>
# primary6 2001:b68:2:2800::3;
<br>
primary 127.0.0.1;
<br>
key DDNS_UPDATE;
<br>
}
<br>
zone 0.0.8.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa. {
<br>
# primary6 2001:b68:2:2800::3;
<br>
primary 127.0.0.1;
<br>
key DDNS_UPDATE;
<br>
}
<br>
}
<br>
}
<br>
<br>
subnet6 2001:b68:2:2a00::/64 {
<br>
range6 2001:b68:2:2a00::1000 2001:b68:2:2a00::10ff;
<br>
option dhcp6.domain-search "slava.alu.hr","alu.hr";
<br>
option dhcp6.name-servers
2001:b68:2:2800::3,2001:b68:c:2::70:0;
<br>
ddns-domainname "slava.alu.hr";
<br>
<br>
zone slava.alu.hr. {
<br>
primary6 2001:b68:2:2800::3;
<br>
key DDNS_UPDATE;
<br>
}
<br>
<br>
zone 0.0.a.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa. {
<br>
primary6 2001:b68:2:2800::3;
<br>
key DDNS_UPDATE;
<br>
}
<br>
}
<br>
<br>
The corresponding entries in /etc/bind/named.conf.local are:
<br>
<br>
zone "0.0.8.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa" in {
<br>
type master;
<br>
file
"/var/cache/bind/0.0.8.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa.db";
<br>
allow-update { key DDNS_UPDATE; };
<br>
allow-transfer { 31.147.205.54; 161.53.2.70; };
<br>
also-notify { 31.147.205.54; 161.53.2.70; };
<br>
forwarders {};
<br>
};
<br>
<br>
zone "0.0.a.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa" in {
<br>
type master;
<br>
file
"/var/cache/bind/0.0.a.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa.db";
<br>
allow-update { key DDNS_UPDATE; };
<br>
allow-transfer { 31.147.205.54; 161.53.2.70; };
<br>
also-notify { 31.147.205.54; 161.53.2.70; };
<br>
forwarders {};
<br>
};
<br>
<br>
zone "local.alu.hr" in {
<br>
type master;
<br>
file "/var/cache/bind/local.alu.hr.db";
<br>
allow-update { key DDNS_UPDATE; };
<br>
allow-transfer { 31.147.205.54; 161.53.2.70; };
<br>
also-notify { 31.147.205.54; 161.53.2.70; };
<br>
forwarders {};
<br>
};
<br>
<br>
zone "slava.alu.hr" in {
<br>
type master;
<br>
file "/var/cache/bind/slava.alu.hr.db";
<br>
allow-update { key DDNS_UPDATE; };
<br>
allow-transfer { 31.147.205.54; 161.53.2.70; };
<br>
also-notify { 31.147.205.54; 161.53.2.70; };
<br>
dnssec-policy "standard";
<br>
key-directory "/var/cache/bind/keys";
<br>
forwarders {};
<br>
};
<br>
<br>
We are also using views in BIND9, but they work well updating the
"internal" and "universe" zones with DHCPv4, i.e.:
<br>
<br>
Jun 7 16:48:21 domac dhcpd[986]: DHCPREQUEST for 192.168.100.215
from 9c:3d:cf:11:aa:a6 (R7000P) via eth1
<br>
Jun 7 16:48:21 domac dhcpd[986]: DHCPACK on 192.168.100.215 to
9c:3d:cf:11:aa:a6 (R7000P) via eth1
<br>
Jun 7 16:48:21 domac dhcpd[986]: Added new forward map from
R7000P.local.alu.hr to 192.168.100.215
<br>
Jun 7 16:48:21 domac dhcpd[986]: Added reverse map from
215.100.168.192.in-addr.arpa. to R7000P.local.alu.hr
<br>
<br>
As you can see in the options, I tried various combinations, and I
seem to be out of options. But we are new to IPv6
<br>
and DHCPv6, so there may be something obvious to you I cannot see
(like DDNS not being enabled in ISC dhcpd binary
<br>
with option -6)?
<br>
<br>
I am very interested personally in IPv6 adoption for we are
expecting a surge in multimedia content provided,
<br>
possibly broadcasted, additional options with IoT, security,
surveillance cameras (requiring public IP we are short of).
<br>
<br>
All of this would be greatly simplified and more adopted if the
users, professors, staff and students wouldn't
<br>
have to remember IPv6 address like 2001:b68:2:2800::3 but used an
automatically assigned domain name instead.
<br>
<br>
Manual IPv6 configuration and static tables for this would be an
overkill, we are understaffed to maintain it.
<br>
<br>
Thank you very much for your time and help.
<br>
<br>
Kind regards,
<br>
Mirsad Todorovac
<br>
</div>
<pre class="moz-signature" cols="72">--
Mirsad Todorovac
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb
Republic of Croatia, the European Union
--
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu</pre>
</body>
</html>