<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>P.P.P.S.</p>
<p>It seems that I have identified the culprit. Our subnet has 6
rogue DHCPv6 servers according to this nmap scan:</p>
<p><font face="monospace">root@domac:~# ip neigh | grep fe80 | grep
eth1 | awk '{ print $1 }' | xargs nmap -6 -p 547<br>
Starting Nmap 7.70 ( <a class="moz-txt-link-freetext" href="https://nmap.org">https://nmap.org</a> ) at 2022-06-09 15:24 CEST<br>
Nmap scan report for fe80::ac42:4146:51fa:6f1d<br>
Host is up (-0.100s latency).<br>
<br>
PORT STATE SERVICE<br>
547/tcp filtered dhcpv6-server<br>
MAC Address: 4C:CC:6A:93:95:B9 (Micro-star Intl)<br>
<br>
Nmap scan report for fe80::babe:bfff:fe26:9542<br>
Host is up (-0.072s latency).<br>
<br>
PORT STATE SERVICE<br>
547/tcp filtered dhcpv6-server<br>
MAC Address: B8:BE:BF:26:95:42 (Cisco Systems)<br>
<br>
Nmap scan report for fe80::98d4:2331:7505:8107<br>
Host is up (0.00058s latency).<br>
<br>
PORT STATE SERVICE<br>
547/tcp filtered dhcpv6-server<br>
MAC Address: 04:42:1A:E9:09:9B (Unknown)<br>
<br>
Nmap scan report for fe80::7d16:fb12:a937:fb04<br>
Host is up (0.0012s latency).<br>
<br>
PORT STATE SERVICE<br>
547/tcp filtered dhcpv6-server<br>
MAC Address: 1C:A0:B8:7D:12:A3 (Hon Hai Precision Ind.)<br>
<br>
Nmap scan report for fe80::ad7f:3404:1b4d:4f0d<br>
Host is up (-0.099s latency).<br>
<br>
PORT STATE SERVICE<br>
547/tcp filtered dhcpv6-server<br>
MAC Address: 8C:8C:AA:43:FC:5E (Unknown)<br>
<br>
Nmap scan report for fe80::8aad:43ff:fefa:3f96<br>
Host is up (0.00078s latency).<br>
<br>
PORT STATE SERVICE<br>
547/tcp filtered dhcpv6-server<br>
MAC Address: 88:AD:43:FA:3F:96 (Pegatron)<br>
<br>
Nmap done: 19 IP addresses (6 hosts up) scanned in 0.91 seconds<br>
root@domac:~#<br>
</font><br>
I'm afraid we will have to clear one by one before our DHCPv6 on
domac starts receiving any Requests or Confirms.</p>
<div class="moz-cite-prefix">Mirsad<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 9.6.2022. 11:58, Mirsad Goran
Todorovac wrote:<br>
</div>
<blockquote type="cite"
cite="mid:ac559a59-08d1-d257-838c-44cd2779e3fa@alu.unizg.hr">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>P.P.S.</p>
<p>I have turned off NIC checksum offloading by `ethtool -K eth1
rx off tx off`. Now the UDP checksum should be calculated in the
kernel (slower).<br>
</p>
<p><font face="monospace">11:54:40.438248 IP6 (hlim 1, next-header
UDP (17) payload length: 103) fe80::9418:9a22:54b8:743f.546
> ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=a1f102
(elapsed-time 0) (client-ID hwaddr/time type 1 time 499890753
f0761c5b0dd5) (IA_NA IAID:338441082 T1:0 T2:0) (Client-FQDN)
(vendor-class) (option-request DNS-search-list DNS-server
vendor-specific-info Client-FQDN))<br>
11:54:40.438928 IP6 (flowlabel 0x82364, hlim 64, next-header
UDP (17) payload length: 159) fe80::f21f:afff:fef1:420a.547
> fe80::9418:9a22:54b8:743f.546: <font color="#ff0000"><b>[udp
sum ok]</b></font> dhcp6 advertise (xid=a1f102 (IA_NA
IAID:338441082 T1:3600 T2:7200 (IA_ADDR
2001:b68:2:2800::10:139d pltime:604800 vltime:3600))
(client-ID hwaddr/time type 1 time 499890753 f0761c5b0dd5)
(server-ID hwaddr/time type 1 time 707489786 f01faff1420a)
(preference 255) (DNS-search-list local.alu.hr. alu.hr.)
(DNS-server 2001:b68:2:2800::3 2001:b68:c:2::70:0))<br>
11:54:41.445113 IP6 (hlim 1, next-header UDP (17) payload
length: 103) fe80::9418:9a22:54b8:743f.546 > ff02::1:2.547:
[udp sum ok] dhcp6 solicit (xid=a1f102 (elapsed-time 100)
(client-ID hwaddr/time type 1 time 499890753 f0761c5b0dd5)
(IA_NA IAID:338441082 T1:0 T2:0) (Client-FQDN) (vendor-class)
(option-request DNS-search-list DNS-server
vendor-specific-info Client-FQDN))<br>
</font></p>
<p>Now the checksums are OK, however the server still doesn't
receive Request or Confirm message from the client.<br>
I'm pretty much out of ideas.</p>
<p>Mirsad<br>
</p>
<div class="moz-cite-prefix">On 9.6.2022. 11:22, Mirsad Goran
Todorovac wrote:<br>
</div>
<blockquote type="cite"
cite="mid:0761e93b-7fa0-4e36-4b70-553ad4110cff@alu.unizg.hr">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8">
<p>P.S.</p>
<p>We are using ISC DHCP 4.4.3 and BIND 9.16.27 on a Debian 10
Buster system with 4.19.235-1 kernel and libc6:amd64
2.28-10+deb10u1.</p>
<p><font face="monospace">root@domac:~# ldd
/usr/local/sbin/dhcpd<br>
linux-vdso.so.1 (0x00007ffc7afdb000)<br>
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6
(0x00007f0671607000)<br>
/lib64/ld-linux-x86-64.so.2 (0x00007f0671c05000)<br>
root@domac:~#</font><br>
</p>
<p>We have updated the network configuration on the router to
not relay to DHCPv6 on our domac sever but to advertise DHCPv6
server presence on the subnet.</p>
<p>Now the log looks like this:</p>
<p><font face="monospace">Jun 9 11:04:41 domac dhcpd: Solicit
message from fe80::cff:4b3a:be79:cec0 port 546, transaction
ID 0xA2D9AB00<br>
Jun 9 11:04:41 domac dhcpd: Picking pool address
2001:b68:2:2800::10:1228<br>
Jun 9 11:04:41 domac dhcpd: Advertise NA: address
2001:b68:2:2800::10:1228 to client with duid
00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for
3600 seconds<br>
Jun 9 11:04:41 domac dhcpd: Sending Advertise to
fe80::cff:4b3a:be79:cec0 port 546<br>
Jun 9 11:04:41 domac dhcpd: Solicit message from
fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00<br>
Jun 9 11:04:41 domac dhcpd: Picking pool address
2001:b68:2:2800::10:1228<br>
Jun 9 11:04:41 domac dhcpd: Advertise NA: address
2001:b68:2:2800::10:1228 to client with duid
00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for
3600 seconds<br>
Jun 9 11:04:41 domac dhcpd: Sending Advertise to
fe80::cff:4b3a:be79:cec0 port 546<br>
Jun 9 11:04:42 domac dhcpd: Solicit message from
fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00<br>
Jun 9 11:04:42 domac dhcpd: Picking pool address
2001:b68:2:2800::10:1228<br>
Jun 9 11:04:42 domac dhcpd: Advertise NA: address
2001:b68:2:2800::10:1228 to client with duid
00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for
3600 seconds<br>
Jun 9 11:04:42 domac dhcpd: Sending Advertise to
fe80::cff:4b3a:be79:cec0 port 546<br>
Jun 9 11:04:42 domac dhcpd: Solicit message from
fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00<br>
Jun 9 11:04:42 domac dhcpd: Picking pool address
2001:b68:2:2800::10:1228<br>
Jun 9 11:04:42 domac dhcpd: Advertise NA: address
2001:b68:2:2800::10:1228 to client with duid
00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for
3600 seconds<br>
Jun 9 11:04:42 domac dhcpd: Sending Advertise to
fe80::cff:4b3a:be79:cec0 port 546<br>
Jun 9 11:04:44 domac dhcpd: Solicit message from
fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00<br>
Jun 9 11:04:44 domac dhcpd: Picking pool address
2001:b68:2:2800::10:1228<br>
Jun 9 11:04:44 domac dhcpd: Advertise NA: address
2001:b68:2:2800::10:1228 to client with duid
00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for
3600 seconds<br>
Jun 9 11:04:44 domac dhcpd: Sending Advertise to
fe80::cff:4b3a:be79:cec0 port 546<br>
Jun 9 11:04:44 domac dhcpd: Solicit message from
fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00<br>
Jun 9 11:04:44 domac dhcpd: Picking pool address
2001:b68:2:2800::10:1228<br>
Jun 9 11:04:44 domac dhcpd: Advertise NA: address
2001:b68:2:2800::10:1228 to client with duid
00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for
3600 seconds<br>
Jun 9 11:04:44 domac dhcpd: Sending Advertise to
fe80::cff:4b3a:be79:cec0 port 546<br>
Jun 9 11:04:48 domac dhcpd: Solicit message from
fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00<br>
Jun 9 11:04:48 domac dhcpd: Picking pool address
2001:b68:2:2800::10:1228<br>
Jun 9 11:04:48 domac dhcpd: Advertise NA: address
2001:b68:2:2800::10:1228 to client with duid
00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for
3600 seconds<br>
Jun 9 11:04:48 domac dhcpd: Sending Advertise to
fe80::cff:4b3a:be79:cec0 port 546<br>
Jun 9 11:04:48 domac dhcpd: Solicit message from
fe80::cff:4b3a:be79:cec0 port 546, transaction ID 0xA2D9AB00<br>
Jun 9 11:04:48 domac dhcpd: Picking pool address
2001:b68:2:2800::10:1228<br>
Jun 9 11:04:48 domac dhcpd: Advertise NA: address
2001:b68:2:2800::10:1228 to client with duid
00:01:00:01:2a:30:9a:4a:7c:6d:62:89:b4:29 iaid = 0 valid for
3600 seconds<br>
Jun 9 11:04:48 domac dhcpd: Sending Advertise to
fe80::cff:4b3a:be79:cec0 port 546</font><br>
</p>
<p>Apparently, the client <font face="monospace">fe80::cff:4b3a:be79:cec0</font>
never receives DHCPv6 Advertisement with assigned address from
domac server, so it repeats soliciting for other DHCPv6 server
7 more times: </p>
<p><font face="monospace">11:02:37.403227 IP6 (flowlabel
0x9ecff, hlim 1, next-header UDP (17) payload length: 94)
fe80::3d9c:9ecd:42c:b76e.546 > ff02::1:2.547: [udp sum
ok] dhcp6 solicit (xid=9e8166 (elapsed-time 0) (client-ID
hwaddr/time type 1 time 641857482 1ca0b87d1191) (IA_NA
IAID:102539448 T1:0 T2:0) (Client-FQDN) (vendor-class)
(option-request vendor-specific-info DNS-server
DNS-search-list Client-FQDN))<br>
11:02:37.403352 IP6 (flowlabel 0x52e68, hlim 64, next-header
UDP (17) payload length: 159) fe80::f21f:afff:fef1:420a.547
> fe80::3d9c:9ecd:42c:b76e.546: <font color="#ff0000"><b>[bad
udp cksum 0x78d2 -> 0x8bad!]</b></font> dhcp6
advertise (xid=9e8166 (IA_NA IAID:102539448 T1:3600 T2:7200
(IA_ADDR 2001:b68:2:2800::10:10ef pltime:604800
vltime:3600)) (client-ID hwaddr/time type 1 time 641857482
1ca0b87d1191) (server-ID hwaddr/time type 1 time 707489786
f01faff1420a) (preference 255) (DNS-server
2001:b68:2:2800::3 2001:b68:c:2::70:0) (DNS-search-list
local.alu.hr. alu.hr.))<br>
</font></p>
<p>There is this problem with "bad udp checksum" in tcpdump-ed
packets from domac's <font face="monospace">fe80::f21f:afff:fef1:420a</font>
interface: I'm new to IPv6, but I think the receiver party is
mandated to discard UDP packets with bad checksum.<br>
</p>
<p>So the DHCPv6 server on domac never sees a Request nor
Confirm message from the client <a
href="https://datatracker.ietf.org/doc/html/rfc3315#section-5.3"
target="_blank" rel="noopener noreferrer"
data-auth="NotApplicable" id="LPlnk514870"
data-linkindex="0" class="moz-txt-link-freetext"
moz-do-not-send="true">https://datatracker.ietf.org/doc/html/rfc3315#section-5.3</a><br
aria-hidden="true">
</p>
<pre> REQUEST (3) A client sends a Request message to request
configuration parameters, including IP
addresses, from a specific server.
CONFIRM (4) A client sends a Confirm message to any
available server to determine whether the
addresses it was assigned are still appropriate
to the link to which the client is connected.
</pre>
<div class="moz-cite-prefix">My knowledge of DHCPv6 is very
beginning level, but I'm afraid if we do not make DHCPv6 DDNS
work no one will use IPv6 for the addresses like
2001:b68:2:2800::3 are very hard to configure manually,
remember and type.<br>
The idea was that the users would be able to log in via VPN
and access their work PC with a symbolic FQDN domain name.<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">I think I am defeated here: some
Googled articles say it is normal for checksum to be bad if it
is generated by NIC, but on the other hand the client doesn't
appear to receive any Advertise messages or send back Request
or Confirm. This way the server never gets confirmation that
the address is acceptable by the client and it never proceeds
to DDNS name update to the zone at all.</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">The clients worked with the IPv6
SLAAC configuration on the router, but we wanted dynamic DNS
addresses on the subnet for the assigned IPv6 addresses to
make it more usable.<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Thank you very much for help.</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Kind regards,<br>
Mirsad Todorovac<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 8.6.2022. 6:14, Mirsad Goran
Todorovac wrote:<br>
</div>
<blockquote type="cite"
cite="mid:0121ba37-0d00-3ef5-6d31-c0b23e81a677@alu.unizg.hr">Dear
Sirs, <br>
<br>
Having compiled ISC DHCPD 4.4.3 with includes/site.h: #define
DEBUG_DNS_UPDATES <br>
I get the following output. It appears that the DDNS update
code isn't even called for IPv6. <br>
<br>
Am I doing something terribly wrong? <br>
<br>
Thank you. <br>
<br>
Jun 8 06:09:02 domac dhcpd: ddns.c(150): Allocating
ddns_cb=0x5604136c60a0 <br>
Jun 8 06:09:02 domac dhcpd: DDNS: ddns_fwd_srv_connector:
ddns_cb: 0x5604136c60a0 flags: 50b state: DDNS_STATE_CLEANUP
cur_func: <null> eresult: 0 <br>
Jun 8 06:09:02 domac dhcpd: DDNS: ddns_modify_fwd <br>
Jun 8 06:09:02 domac dhcpd: DDNS: build_fwd_add1:
pname:[R7000P.local.alu.hr] uname:[R7000P.local.alu.hr] <br>
Jun 8 06:09:02 domac dhcpd: DDNS request: id ptr
0x7fdc349e8010 DDNS_STATE_ADD_FW_NXDOMAIN 192.168.100.215 for
R7000P.local.alu.hr zone: local.alu.hr.dhcid:
[00:01:01:52:62:16:06:17:56:5b:21:58:8f:69:59:ee:4e:bb:79:9d:5e:76:9b:3a:f3:b7:2c:0f:cf:01:db:4c:eb:6b:87
<br>
Jun 8 06:09:02 domac dhcpd: ddns.c(1722): Updating lease_ptr
for ddns_cp=0x5604136c60a0 (addr=192.168.100.215) <br>
Jun 8 06:09:02 domac dhcpd: DHCPREQUEST for 192.168.100.215
from 9c:3d:cf:11:aa:a6 (R7000P) via eth1 <br>
Jun 8 06:09:02 domac dhcpd: DHCPACK on 192.168.100.215 to
9c:3d:cf:11:aa:a6 (R7000P) via eth1 <br>
Jun 8 06:09:02 domac dhcpd: DDNS reply: id ptr
0x7fdc349e8010, result: YXDOMAIN <br>
Jun 8 06:09:02 domac dhcpd: DDNS: ddns_fwd_srv_add1: ddns_cb:
0x5604136c60a0 flags: 50b state: DDNS_STATE_ADD_FW_NXDOMAIN
cur_func: ddns_fwd_srv_add1 eresult: 196614 <br>
Jun 8 06:09:02 domac dhcpd: DDNS: ddns_modify_fwd <br>
Jun 8 06:09:02 domac dhcpd: DDNS: build_fwd_add2:
pname:[R7000P.local.alu.hr] uname:[R7000P.local.alu.hr] <br>
Jun 8 06:09:02 domac dhcpd: DDNS request: id ptr
0x7fdc349e8010 DDNS_STATE_ADD_FW_YXDHCID 192.168.100.215 for
R7000P.local.alu.hr zone: local.alu.hr.dhcid:
[00:01:01:52:62:16:06:17:56:5b:21:58:8f:69:59:ee:4e:bb:79:9d:5e:76:9b:3a:f3:b7:2c:0f:cf:01:db:4c:eb:6b:87
<br>
Jun 8 06:09:02 domac dhcpd: DDNS reply: id ptr
0x7fdc349e8010, result: success <br>
Jun 8 06:09:02 domac dhcpd: DDNS:ddns_fwd_srv_add2: ddns_cb:
0x5604136c60a0 flags: 50b state: DDNS_STATE_ADD_FW_YXDHCID
cur_func: ddns_fwd_srv_add2 eresult: 0 <br>
Jun 8 06:09:02 domac dhcpd: Added new forward map from
R7000P.local.alu.hr to 192.168.100.215 <br>
Jun 8 06:09:02 domac dhcpd: DDNS: ddns_modify_ptr <br>
Jun 8 06:09:02 domac dhcpd: DDNS request: id ptr
0x7fdc349e8010 DDNS_STATE_ADD_PTR R7000P.local.alu.hr for
215.100.168.192.in-addr.arpa. zone:
168.192.in-addr.arpa.dhcid:
[00:01:01:52:62:16:06:17:56:5b:21:58:8f:69:59:ee:4e:bb:79:9d:5e:76:9b:3a:f3:b7:2c:0f:cf:01:db:4c:eb:6b:87
<br>
Jun 8 06:09:02 domac dhcpd: DDNS reply: id ptr
0x7fdc349e8010, result: success <br>
Jun 8 06:09:02 domac dhcpd: Added reverse map from
215.100.168.192.in-addr.arpa. to R7000P.local.alu.hr <br>
Jun 8 06:09:02 domac dhcpd: ddns.c(1325): Updating lease_ptr
for ddns_cp=0x5604136c60a0 (addr=192.168.100.215) <br>
Jun 8 06:09:02 domac dhcpd: ddns.c(1325):
find_lease_by_ip_addr(192.168.100.215)
successful:lease=0x7fdc346b4e20 <br>
Jun 8 06:09:02 domac dhcpd: ddns.c(1326): freeing
ddns_cb=0x5604136c60a0 <br>
Jun 8 06:09:46 domac dhcpd: Solicit message from
fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00
<br>
Jun 8 06:09:46 domac dhcpd: Picking pool address
2001:b68:2:2800::10:1208 <br>
Jun 8 06:09:46 domac dhcpd: Advertise NA: address
2001:b68:2:2800::10:1208 to client with duid
00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061
valid for 3600 seconds <br>
Jun 8 06:09:46 domac dhcpd: Sending Advertise to
fe80::8aad:43ff:fefa:3f96 port 546 <br>
Jun 8 06:09:46 domac dhcpd: Solicit message from
fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00
<br>
Jun 8 06:09:46 domac dhcpd: Picking pool address
2001:b68:2:2800::10:1208 <br>
Jun 8 06:09:46 domac dhcpd: Advertise NA: address
2001:b68:2:2800::10:1208 to client with duid
00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061
valid for 3600 seconds <br>
Jun 8 06:09:46 domac dhcpd: Sending Advertise to
fe80::8aad:43ff:fefa:3f96 port 546 <br>
Jun 8 06:09:46 domac dhcpd: Relay-forward message from
fe80::babe:bfff:fe26:9542 port 547, link address
2001:b68:2:2800::1, peer address fe80::8aad:43ff:fefa:3f96 <br>
Jun 8 06:09:46 domac dhcpd: Picking pool address
2001:b68:2:2800::10:1208 <br>
Jun 8 06:09:46 domac dhcpd: Advertise NA: address
2001:b68:2:2800::10:1208 to client with duid
00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061
valid for 3600 seconds <br>
Jun 8 06:09:46 domac dhcpd: Sending Relay-reply to
fe80::babe:bfff:fe26:9542 port 547 <br>
Jun 8 06:11:57 domac dhcpd: Solicit message from
fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00
<br>
Jun 8 06:11:57 domac dhcpd: Picking pool address
2001:b68:2:2800::10:1208 <br>
Jun 8 06:11:57 domac dhcpd: Advertise NA: address
2001:b68:2:2800::10:1208 to client with duid
00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061
valid for 3600 seconds <br>
Jun 8 06:11:57 domac dhcpd: Sending Advertise to
fe80::8aad:43ff:fefa:3f96 port 546 <br>
Jun 8 06:11:57 domac dhcpd: Solicit message from
fe80::8aad:43ff:fefa:3f96 port 546, transaction ID 0x55E06C00
<br>
Jun 8 06:11:57 domac dhcpd: Picking pool address
2001:b68:2:2800::10:1208 <br>
Jun 8 06:11:57 domac dhcpd: Advertise NA: address
2001:b68:2:2800::10:1208 to client with duid
00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061
valid for 3600 seconds <br>
Jun 8 06:11:57 domac dhcpd: Sending Advertise to
fe80::8aad:43ff:fefa:3f96 port 546 <br>
Jun 8 06:11:57 domac dhcpd: Relay-forward message from
fe80::babe:bfff:fe26:9542 port 547, link address
2001:b68:2:2800::1, peer address fe80::8aad:43ff:fefa:3f96 <br>
Jun 8 06:11:57 domac dhcpd: Picking pool address
2001:b68:2:2800::10:1208 <br>
Jun 8 06:11:57 domac dhcpd: Advertise NA: address
2001:b68:2:2800::10:1208 to client with duid
00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061
valid for 3600 seconds <br>
Jun 8 06:11:57 domac dhcpd: Sending Relay-reply to
fe80::babe:bfff:fe26:9542 port 547 <br>
<br>
On 07. 06. 2022. 19:13, Mirsad Goran Todorovac wrote: <br>
<blockquote type="cite">Hello all, <br>
<br>
I have a problem that our DHCPv6 DDNS update which works
reliably with IPv4 doesn't work at all when we implemented <br>
the dual-stack operation with IPv6. There is not even a
warning, notice or error in the log. No syntax errors in the
config /etc/dhcp/dhcpd6.conf file. <br>
<br>
We are running Debian 10 Buster server with BIND 9.16.27 and
ISC DHCPd 4.4.1 <br>
<br>
root@domac:# dpkg -l ... <br>
Desired=Unknown/Install/Remove/Purge/Hold <br>
|
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend<br>
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) <br>
||/ Name Version Architecture
Description <br>
+++-==============-===========================-============-=================================
<br>
ii bind9 1:9.16.27-1~deb11u1~bpo10+1 amd64
Internet Domain Name Server <br>
ii isc-dhcp-server 4.4.1-2+deb10u1 amd64 ISC DHCP
server for automatic IP address assignment <br>
<br>
Here is a typical example of DHCPv6 transactions found in
the log: <br>
<br>
Jun 7 16:53:27 domac dhcpd[2971]: Solicit message from
fe80::8aad:43ff:fefa:3f96 port 546, transaction ID
0x55E06C00 <br>
Jun 7 16:53:27 domac dhcpd[2971]: Picking pool address
2001:b68:2:2800::10:1208 <br>
Jun 7 16:53:27 domac dhcpd[2971]: Advertise NA: address
2001:b68:2:2800::10:1208 to client with duid
00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061
valid for 3600 seconds <br>
Jun 7 16:53:27 domac dhcpd[2971]: Sending Advertise to
fe80::8aad:43ff:fefa:3f96 port 546 <br>
Jun 7 16:53:27 domac dhcpd[2971]: Solicit message from
fe80::8aad:43ff:fefa:3f96 port 546, transaction ID
0x55E06C00 <br>
Jun 7 16:53:27 domac dhcpd[2971]: Picking pool address
2001:b68:2:2800::10:1208 <br>
Jun 7 16:53:27 domac dhcpd[2971]: Advertise NA: address
2001:b68:2:2800::10:1208 to client with duid
00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061
valid for 3600 seconds <br>
Jun 7 16:53:27 domac dhcpd[2971]: Sending Advertise to
fe80::8aad:43ff:fefa:3f96 port 546 <br>
Jun 7 16:53:27 domac dhcpd[2971]: Relay-forward message
from fe80::babe:bfff:fe26:9542 port 547, link address
2001:b68:2:2800::1, peer address fe80::8aad:43ff:fefa:3f96 <br>
Jun 7 16:53:27 domac dhcpd[2971]: Picking pool address
2001:b68:2:2800::10:1208 <br>
Jun 7 16:53:27 domac dhcpd[2971]: Advertise NA: address
2001:b68:2:2800::10:1208 to client with duid
00:01:00:01:27:7d:dd:63:88:ad:43:fa:3f:96 iaid = -1774192061
valid for 3600 seconds <br>
Jun 7 16:53:27 domac dhcpd[2971]: Sending Relay-reply to
fe80::babe:bfff:fe26:9542 port 547 <br>
<br>
fe80::babe:bfff:fe26:9542 is local-link address of our
router. <br>
<br>
Our DNS/DHCP server is 161.53.235.3 or 2001:b68:2:2800::3,
LLA for eth1 is fe80::f21f:afff:fef1:420a/64 <br>
<br>
Here is our /etc/dhcp/dhcpd6.conf: <br>
<br>
default-lease-time 3600; <br>
preferred-lifetime 604800; <br>
option dhcp-renewal-time 3600; <br>
option dhcp-rebinding-time 7200; <br>
allow leasequery; <br>
<br>
option dhcp6.name-servers
2001:b68:2:2800::3,2001:b68:c:2::70:0; <br>
option dhcp6.domain-search "alu.hr"; <br>
<br>
option dhcp6.info-refresh-time 21600; <br>
<br>
ddns-update-style standard; <br>
ddns-dual-stack-mixed-mode true; <br>
update-conflict-detection false; <br>
update-optimization false; <br>
deny client-updates; <br>
ddns-updates on; <br>
authoritative; <br>
log-facility local7; <br>
ddns-domainname "local.alu.hr."; <br>
ddns-rev-domainname "ip6.arpa."; <br>
<br>
include "/etc/bind/ddns.key"; <br>
<br>
shared-network ilica85.alu.hr { <br>
subnet6 2001:b68:2:2800::/64 { <br>
range6 2001:b68:2:2800::10:1000
2001:b68:2:2800::10:13ff; <br>
option dhcp6.domain-search "local.alu.hr","alu.hr";
<br>
option dhcp6.name-servers
2001:b68:2:2800::3,2001:b68:c:2::70:0; <br>
ddns-domainname "local.alu.hr"; <br>
<br>
zone local.alu.hr. { <br>
# primary6 2001:b68:2:2800::3; <br>
primary 127.0.0.1; <br>
key DDNS_UPDATE; <br>
} <br>
zone 0.0.8.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa. { <br>
# primary6 2001:b68:2:2800::3; <br>
primary 127.0.0.1; <br>
key DDNS_UPDATE; <br>
} <br>
} <br>
} <br>
<br>
subnet6 2001:b68:2:2a00::/64 { <br>
range6 2001:b68:2:2a00::1000 2001:b68:2:2a00::10ff;
<br>
option dhcp6.domain-search "slava.alu.hr","alu.hr";
<br>
option dhcp6.name-servers
2001:b68:2:2800::3,2001:b68:c:2::70:0; <br>
ddns-domainname "slava.alu.hr"; <br>
<br>
zone slava.alu.hr. { <br>
primary6 2001:b68:2:2800::3; <br>
key DDNS_UPDATE; <br>
} <br>
<br>
zone 0.0.a.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa. { <br>
primary6 2001:b68:2:2800::3; <br>
key DDNS_UPDATE; <br>
} <br>
} <br>
<br>
The corresponding entries in /etc/bind/named.conf.local are:
<br>
<br>
zone "0.0.8.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa" in { <br>
type master; <br>
file
"/var/cache/bind/0.0.8.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa.db";
<br>
allow-update { key DDNS_UPDATE; }; <br>
allow-transfer { 31.147.205.54; 161.53.2.70; }; <br>
also-notify { 31.147.205.54; 161.53.2.70; }; <br>
forwarders {}; <br>
}; <br>
<br>
zone "0.0.a.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa" in { <br>
type master; <br>
file
"/var/cache/bind/0.0.a.2.2.0.0.0.8.6.b.0.1.0.0.2.ip6.arpa.db";
<br>
allow-update { key DDNS_UPDATE; }; <br>
allow-transfer { 31.147.205.54; 161.53.2.70; }; <br>
also-notify { 31.147.205.54; 161.53.2.70; }; <br>
forwarders {}; <br>
}; <br>
<br>
zone "local.alu.hr" in { <br>
type master; <br>
file "/var/cache/bind/local.alu.hr.db"; <br>
allow-update { key DDNS_UPDATE; }; <br>
allow-transfer { 31.147.205.54; 161.53.2.70; }; <br>
also-notify { 31.147.205.54; 161.53.2.70; }; <br>
forwarders {}; <br>
}; <br>
<br>
zone "slava.alu.hr" in { <br>
type master; <br>
file "/var/cache/bind/slava.alu.hr.db"; <br>
allow-update { key DDNS_UPDATE; }; <br>
allow-transfer { 31.147.205.54; 161.53.2.70; }; <br>
also-notify { 31.147.205.54; 161.53.2.70; }; <br>
dnssec-policy "standard"; <br>
key-directory "/var/cache/bind/keys"; <br>
forwarders {}; <br>
}; <br>
<br>
We are also using views in BIND9, but they work well
updating the "internal" and "universe" zones with DHCPv4,
i.e.: <br>
<br>
Jun 7 16:48:21 domac dhcpd[986]: DHCPREQUEST for
192.168.100.215 from 9c:3d:cf:11:aa:a6 (R7000P) via eth1 <br>
Jun 7 16:48:21 domac dhcpd[986]: DHCPACK on 192.168.100.215
to 9c:3d:cf:11:aa:a6 (R7000P) via eth1 <br>
Jun 7 16:48:21 domac dhcpd[986]: Added new forward map from
R7000P.local.alu.hr to 192.168.100.215 <br>
Jun 7 16:48:21 domac dhcpd[986]: Added reverse map from
215.100.168.192.in-addr.arpa. to R7000P.local.alu.hr <br>
<br>
As you can see in the options, I tried various combinations,
and I seem to be out of options. But we are new to IPv6 <br>
and DHCPv6, so there may be something obvious to you I
cannot see (like DDNS not being enabled in ISC dhcpd binary
<br>
with option -6)? <br>
<br>
I am very interested personally in IPv6 adoption for we are
expecting a surge in multimedia content provided, <br>
possibly broadcasted, additional options with IoT, security,
surveillance cameras (requiring public IP we are short of).
<br>
<br>
All of this would be greatly simplified and more adopted if
the users, professors, staff and students wouldn't <br>
have to remember IPv6 address like 2001:b68:2:2800::3 but
used an automatically assigned domain name instead. <br>
<br>
Manual IPv6 configuration and static tables for this would
be an overkill, we are understaffed to maintain it. <br>
<br>
Thank you very much for your time and help. <br>
<br>
Kind regards, <br>
Mirsad Todorovac <br>
<br>
</blockquote>
-- <br>
Mirsad Goran Todorovac <br>
CARNet sistem inženjer <br>
Grafički fakultet | Akademija likovnih umjetnosti <br>
Sveučilište u Zagrebu <br>
</blockquote>
<pre class="moz-signature" cols="72">--
Mirsad Todorovac
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb
Republic of Croatia, the European Union
--
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu</pre>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
</blockquote>
<pre class="moz-signature" cols="72">--
Mirsad Todorovac
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb
Republic of Croatia, the European Union
--
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu</pre>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
</blockquote>
<pre class="moz-signature" cols="72">--
Mirsad Todorovac
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb
Republic of Croatia, the European Union
--
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu</pre>
</body>
</html>