DHCPv6 DDNS registration with FQDN



Hi all,

I've started this discussion with @dcbw on the IRC channel today. As he needed to leave, I want to summarize all information here and get more input.

I'm running radvd on a CentOS box and Windows-based stateful DHCPv6 and DNS servers. radvd announces that IPv6 addresses are managed. Clients will then talk to DHCP and the DHCP server is configured to securely update DNS with IPv6 addresses handed out by DHCP.

It works perfectly for my Windows boxes, i.e. their IPv6 addresses are resolved by my DNS without any further ado. I also have a couple of Fedora 21 and CentOS 7 boxes that should take advantage of DDNS as well with needing to resort to `nsupdate` and its security implications.

Fedora: nmcli tool, version 0.9.10.1-1.4.20150115git.fc21
CentOS: nmcli tool, version 0.9.9.1-29.git20140326.4dba720.el7_0

[root fedora ~]# nmcli con show ens192 | grep ipv6
ipv6.method:                            auto
ipv6.dns:
ipv6.dns-search:
ipv6.addresses:
ipv6.routes:
ipv6.ignore-auto-routes:                no
ipv6.ignore-auto-dns:                   no
ipv6.never-default:                     no
ipv6.may-fail:                          no
ipv6.ip6-privacy:                       -1 (unknown)
ipv6.dhcp-hostname:                     fedora.test.local

[root fedora ~]# hostname
fedora.test.local

[root fedora ~]# hostnamectl
   Static hostname: fedora.test.local
         Icon name: computer-vm
           Chassis: vm
        Machine ID: ff1345d296f247bebff818e004ac746a
           Boot ID: 45df522f11e449bd8821922a13b150f7
    Virtualization: vmware
  Operating System: Fedora 21 (Twenty One)
       CPE OS Name: cpe:/o:fedoraproject:fedora:21
            Kernel: Linux 3.18.3-201.fc21.x86_64
      Architecture: x86-64

[root fedora ~]# cat /etc/sysconfig/network-scripts/ifcfg-* | grep DHCP
<no output>

What I found is that ipv6.dhcp-hostname is not very stable. If I set and then `systemctl restart network` the ipv6.dhcp-hostname value gets removed (e.g. == "--").

Anyway, I want the boxes to auto-register with DNS. Here is what NM generates for dhclient:
[root fedora ~]# cat /var/lib/NetworkManager/dhclient6-ens192.conf
# Created by NetworkManager

send fqdn.fqdn "fedora"; # added by NetworkManager
send fqdn.encoded on;
send fqdn.no-client-update on;
send fqdn.server-update on;
also request dhcp6.name-servers;
also request dhcp6.domain-search;
also request dhcp6.client-id;

Here is what I use for tests with `dhclient -6 -d -lf /dev/null -cf /etc/dhcp/dhclient6-ens192.conf`. It registers the box successfully in Windows DNS.
[root fedora ~]# cat /tmp/dhclient6-ens192.conf
send fqdn.fqdn "fedora.test.local";
send fqdn.encoded on;
send fqdn.no-client-update off;
send fqdn.server-update on;
also request dhcp6.name-servers;
also request dhcp6.domain-search;
also request dhcp6.client-id;

There are two key differences:

- send fqdn.fqdn "fedora"; # added by NetworkManager
+ send fqdn.fqdn "fedora.wghoch4.local";

It is the FQDN so Windows knows which DNS zone to update.

- send fqdn.no-client-update on;
+ send fqdn.no-client-update off;

It's 'off' in my test config such that the DHCP option 39 O bit remains unset. The S bit is set, and according to https://tools.ietf.org/html/rfc4704#section-5.2, when S=1, O=0 and N=0 the DHCP server is responsible for updating the AAAA and PTR resource records.

What are the necessary configuration values such that NM invokes dhclient in such a way that my boxes are registered in Windows DNS? 

​Thanks
,

Alex
-- 
Alexander Groß
http://therightstuff.de/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]