Project

General

Profile

Bug #9302

radvd always advertises DNS servers and Domain Search List regardless of M or O flag

Added by Elbin Teh 8 months ago. Updated 2 days ago.

Status:
Resolved
Priority:
Normal
Category:
IPv6 Router Advertisements (RADVD)
Target version:
Start date:
02/02/2019
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.4.x
Affected Architecture:

Description

In "Managed" or "Stateless DHCP" mode, DNS servers and Domain Search List should be requested from DHCPv6 Server.

Current behavior in pfSense is to always advertise these - even if the fields are left empty on the Router Advertisement settings page.
If these fields are left empty, the system DNS servers or local resolvers/forwarders are advertised as DNS servers, and the same for Domain Search List.

I think this is slightly incorrect because it can have undesired effect, eg if I have a local DHCPv6 DNS server on my LAN which is advertising an specific DNS server (eg: fdfd::1:1) but my pfSense is configured to use Google's (eg: 2001:4860:4860::8888), then IPv6 clients on my LAN will be getting both these DNS servers. I might only want my IPv6 clients to use the specific DNS server at fdfd::1:1 (maybe because of Active Directory etc).

I think the correct behavior:
When RA mode is "Managed" or "Stateless DHCP" then if the DNS servers and Domain Search List fields are left empty in pfSense these should not be advertised by radvd.
For flexibility, if these fields are set then include in radvd.

I have a potential fix: https://github.com/pfsense/pfsense/pull/4046

Would appreciate any thoughts or feedback on this.

Thanks!

History

#1 Updated by Elbin Teh 8 months ago

An example radvd configuration can be found here:
[http://sophiedogg.com/radvd-and-dhcpd6-server-configuration-for-dynamic-dns/]

#2 Updated by Jim Pingle about 1 month ago

  • Status changed from New to Pull Request Review

#3 Updated by Renato Botelho 10 days ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • Target version set to 2.5.0
  • % Done changed from 0 to 100

PR has been merged. Thanks!

#4 Updated by Viktor Gurov 3 days ago

Renato Botelho wrote:

PR has been merged. Thanks!

Tested on 2.5.0.a.20191011.1853

No RDNSS and DNSSL entries in /var/etc/radvd.conf with "Managed" or "Stateless DHCP" mode

Resolved

#5 Updated by Jim Pingle 2 days ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF