Project

General

Profile

Actions

Feature #9302

closed

radvd always advertises DNS servers and Domain Search List regardless of M or O flag

Added by Elbin Teh about 5 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Category:
DHCP (IPv6)
Target version:
Start date:
02/02/2019
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

In "Managed" or "Stateless DHCP" mode, DNS servers and Domain Search List should be requested from DHCPv6 Server.

Current behavior in pfSense is to always advertise these - even if the fields are left empty on the Router Advertisement settings page.
If these fields are left empty, the system DNS servers or local resolvers/forwarders are advertised as DNS servers, and the same for Domain Search List.

I think this is slightly incorrect because it can have undesired effect, eg if I have a local DHCPv6 DNS server on my LAN which is advertising an specific DNS server (eg: fdfd::1:1) but my pfSense is configured to use Google's (eg: 2001:4860:4860::8888), then IPv6 clients on my LAN will be getting both these DNS servers. I might only want my IPv6 clients to use the specific DNS server at fdfd::1:1 (maybe because of Active Directory etc).

I think the correct behavior:
When RA mode is "Managed" or "Stateless DHCP" then if the DNS servers and Domain Search List fields are left empty in pfSense these should not be advertised by radvd.
For flexibility, if these fields are set then include in radvd.

I have a potential fix: https://github.com/pfsense/pfsense/pull/4046

Would appreciate any thoughts or feedback on this.

Thanks!

Actions

Also available in: Atom PDF