Project

General

Profile

Actions

Bug #9893

closed

RDNSS is broken in 2.5 for Android and leightweight Clients

Added by Rick Coats about 5 years ago. Updated about 5 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
IPv6 Router Advertisements (radvd/rtsold)
Target version:
-
Start date:
11/11/2019
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.5.x
Affected Architecture:
All

Description

Version of PfSense under Test:
2.5.0-DEVELOPMENT (amd64)
built on Sun Nov 10 20:08:03 EST 2019
FreeBSD 12.0-RELEASE-p10

The changes in https://redmine.pfsense.org/issues/9302 break RDNSS when using Managed or Stateless DHCP on the RA Tab of the DHCPv6 Server & RA Setup.

Looking in the /var/etc/radvd.conf shows the RDNSS and DNSSL entries are missing.

The effect is that clients which do not utilize DHCP for DNS (ie Android and other light weight devices ) no longer get DNS information. It should be noted that these clients work as expected in 2.4.4 and even with Managed or Stateless DHCP it is a valid use case that these clients are to work.

Fix would be to roll back change 9302.

Bug 9302 should never have been accepted as a bug. pfSense was working correctly per RFC before change 9302 was incorporated.

RFC 8504 Chapter 8 provides overview of Configuring Non-Address Information and states that IPv6 Router Advertisement Implementations MUST include support for the DNS RA option [RFC8106]. This has been in effect since 2017.

This is regardless of the Flags (M or O) as these are to inform the client of the availability of a DHCP server, not to tell the router to turn off Router Announcement Functionality.

RFC 8106 Chapter 5.3 spells out what hosts are to do when they receive DNS Servers from both DHCPv6 and RDNSS.

In my production Network using 2.4.4 with Stateless DHCP, a Windows ipconfig /all shows:

DNS Servers . . . . . . . . . . . : 2605:e000:fe8c:8f64:a:b:c:2b0b (address of pihole DNS provided by DHCPv6)
                                     10.23.64.15  (address of pihole DNS provided by DHCPv4)
                                     2605:e000:fe8c:8f10:a:b:c::2b01 (address of System DNS provided by RDNSS)

The Windows machine will use the DNS servers in the order as shown as is required by RFC 8106. In my configuration if the pihole server DNS were to go down then the system DNS will still be operational. This is especially useful if the prefix provided by the ISP were to change as the DHCP DNS servers will have to be manually edited, but system DNS is automatically updated to the new prefix.

In the Test of 2.5.0 the last entry is no longer being provided via RDNSS so there is no way to provide the system DNS as the fallback DNS.

I left more feedback at https://redmine.pfsense.org/issues/9302

Actions

Also available in: Atom PDF