<br><br><div class="gmail_quote">On Tue, Jan 22, 2013 at 1:52 PM, Chris Lawrence <span dir="ltr"><<a href="mailto:lordsutch@gmail.com" target="_blank">lordsutch@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On Tue, Jan 22, 2013 at 1:40 AM, Dave Taht <<a href="mailto:dave.taht@gmail.com">dave.taht@gmail.com</a>> wrote:<br>
> I think that's this in /etc/dnsmasq.conf<br>
><br>
> dhcp-range=se00,1234::, ra-stateless, ra-names<br>
> dhcp-range=sw00,1234::, ra-stateless, ra-names<br>
> dhcp-range=sw10,1234::, ra-stateless, ra-names<br>
> dhcp-range=gw00,1234::, ra-stateless, ra-names<br>
> dhcp-range=gw10,1234::, ra-stateless, ra-names<br>
><br>
> It's kind of unclear to me what 1234 could be replaced with.<br>
> "ce30" works for me...<br>
<br>
</div>Using ::1 on each will autoassign the addresses based on the address<br>
of the interface, which seems like a sensible default no matter what<br>
network address you have. Having said that I found that with<br>
ra-stateless enabled, at least one device on my network would send<br>
DHCPv6 requests that crashed dnsmasq. So I have:<br>
<br>
dhcp-range=::1,constructor:se00,ra-names<br>
(etc.)<br></blockquote><div><br>My own objection to ::1 is that provides both an easy mneumonic for people to manage their networks AND an easier vector for attacks from the outside world. <br><br>J.random.badscript only has to ping ::1 on every subnet in your delegation to try and hit all the routers. <br>
<br>That said, I think the humans are going to win on this one, even though the dns integration with ipv6 and dnsmasq is tighter than it's ever been before.<br><br>One thing that does bother me though, from a simplification standpoint, is I wouldn't mind using up some of that extra address space to gain larger ephemeral port ranges for things like dns service and to make it easier to analyze traffic. I remember back in the 90s when we used to have one ip address per web host.... it was a PITA then because of address scarcity.<br>
<br>I have been liking ipv6's integration with virtual machines. No more port forwarding, yea! A raft of unupdated vm machines running boo.<br><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
I think with test11 that can be further simplified to:<br>
<br>
dhcp-range=::1,constructor:*,ra-names<br>
<br>
This uses SLAAC only, which seems sufficient for my network purposes.<br>
I tried adding an end to the range to see if that was the problem with<br>
DHCP, but that doesn't seem to help, at least in test10.<br>
<br></blockquote><div><br>I won't mind providing some examples of syntax, and I can imagine that a guest network might use slaac and an internal network try to use dhcp.<br><br>The new constructor thing is neat. Though I've read the man page secton on it 3 times, and still don't get it all.<br>
<br>And now there's a new authoritative dns support documented in the man page...<br><br>It has long been my hope to be able to publish AAAA records in the public dns, and this will let you do that. Still unclear as to how to just export AAAAs and not As....<br>
<br>Another one of my hopes has been to get one name for a machine with two interfaces somehow, someday.<br><br>Anyway, I'm liking it... <br> <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
The other thing I noticed in 3.7.2-4 is that both dnsmasq and<br>
dnsmasq-dhcpv6 are installed, but the dnsmasq binary is actually the<br>
non-v6 version unless you reinstall the dnsmasq-dhcpv6 package<br>
(according to upstream OpenWRT, only one or the other should be<br>
installed since they conflict).<br></blockquote><div><br>I may have fixed this in 3.7.3-1, so if it isn't fixed now, let me know.<br><br>CONFIG_PACKAGE_dnsmasq=m<br>CONFIG_PACKAGE_dnsmasq-dhcpv6=y<br> <br>I'm hoping to get a 3.7.4-1 out with the last of the unaligned hack fixes out today. <br>
<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Chris<br>
_______________________________________________<br>
Cerowrt-devel mailing list<br>
<a href="mailto:Cerowrt-devel@lists.bufferbloat.net">Cerowrt-devel@lists.bufferbloat.net</a><br>
<a href="https://lists.bufferbloat.net/listinfo/cerowrt-devel" target="_blank">https://lists.bufferbloat.net/listinfo/cerowrt-devel</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>Dave Täht<br><br>Fixing bufferbloat with cerowrt: <a href="http://www.teklibre.com/cerowrt/subscribe.html" target="_blank">http://www.teklibre.com/cerowrt/subscribe.html</a>