Disabling RDNSS on odhcpd

oldsparky · January 22, 2023, 1:26pm

I'm having an issue with wrong propagated local IPv6 DNS servers using odhcpd SLAAC mode only. DHCPv6 is disabled, the only service I need is SLAAC to assign IPv6 only (IPv4 is managed separately by other hosts). That's because I don't want to config an IPv6 DNS for now.

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/none/'
        option domain 'none'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '0'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option nonwildcard '1'
        option localservice '1'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'disabled'
        option dhcpv6 'disabled'
        option ra 'server'
        option dns_service '0'
        option ra_dns '0'
        list ra_flags 'other-config'
        option ra_maxinterval '600'
        option ra_mininterval '3'
        option ra_lifetime '600'

config dhcp 'wan6'
        option interface 'wan6'
        list ra_flags 'none'

config odhcpd 'odhcpd'
        option maindhcp '1'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '6'

It seems to work well based on what I see using tcpdump...

# tcpdump -vvvv -ttt -i br-lan icmp6 and 'ip6[40] = 134'
tcpdump: listening on br-lan, link-type EN10MB (Ethernet), capture size 262144 bytes
 00:00:00.000000 IP6 (flowlabel 0x67bd0, hlim 255, next-header ICMPv6 (58) payload length: 72) fe80::52c7:bfff:fefe:b97a > ip6-allnodes: [icmp6 sum ok] ICMP6, router advertisement, length 72 
        hop limit 64, Flags [other stateful], pref medium, router lifetime 600s, reachable time 0ms, retrans timer 0ms
          source link-address option (1), length 8 (1): 50:c7:bf:fe:b9:7a
            0x0000:  50c7 bffe b97a
          mtu option (5), length 8 (1):  1492
            0x0000:  0000 0000 05d4
          prefix info option (3), length 32 (4): 2001:xxxx:xxxx:xxxx::/64, Flags [onlink, auto], valid time 239s, pref. time 119s
            0x0000:  40c0 0000 00ef 0000 0067 0000 0000 2001
            0x0010:  xxxx xxxx xxxx 0000 0000 0000 0000
          advertisement interval option (7), length 8 (1):  79000ms
            0x0000:  0000 0001 3498
 00:00:16.003853 IP6 (flowlabel 0x67bd0, hlim 255, next-header ICMPv6 (58) payload length: 72) fe80::52c7:bfff:fefe:b97a > ip6-allnodes: [icmp6 sum ok] ICMP6, router advertisement, length 72 
        hop limit 64, Flags [other stateful], pref medium, router lifetime 600s, reachable time 0ms, retrans timer 0ms
          source link-address option (1), length 8 (1): 50:c7:bf:fe:b9:7a
            0x0000:  50c7 bffe b97a
          mtu option (5), length 8 (1):  1492
            0x0000:  0000 0000 05d4
          prefix info option (3), length 32 (4): 2001:xxxx:xxxx:xxxx::/64, Flags [onlink, auto], valid time 223s, pref. time 103s
            0x0000:  40c0 0000 00df 0000 0067 0000 0000 2001
            0x0010:  xxxx xxxx xxxx 0000 0000 0000 0000
          advertisement interval option (7), length 8 (1):  74000ms
            0x0000:  0000 0001 2110

...but sometime a packet that contain RDNSS information was captured every 1800s:

00:00:15.508584 IP6 (flowlabel 0x3a07a, hlim 255, next-header ICMPv6 (58) payload length: 64) fe80::126f:3fff:fe02:bc0e > ip6-allnodes: [icmp6 sum ok] ICMP6, router advertisement, length 64
        hop limit 64, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0ms, retrans timer 0ms
          source link-address option (1), length 8 (1): 10:6f:3f:02:bc:0e
            0x0000:  106f 3f02 bc0e
          mtu option (5), length 8 (1):  1500
            0x0000:  0000 0000 05dc
          rdnss option (25), length 24 (3):  lifetime 1800s, addr: fe80::126f:3fff:fe02:bc0e
            0x0000:  0000 0000 0708 fe80 0000 0000 0000 126f
            0x0010:  3fff fe02 bc0e
          advertisement interval option (7), length 8 (1):  600ms
            0x0000:  0000 0000 0258

fe80::126f:3fff:fe02:bc0e is the router IPv6 and dnsmasq or other dns services are not installed on it.

Obviously if I stop odhcpd, no other packets was captured. Any idea how to stop it?

trendy · January 22, 2023, 1:51pm

Delete this.
Why are there 2 different link local addresses advertising the RA and the RDNSS?

_bernd · January 22, 2023, 2:38pm

I have no proposal to solve your issue but like to point out that radvdump is a nice tool to verify or troubleshooting RA.

oldsparky · January 22, 2023, 2:48pm

Omg your are right! That ::bc0e is actually an old router not more managed from years but still active in the same network! I took it for granted that that address was another interface of the same "official" router..

Thank you!

oldsparky · January 22, 2023, 2:50pm

Nice tool, thanks for the advice.

system · February 1, 2023, 2:51pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.