Hello,
I am looking for the best strategy to deploy a HE IPv6 tunnel. I am using a /48 to get IPv6 on all devices through relay mode for RA/NDP/DHCP.
Each machine in the network has an IPv4 and a public IPv6 (from the tunnel).
Is this a good idea?
Should I use private IPv6 addressing as well?
Is it possible to use an automatic local DNS while the DHCP IP comes from the relay?
(for now, I need to create dns entry manually for ipv6)
Regards,
Whoo
You have a proper prefix, no need for relay. or are you speaking of a DHCP relay?
I find https://blog.apnic.net/2022/05/16/ula-is-broken-in-dual-stack-networks/ quiet informative. Tldr if you have a static IPv6 prefix there is normally no need for ULA.
Did you see the OpenWrt config sample/instructions on the Tunnelbroker page?
After which, here's a sample LAN config:
config interface 'lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '64'
option device 'br-lan'
list ip6class 'henet'
You actually set this individually on each IPv6 host - and it's a good idea for non-server hosts. It's possible to enable on the router; but provides some security (it's still known as it's the router in the hops in transit); and would prevent easily providing static IPs for IPv6 services on the device. It will change on each reboot. I guess that's pretty secure. 
You would do that by adding: option ip6ifaceid 'random' to the LAN config for example and setting a net.ipv6.conf.default.stable_secret in sysctrl. See: Cascading routers, dhcpv6 and unwanted EUI64 w/SLAAC on wan6 - #39 by Frood42
Yes, your router can be handed-out as the DNS, while it does lookups on the upstream DNS that it received.
That shouldn't be needed by default.
Thank you for the information.
I have tried several configurations, and it works when I start:
I have now got three IPv6:
Tks for hints