Hi,
i manged to setup an IPv6 net in my local network. Clients getting the configured prefix and dns ipv6 from the Mikrotik router.
But NO AAAA record is created within the Mikrotik DNS server. Is there a way to create such AAAA entries by a script. Or what is the preferred way to resolve local ipv6 addresses by name?
Regards
Alfred
RouterOS doesn’t yet have DHCPv6 server that can give addresses to clients, so if they get them from router, it’s using SLAAC (autoconfiguration). And it’s one-way mechanism, router just broadcasts what clients can use and they don’t report back, so unlike with DHCP, router doesn’t get any hostname it could use.
It could be interesting if RouterOS added support for DNS updates, for some configured local domain. I didn’t completely think it through yet, but at first sight it looks like good solution. I don’t know about other OSes, but Windows have it enabled by default, so with some sane defaults it could just work for most people. But currently there’s no such thing in RouterOS.
Or perhaps you may not need to worry about it much, at least if you don’t have multiple subnets. There are some local-subnet name resolution protocols, it may be enough. But I can be wrong here, because unfortunately I lost track what exactly is used today, and I suspect there could be some interoperability problems between different OSes.
It would be very useful when Router OS would accept or create DNS entries for SLAAC addresses. OpenWRT is able to do this without any problems.
Yes local discovery can be done by using the “.local” domain. But this is not useful on secured connections like HTTPS . In this case the certificate can not be validated.
So it looks like RouterOS is not usable for IPv6 networks. Seems to be a legacy product. So bye bye Mikrotik.
Do you know how exactly OpenWRT does it? Is it something standard and reliable or some kind of hack?
“Usable” is subjective. It’s true that MikroTik is not exactly leader when it comes to IPv6.
You are right. Usable is subjective. At my point of view; a ipv6 network without a working DNS server is unusable.
I do not know how OpenWRT does it. It works out of the box. Enable IPv6 and everything works as expected.
It’s not argument against MikroTik improving things, but you do seem to have slightly unusual requirements.
When it’s simple local network, local resolution should be enough. It’s not enough when you want trusted certificates for something, because no real CA will issue them for .local TLD. But when you do have real domain, it’s common to have hosts in public DNS, not only as a local override in router’s DNS resolver, which is basically just a hack. Internal hostnames are not necessarily wrong, but correct way is some subdomain with proper delegation and with authoritative DNS server, which RouterOS doesn’t have at all.
I tried to find what exactly OpenWRT does, but no luck, I’d have to install it and see what’s in there to be sure. I found that dnsmasq (but I don’t know if it’s what OpenWRT uses) has this:
ra-names > enables a mode which gives DNS names to dual-stack hosts which do SLAAC for IPv6. Dnsmasq uses the host’s IPv4 lease to derive the name, network segment and MAC address and assumes that the host will also have an IPv6 address calculated using the SLAAC algorithm, on the same network segment. The address is pinged, and if a reply is received, an AAAA record is added to the DNS for this IPv6 address. Note that this is only happens for directly-connected networks, (not one doing DHCP via a relay) and it will not work if a host is using privacy extensions.
It’s not exactly great, but same thing could be doable in RouterOS with script.