IPv6 ND with DNS cache?

RouterOS Beginner Basics
1

Hi, I have just started dabbling with IPv6 now that my ISP actually provides it. I have it working now, but on thing that sort of bothers me is that in order to specify the router as DNS server over IPv6, I need to hardcode an assigned router IP as the DNS when using ND assigned addresses on my clients. I’m not using a DHCP server for my LAN, relying on RA(?) for address assignment of clients. I guess this is what SLAAC is?

If my prefix were to change, or the IP address assignment of the router changes (basically, I seem to be getting a different /64 everytime I set an IP of a vlan interface), then that DNS is wrong. Is there no way to declare the DNS server dynamically somehow, always pointing to the router? I was reading up on if there were any link-local address that is designated for the gateway, but that doesn’t seem to actually work.

2

I suggest using ULA (fd00::/8 range) on your router and push this to clients via ND(dns config).

https://en.m.wikipedia.org/wiki/Unique_local_address

You would assign a static address (/64) to the router then make are the advertise flag is set on the address. The ND settings need to have your static ULA address as a DNS server and also set the dns configuration option. Use radvddump to see what your router is sending out.

3

You mean, announce this in addition to the public IPv6 addresses? Hence, the router would always be fd00::1/128 or whatever network I select? That sounds reasonable!

4

Yes, but the address range would be whatever subnet range you want inside of fd00::/8. Ideally this would be a /64. If you use vlans, I would break the ipv6 /64 allocations to match your vlans.

Here is a snippet from one of my routers:

/ipv6 address

add address=fd00:5::1 interface=vlan500
add address=fd00:6::1 interface=vlan600
add from-pool=from_comcast_vlan500 interface=vlan500
add from-pool=from_comcast_vlan600 interface=vlan600
/ipv6 dhcp-client
add interface=vlan600 pool-name=from_comcast_vlan600 request=prefix use-peer-dns=no
add interface=vlan500 pool-name=from_comcast_vlan500 request=prefix use-peer-dns=no
/ipv6 nd
set [ find default=yes ] dns=fd00:5::6,fd00:5::250 other-configuration=yes ra-delay=5s ra-interval=30s-1m

Each device will get both a ULA and a Global Unicast address (from comcast PD). The DNS servers I advertise are my local nameservers that are nextdns proxies.

5

Hm, maybe I’m being dense, but why do I need an IP per vlan? I can assign fd08::1/64 to each and everyone of my vlan interfaces, and it sort of magically works. I also don’t announce them, so I don’t spew out fd08 addresses to every client. Is there something wrong with that setup?

6

One address is sufficient as long as it’s reachable by the VLAN. Note that you don’t need other-configuration=yes unless you have a DHCPv6 server.

7

From what I understand in this post, you are using the Mikrotik DNS server. If, by any chance, it is configured with DoH, I assume all the traffic would be encrypted, right?
Could you explain the steps you have taken? Im interested in having my entire network use my Mikrotik DNS server over DoH with IPv6, just like I do with IPv4.