Community discussions

MikroTik App
 
jhaiduce
just joined
Topic Author
Posts: 4
Joined: Sat Aug 13, 2022 2:11 pm

How to set up DNS resolving for ipv6?

Sat Aug 13, 2022 9:21 pm

I have an ipv6 prefix from my ISP, and now I want to set up DNS for the ipv6 clients on my network. From what I understand, the ROS DHCPv6 server does not support address assignment, and even if it did I would need to update my static AAAA records any time my ISP changes my assigned prefix. Does ROS provide some way to create AAAA records and keep them synchronized with any changes to the ISP-assigned prefix and the clients' self-assigned IP addresses?
 
jhaiduce
just joined
Topic Author
Posts: 4
Joined: Sat Aug 13, 2022 2:11 pm

Re: How to set up DNS resolving for ipv6?

Fri Aug 19, 2022 10:04 pm

Is this the right forum for this question? Or would another one (perhaps General) be more appropriate?
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: How to set up DNS resolving for ipv6?

Sat Aug 20, 2022 11:26 am

On my hAP ac2 running 6.49.6 it works fine when I add IPv6 addresses to list of DNS server addresses in /ip dns. RAs, sent out by router, then include IPv6 addresses of DNS servers configured there. I'm not using DHCPv6 server, only SLAAC.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: How to set up DNS resolving for ipv6?

Sat Aug 20, 2022 7:07 pm

I understand it as hostnames pointing to connected devices in LAN. RouterOS doesn't have anything for that. You can add static AAAA records, but you'd need to find some way how to update them. It would be possible to update records from DHCPv6 client's lease script, if your devices use static right half of address. It was originally like that, IPv6 address was derived from MAC address, but I think it's not guaranteed anymore.

And even if you do solve that, the whole thing is problematic, it won't work well, unless all devices use only your router as DNS resolver, because it's the only one that knows these names. But it isn't always the case, something can have hardcoded external resolver (you can hijack connections to that), or even worse, encrypted DoH resolver (you can't do much with that).

It may be easier to just give up and if all your devices support it, use mDNS with <hostname>.local, that's completely independent. Unfortunately, it's currently also problematic if you have more local subnets, because it won't pass between them.

Another way would be some external DDNS for all devices, but that's not ideal either.
 
jhaiduce
just joined
Topic Author
Posts: 4
Joined: Sat Aug 13, 2022 2:11 pm

Re: How to set up DNS resolving for ipv6?

Wed Aug 24, 2022 12:05 pm

On my hAP ac2 running 6.49.6 it works fine when I add IPv6 addresses to list of DNS server addresses in /ip dns. RAs, sent out by router, then include IPv6 addresses of DNS servers configured there. I'm not using DHCPv6 server, only SLAAC.
Thanks, good to know that the DNS server supports manually configured AAAA records as one would hope.

But, many devices change their IPv6 addresses periodically when using SLAAC. How do you keep the DNS entries up to date with the actual addresses assigned to each machine?
 
jhaiduce
just joined
Topic Author
Posts: 4
Joined: Sat Aug 13, 2022 2:11 pm

Re: How to set up DNS resolving for ipv6?

Wed Aug 24, 2022 12:16 pm

RouterOS doesn't have anything for that. You can add static AAAA records, but you'd need to find some way how to update them.
Thanks for that context. Pity RouterOS doesn't provide a way to update AAAA records.
It was originally like that, IPv6 address was derived from MAC address, but I think it's not guaranteed anymore.
That's true; in fact, no clients on my network use a MAC-derived IPv6 address currently.
And even if you do solve that, the whole thing is problematic, it won't work well, unless all devices use only your router as DNS resolver, because it's the only one that knows these names. But it isn't always the case, something can have hardcoded external resolver (you can hijack connections to that), or even worse, encrypted DoH resolver (you can't do much with that).
I'm fine with relying on the local DNS resolver here; most clients on my network will get it via DHCP and the ones that don't are probably only connecting out to the Internet anyway.
It may be easier to just give up and if all your devices support it, use mDNS with <hostname>.local, that's completely independent.
Ah, I do have mDNS working for at least some of my devices. It's at least a partial solution.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: How to set up DNS resolving for ipv6?

Wed Aug 24, 2022 11:41 pm

I don't think RouterOS can do much here. Certainly not with SLAAC, there's no usable feedback from client. It could be better with DHCPv6, if MikroTik added support for providing addresses. I'm sure it will happen, I just don't know when. ;) But I'm not sure if there's even hostname in DHCPv6 request. I know there's an option for it, and I thought it was used. But quick test with Wireshark and Windows 10 as client doesn't show it.

If you have some configurable and always-on device (e.g. something with Linux) other than router, you could run a local authoritative DNS server on it, with either real (sub)domain (if you have some) or fake one, give it to clients and let them do standard DNS updates. I never really used it much, but it should work.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11381
Joined: Thu Mar 03, 2016 10:23 pm

Re: How to set up DNS resolving for ipv6?

Thu Aug 25, 2022 4:02 pm

My 5 cents: every device using SLAAC (even android and iOS) will have deterministic IPv6 address, created from prefix and using MAC address, but it will never (or hardly ever) use it for outgoing connections. It will answer to incoming connections targeting its deterministic address though. And then it'll use temporary IPv6 addresses (using same prefix but random suffix). The complication here is that many wireless devices use random MAC addresses and there determinism dies. I wouldn't use any of such devices to provide any kind of services to LAN though.

As to DNS addresses etc.: depends on the agreement with ISP. My (main) home ISP is giving out IPv6 prefixes via DHCPv6 over PPPoE. I have agreement that I have static prefix, but technically I'm still receiving it via DHCPv6 prefix delegation, so technically I should be using it as if it was dynamic. But I'm not, I'm configuring my main subnet statically, which includes static IPv6 address on router's LAN interface, static addresses on few home linux servers, static configuration on DHCPv6 server (running on one of linux servers, so yes, proper DHCPv6 address assignment), etc.
I know that theoretically one day I could receive different IPv6 prefix and everything would fail, but my feeling is that chances this to happen are very low and I'm willing to gamble :wink:
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: How to set up DNS resolving for ipv6?

Thu Aug 25, 2022 9:33 pm

Unfortunately, some ISPs do change prefixes "for fun", so some reliable DNS updating mechanism is needed. On top of that, any local DNS overrides (e.g. static DNS entries in RouterOS) are dead end in long term. If your needs are for local-only use, the solution is probably mDNS, but it's not completely there (= supported by everything) yet either.

Who is online

Users browsing this forum: NimbuS, SMARTNETTT and 38 guests