unifios-utilities icon indicating copy to clipboard operation
unifios-utilities copied to clipboard
verified publisher icon unifi-utilities

ipv6 with pd from provider on dns container

Open helbgd opened this issue 4 years ago • 4 comments

While using ipv6 with pd from provider my pihole dns container does not get public ipv6 address s

while looking with ip a I noticed that the br${VLAN}.mac subnet has no public ipv6 ip address assigned from the provided ipv6 subnet from the ISP

it only has the configured ipv6 ULA that i manually added, but that is not routed on the internet

How can I ensure that the macvlan interface get's a ipv6 subnet from the provided prefix from my ISP and how can i ensure this is getting updated once the prefix changes ?

helbgd avatar Mar 13 '21 17:03 helbgd

wouldn't it make sense once we rename the br interface let's say from br9 to br9old and thenn rename the macvlan interface from br9.mac to br9 thenn the UDM would think he uses the br9 interface but he uses the macvlan interface instead and thenn would correctly do ipv6 pd there once configured via the web gui ...

helbgd avatar Mar 13 '21 17:03 helbgd

I do not fully get some things done in 10-dns.sh: Maybe anyone can explain following things to me

# add IPv4 route to DNS container
ip route add ${IPV4_IP}/32 dev br${VLAN}.mac

# (optional) add IPv6 route to DNS container
if [ -n "${IPV6_IP}" ]; then
  ip -6 route add ${IPV6_IP}/128 dev br${VLAN}.mac
fi

Why do we add host routes like above to the UDM routing table? I am pretty sure they are not needed.

and why are we doing ip addr add with "noprefixroute" ? whats the intention of this ?

and why is the br set to promisc on and even the macvlan interface ?

helbgd avatar Mar 13 '21 17:03 helbgd

I think to get it more consistent something like following would be able to work.

  • in Unifi Gui Create a new Vlan assign it a IPV4 addr and enable ipv6 pd. in the 10-dns.sh -store the ipv4 addr and the ipv6 addr in a var -delete the ipv4 and ipv6 addr from the br interface (needed for renaming the interface) -rename the interface to something like br$old -create a macvlan interface linked to br$old -assign it the ipv4 and ipv6 ip's from the var -assign it a ipv6 ula address

now we can link all needed podman containers to that macvlan interface with a ipv6 ula and it should get a ipv6 public ip if Unifi changes the ipv6 prefix of the macvlan interface it thinks it changes the one of the correct interface so it should be on track once the public prefix changes.

and the ULA can be used to have a consistent ipv6 IP for the dns resolving trough ipv6 in other subnet's and there is no need to patch the dnsmasq config

helbgd avatar Mar 13 '21 19:03 helbgd

@helbgd can you make an example of this and commit it to the repo?

boostchicken avatar Apr 09 '21 04:04 boostchicken