Does Mikrotik support static DNS entries for IPv6 ?
I am interested to assign to my internal machines static IPv6 names. Already doing this for IPv4, but I have no ideea how to do that for IPv6.
More, for IPv4 addresses are static, assigned by me (i.e. 192.168.x.y), for IPv6 address are given by my ISP and completely randomly given to clients (SLAAC).
Practical example:
On extern I have domain.ro. Internal, I have:
pc1.domain.ro -> 192.168.x.y
pc2.domain.ro -> 192.168.x.y+1
.....
pcN.domain.ro -> 192.168.x.N-1
So:
1. Are static IPv6 DNS entries supported ?
2. If yes, could you please give me the general ideea do automatically make static DNS entries after DHCPv6 server assign them ?
3. If not possible, where can I make, at least, static non-routable IPv6 entries (i.e. fe80::...... addresses). It would be enough for internal network.
Thank you!
Re: Static IPv6 DNS entries
ROS DHCPv6 server doesn't hand out IPv6 addresses, do you can not assign static leases. So I guess this means your plans can't be done solely using ROS.
If you come up with idependent way of setting computers with static IPv6 addresses (either 3rd party DHCPv6 server or manual setup), then you can configure appropriate DNS records (type AAAA), but from ROS point of view it'll be manual process. Beware that some OSes don't support DHCPv6-assigned addresses, only SLAAC (e.g. android).
If you come up with idependent way of setting computers with static IPv6 addresses (either 3rd party DHCPv6 server or manual setup), then you can configure appropriate DNS records (type AAAA), but from ROS point of view it'll be manual process. Beware that some OSes don't support DHCPv6-assigned addresses, only SLAAC (e.g. android).
Re: Static IPv6 DNS entries
Search for eworm repo in GitHub, among many useful scripts it also contains one to maintain static records with dynamic IPv6 prefix. There’s also a introduction video of how to start using his scripts.
Re: Static IPv6 DNS entries
It is possible to archive the goal. The IP assignments are in IPv6 Neighbors, machines MAC address are known, so I can add static DNS entries for IPv6 address.
What I don't know how to solve is the trigger of IPv6 change. To parse periodically /ipv6/neighbor/print it does not seems as the most efficient solution.
Thank you for your replies!
What I don't know how to solve is the trigger of IPv6 change. To parse periodically /ipv6/neighbor/print it does not seems as the most efficient solution.
Thank you for your replies!
Re: Static IPv6 DNS entries
When thinking about parsing ND info ... keep in mind that every IPv6 device can have multiple IPv6 addresses active and some of them will change over time (that's one of design goals of SLAAC). Also router will only have host in neighbour table if host communicates via router (if it only communicates with other LAN hosts, router will not have its address in neighbour list).
For example: I'm running (3rd party) DHCPv6 server in my LAN which assigns static leases. Router also sends out RAs so SLAAC is enabled as well. Windows machines happily accept those static leases (and respond to connections using those addresses). They also create SLAAC addresses, one seems to be a permanent one (and is formed according to rules for creating link-local address) and there's always at least one random which changes periodically. And the last mentioned seems to be used for outgoing connections ...
For example: I'm running (3rd party) DHCPv6 server in my LAN which assigns static leases. Router also sends out RAs so SLAAC is enabled as well. Windows machines happily accept those static leases (and respond to connections using those addresses). They also create SLAAC addresses, one seems to be a permanent one (and is formed according to rules for creating link-local address) and there's always at least one random which changes periodically. And the last mentioned seems to be used for outgoing connections ...
Re: Static IPv6 DNS entries
I am interested only about addresses in LAN so the filter will be interface=bridge. More addresses per interface is not a issue.
Mikrotik scripting have a very uncommon syntax and rules, so bear with me, is the second script for me:
Question: What is the correct syntax for "if address does not start with fe80" ? Want to skip those as they are local and does not change over time.
Seems that ~ operator works well on where clause or find command, but not on if command.
Thank you for your support!
Mikrotik scripting have a very uncommon syntax and rules, so bear with me, is the second script for me:
Code: Select all
# Global variable to keep the old IPv6 list. Update run only when it changes
:global IPv6;
# Actual IPv6 list
:local tempIPv6 [ /ipv6/neighbor/find where interface="bridge" ];
:if ($tempIPv6 != $IPv6) do={
:set IPv6 $tempIPv6;
/ip/dns/static/remove [find comment~"IPv6"]
:foreach Record in=[ /ipv6/neighbor/find where interface="bridge" ] do={
:local RecordVal [ /ipv6/neighbor/get $Record ];
:local ADDR ( $RecordVal->"address" );
:local MAC ( $RecordVal->"mac-address" );
# I am unable to make this to work
# :if ($ADDR~"^fe80\$") do={} else={
:if ($MAC = "xx:xx:xx:xx:xx:x1") do={ /ip/dns/static/add address=$ADDR name=name1.domain.ro comment="Name1 LAN IPv6";}
:if ($MAC = "xx:xx:xx:xx:xx:x2") do={ /ip/dns/static/add address=$ADDR name=name2.cweb.ro comment="Name2 LAN IPv6";}
:if ($MAC = "xx:xx:xx:xx:xx:x3") do={ /ip/dns/static/add address=$ADDR name=name3.cweb.ro comment="Name3 LAN IPv6";}
# }
}
}Seems that ~ operator works well on where clause or find command, but not on if command.
Thank you for your support!
Re: Static IPv6 DNS entries
You should change your IF statement:
:if ($ADDR~"fe80") do={
and it will find those items containing the link local address, so you can use it in if then else to apply the rest on the else part.
:if ($ADDR~"fe80") do={
and it will find those items containing the link local address, so you can use it in if then else to apply the rest on the else part.
Last edited by accarda on Sun Oct 29, 2023 8:53 am, edited 1 time in total.
Re: Static IPv6 DNS entries
Best is not avoid parsing /ipv6/neighbor/, as recommended by @mkx.
Note that a SLAAC IPv6 address will consist, generally speaking, of 3 parts:
Your script can be something as simple as
Where $"pd-prefix" is provided by RouterOS and <DNS_X> is the desired name of the machine identified by <SUFFIX_N>. <SUFFIX_N> is just parts [2] and [3] that are known upfront.
Note that a SLAAC IPv6 address will consist, generally speaking, of 3 parts:
- Global ID that is given to you by the ISP
- Subnet ID that you can optionally provide
- Interface ID that is derived (in your case) from machine's MAC address
Your script can be something as simple as
Code: Select all
/ip/dns/static remove [find comment="custom DNS"]
/ip/dns/static add name=<DNS_1> type=AAAA address=($"pd-prefix" | <SUFFIX_1>) comment="custom DNS"
/ip/dns/static add name=<DNS_2> type=AAAA address=($"pd-prefix" | <SUFFIX_2>) comment="custom DNS"
...
/ip/dns/static add name=<DNS_N> type=AAAA address=($"pd-prefix" | <SUFFIX_N>) comment="custom DNS"
Re: Static IPv6 DNS entries
@accarda
Thanks. I was under impression that I tested the solution, but... it seems that full regex syntax does not apply here.
Ended up with
Kentzo
I'm afraid that I'm not understand your solution - where the variables come from:
Could you provide a short example, please ?
Also:
I presume SLAAC being stateless still trigger ?
Thanks. I was under impression that I tested the solution, but... it seems that full regex syntax does not apply here.
Ended up with
Code: Select all
:if (!$ADDR~"fe80") do={I'm afraid that I'm not understand your solution - where the variables come from:
The link between MAC address and SUFFIX_N ?Available variables for dhcp-client
pd-valid - value - 1 or 0 - if prefix is acquired and it is applied or not
pd-prefix - value ipv6/num (ipv6 prefix with mask) - the prefix inself
na-valid - value - 1 or 0 - if address is acquired and it is applied or not
na-address - value - ipv6 address - the address
Could you provide a short example, please ?
Also:
Code: Select all
/ipv6 dhcp-server/print
Columns: NAME, INTERFACE, ADDRESS-POOL, PREFERENCE, LEASE-TIME
# NAME INTERFACE ADDRESS-POOL PREFERENCE LEASE-TIME
0 DHCPv6 bridge static-only 255 3d
/ipv6 dhcp-server/binding/print
[costel@MikroTik_850Gx4] >
Re: Static IPv6 DNS entries
Because that operator works differently, depending which data you are passing to it.@accarda
Thanks. I was under impression that I tested the solution, but... it seems that full regex syntax does not apply here.
Ended up withCode: Select all:if (!$ADDR~"fe80") do={
From Mikrotik doc (https://help.mikrotik.com/docs/display/ROS/Scripting) you can find:
Bitwise Operators
Bitwise operators are working on number, IP, and IPv6 address data types.
“~” bit inversion
But also it's listed as this operator:
“~” the binary operator that matches value against POSIX extended regular expression
So if you do !$ADDR~"fe80" it will complain that you can't invert such IPv6 address as defined in $ADDR.
Re: Static IPv6 DNS entries
Put variable inside "" and value will be represented as string and operator will do regex match.So if you do !$ADDR~"fe80" it will complain that you can't invert such IPv6 address as defined in $ADDR.
Code: Select all
:if (!("$ADDR"~"fe80")) do={Re: Static IPv6 DNS entries
You might have a misconception of how SLAAC operates. I recommend reading up the RFC about it. It will clear a lot of questions, specifically how address is formed and the connection to MAC.
[solved] Re: Static IPv6 DNS entries
First, sorry for the delay. I managed (finally) to find time to study a lite bit more scripting language and solved the issue.
I remained at parsing neighbor list, the DNS names and MAC addresses are in a array where hostname is the key and MAC the value, it's easier in case that mainboard is changed or another PC is added.
Thank you everyone for support! Much apreciated.
I remained at parsing neighbor list, the DNS names and MAC addresses are in a array where hostname is the key and MAC the value, it's easier in case that mainboard is changed or another PC is added.
Thank you everyone for support! Much apreciated.