Small IPv6 config question?

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Small IPv6 config question?

TwoSeven

1712 posts

Uber Geek
+1 received by user: 304

Subscriber

#318518 25-Jan-2025 18:22

Hi Foks,

I have a windows domain (Win server 2025 with Domain, DNS and DHCP configured) and have been using IPv4 for some time with IPv6 disabled (at the adaptor level) due to some DNS resolution issues I sometimes get when it is enabled.

I've decided to get around to configure a managed IPv6 DHCP scope and have that created and configured using the FC00: private range.

The issue I am having is I cannot get the scope to be visible on the network. It is active but not visible. I've added a network adaptor to the machine that is running the DHCP server and enabled IPv6, however, it is only getting assigned the fdde: range and a link local address and nothing is showing up in the DHCPv6 address lease.

My first question is how to get the new IPv6 managed DHCP scope to be picked up?

Most of the documentation I have found is related to home users configuring routers rather than windows server. There also seems to be a lack of information around the DHCP settings for IPv6 using the [server] UI.

Which leads to the second question, how to attach the DNS server addresses to the scope. Being it is managed, I am guessing I need to use scope option 23 (recursive name server IP address) and/or 24 (domain search list), but I can't find any documentation (need to find some examples).

Software Engineer
(the practice of real science, engineering and management)
A.I. (Automation rebranded)
Gender Neutral
(a person who believes in equality and who does not believe in/use stereotypes. Examples such as gender, binary, nonbinary, male/female etc.)

...they/their/them...

fe31nz

1294 posts

Uber Geek
+1 received by user: 423

#3335875 26-Jan-2025 00:14

To get a global unicast IPv6 address (so not a link-local one), an Ethernet port needs to receive a Router Advertisement (RA) packet from the next hop IPv6 router. So each subnet needs to have an IPv6 router working on it somewhere. Such a router can be a Windows PC, but you have to set it up with the right options to turn it into an IPv6 router. I have never done that, so I can not tell you the right options. The easy way to do this is to use an actual router, rather than make Windows do it. If your IPv4 router can also do IPv6, use it instead of messing around inside Windows. You should be able to tell the router that the Windows server box is the DHCPv6 server and to use DHCPv6 instead of SLAAC (automatic address assignments), so that it sends the DHCPv6 options in the RA packets.

Unfortunately, Android breaks IPv6 by not supporting DHCPv6 as it is required to do. So if you set up your IPv6 router to do DHCPv6, your Android devices will either not get an IPv6 global unicast address, or they will do SLAAC anyway and create their own address, ignoring the DHCPv6 address you assigned to them. You can install a DHCPv6 client app on Android devices, but only if you root them. So for WiFi connected devices (most Android devices), it is normal to have two different WiFi subnets on different SSIDs, one which does DHCPv6 and one that does SLAAC for your Android devices. Over Ethernet, you run different VLANs for DHCPv6 and SLAAC, and connect them to the different SSIDs.

A warning about enabling IPv6 - when IPv6 is enabled, it is the preferred protocol to be used, and gets tried first, before IPv4 gets tried. However, I think that with the FC00: prefix there is an exception to that rule, and IPv6 over an FC00: address is tried only after IPv4 is tried. But you should see if you can find the documentation for that.

michaelmurfy

meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#3335931 26-Jan-2025 13:19

Also who's your ISP?

Normally, IPv6 should just work and you shouldn't have to go through manual configuration like this.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

TwoSeven

1712 posts

Uber Geek
+1 received by user: 304

Subscriber

#3335950 26-Jan-2025 15:53

Thanks folks.

some observations so far.

In my setup, as I already had a DHCPv4 scope, I disabled IPv6 on that and created a new adaptor (most of my entire network is virtual). For the new adaptor I disabled IPv4 and enabled IPv6 with the option to pick up an address from the DHCP server.

After wondering why it wasn’t working I found one had to give the adaptor on the dhcp server a static IP (I believe this is also the case for DHCPv4). In doing so, there is a setting in the IPv6 properties which allows one to select which NICs (Interfaces) to broadcast on. On doing so, I was able to create an adaptor on another machine and it picked up a new IP.

I found that when creating a reservation, remove the hyphens from the DUID otherwise one gets a validation error when trying to save it.

i’ve still a few more issues to resolve. I think the next step is to work out the IPv6 gateway.

...they/their/them...

michaelmurfy

meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#3335951 26-Jan-2025 16:11

The reason for my previous post is it looks like you’re posting from Spark - of which, don’t have IPv6.

If you want IPv6 outside your network you’ll need to either use a tunnel (which isn’t ideal) or go to an ISP that has IPv6 capability which is almost every other ISP except Spark.

TwoSeven

1712 posts

Uber Geek
+1 received by user: 304

Subscriber

#3336089 26-Jan-2025 19:34

michaelmurfy:

The reason for my previous post is it looks like you’re posting from Spark - of which, don’t have IPv6.

If you want IPv6 outside your network you’ll need to either use a tunnel (which isn’t ideal) or go to an ISP that has IPv6 capability which is almost every other ISP except Spark.

Apologies, forgot to reply.

It is an internal domain (network) I am configuring; my upstream router is a GL-3000 (Beryl AX) which is connected to an upstream router via Wi-Fi. Currently my iDevices are connected to this and pick up DHCP and IP6 from it. At some stage I'll move them downstream of the server.

My understanding if IPv6 is that it only connects IP6 to IP6 when there is a AAAA record containing a valid IP6 address, otherwise it just uses IP4

I'm using an internal address range (FC00: I think) at the moment.

...they/their/them...

fe31nz

1294 posts

Uber Geek
+1 received by user: 423

#3336116 26-Jan-2025 22:26

TwoSeven:

My understanding if IPv6 is that it only connects IP6 to IP6 when there is a AAAA record containing a valid IP6 address, otherwise it just uses IP4

I'm using an internal address range (FC00: I think) at the moment.

There are lots of sites with AAAA records on the Internet, and AAAA records will be fetched over IPv4 connections if the device has an IPv6 address, even if there is no IPv6 route to the Internet. That causes big problems, as an attempt to connect via IPv6 will be tried and will fail, and only if you are lucky will an attempt to connect via IPv4 then be tried (it depends on the software, with browsers usually trying IPv4, but you may not be lucky with other software). So best case you get a long delay before the IPv4 connection is made. However, see my previous post about a possible special case for FC00: prefix IPv6 addresses.

Apple TV

Stream your favourite shows now on Apple TV (affiliate link).

michaelmurfy

meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#3336124 27-Jan-2025 00:51

Yeah if you've got IPv6 then most clients will attempt this first. If your ISP doesn't have IPv6 then don't configure IPv6 on your LAN.

If I do a dig to cloudflare.com using Cloudflare's IPv4 address you'll see I still get a response:

#dig @1.1.1.1 aaaa +short cloudflare.com
2606:4700::6810:84e5
2606:4700::6810:85e5

This will pose as a problem on your network. Fully worth changing to an ISP with IPv6 support if you can because then you can play around with IPv6 properly. Basically every other mainstream ISP supports it.

TwoSeven

1712 posts

Uber Geek
+1 received by user: 304

Subscriber

#3336402 27-Jan-2025 17:06

The win sever 2025 dhcpv6 (and I think dhcpv4) does have a priority field when creating the scope. I’m not sure what this is a priority for as have not tested it or read the documentation.

...they/their/them...

fe31nz

1294 posts

Uber Geek
+1 received by user: 423

#3336481 27-Jan-2025 23:26

TwoSeven:

The win sever 2025 dhcpv6 (and I think dhcpv4) does have a priority field when creating the scope. I’m not sure what this is a priority for as have not tested it or read the documentation.

That priority field is likely to be used for failover between multiple DHCP servers. Priority between IPv6 and IPv4 is not controllable from DHCP, it is buried inside the operating system's TCP/IP stack or done internally in the end software. And it is not supposed to be able to be controlled anyway - it is supposed to obey the rules set out in the RFC documents defining the IPv4 and IPv6 protocols, which specify that IPv6 is preferred when available. So if there is a global unicast IPv6 address available, it is supposed to be used in preference to an IPv4 address. Which means that if you have global unicast IPv6 addresses, you need to have them connected to the Internet (unless your IPv4 is also not connected to the Internet).