We all know that IPv6 handles host network parameter initialization a bit different than IPv4 (where we usually use DHCP), but the details could still confuse you if you’re just entering the IPv6 world.
LAN-attached hosts first: a typical host needs its own address as well as the addresses of the default router and DNS server. DHCPv4 provides all three; in the IPv6 world you need two or three protocols as summarized in the following table
|DNS search list||Yes||Yes||Yes4|
- SLAAC (RFC 2462) uses RA to get IPv6 prefix information for the local subnet.
- Router Advertisements (RA) are part of ICMPv6 (RFC 4443).
- While it might be desirable to retain control over IPv6 address allocation with IPv6, it’s better to use SLAAC with privacy extensions (RFC 4941), otherwise the web servers throughout the Internet can track your end-users based on their IPv6 addresses.
- IPv6 RA options for DNS configuration (RFC 6106) is rarely implemented in desktop operating systems.
In my opinion it makes most sense to:
- Deploy DHCPv6 servers on the routers without associated IPv6 address pools. DHCPv6 should be used just to pass the DNS information to the hosts;
- Enable RA on all LAN interfaces. If your LAN switches support RA guard, you should enable it to prevent RA spoofing and MITM attacks. RA is enabled by default on most LAN interfaces (but check BVI, SVI and wireless interfaces).
- Use SLAAC with privacy extensions. RA is enabled, so SLAAC works; use of privacy extensions has to be configured on the host.
- Use DNS server that supports dynamic host registration. Dynamically-assigned (and frequently changing) IPv6 addresses can turn your troubleshooting efforts into a nightmare. If the IPv6 hosts register their addresses with your DNS server, you’ll have at least a fighting change.