IPv6 configuration with RDNSS (RFC 6106)
Freshman Member
Hello,
We are MSP which deployed IPv6 internally on one of client's existing Zyxel firewall. The device in question is an USG Flex 200 running firmware 5.40 (latest). Coming from Fortinet / FortiOS we find the IPv6 configuration on Zyxel convoluted as there is no official knowledge base (aside from random official blog posts linking to PDFs)
We have got he following configuration enabled :
- One /64 assigned to the WAN interface, the Zyxel obtains a SLAAC adresse from that prefixe
- One /56 routed on the the WAN's /64, of which two /64 are assigned on LAN1 and LAN2 interfaces
- DHCP-PD is enabled to assign AAAA:BBBB:CCCC:DDD1::/64 and
- AAAA:BBBB:CCCC:DDD2::/64 to the LANs
SLAAC is enabled on both LANs and Windows machines get IPv6 connectivity. However this requires using stateless DHCPv6 which is not supported on Android-based devices, meaning that our devices do get an address but no DNS servers
Where can we configure IPv6 RDNSS (RFC 6106) in order to transmit DNS servers through Router Advertisements ? I cannot find this anywhere on any public documentation nor any CLI reference
Thank you
All Replies
-
Hi @DCLTechnique,
Welcome to Zyxel Community!
Unfortunately, USG FLEX firewalls, including the USG Flex 200 running firmware 5.40, do not support IPv6 RDNSS options (RFC 6106) for Router Advertisements. This functionality is not available in the current firmware or via CLI. As a result, devices such as Android clients that rely on RA-based DNS distribution cannot obtain DNS information automatically in the current implementation.
We fully understand this requirement, as RDNSS is essential for IPv6 environments using SLAAC without DHCPv6. Therefore, this will be noted as a feature request. Thank you for your understanding.
Zyxel Tina
0 -
Hello Tina,
Thanks for the response. I managed to find this similar topic from 2021 also tagged as feature request
https://community.zyxel.com/en/discussion/10068/google-android-isnt-supporting-dhcpv6-and-usg-is-missing-rdnssIt's been 4 years since and still no progress besides
Given that full IPv6 support in general for Zyxel does not seem to be priority, we will be switching to more serious brands
Regard
0
Zyxel Employee
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 202 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.3K Security
- 515 USG FLEX H Series
- 328 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.3K Wireless
- 49 Wireless Ideas
- 6.9K Consumer Product
- 288 Service & License
- 458 News and Release
- 90 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 85 About Community
- 97 Security Highlight
