DHCPv6 and finding DUID

As you probably know if you are using IPv6 at home, Privacy Extentions are a pain, Apple devices are a pain, “smart” phones are a pain, etc.

The problem is that privacy extentions makes it impossible to set-up as firewall and generally keep an eye on what goes on on your network.

There is a trick though, to finding DUIDs of devices that won’t tell you, so you can set-up DHCPv6 on your network! This article assumes you already have ISC’s DHCPv6 server configured and running. I might cover that in another post some time, although that can just be Googled unlike how to find DUIDs.

Here’s the trick. In your dhcpd6.conf, insert the following at the beginning, to change the log configuration:

log-facility local7;
option dhcp6.macaddr code 193 = string;
option dhcp6.leased-address code 194 = string;
option dhcp6.macaddr = binary-to-ascii(16, 8, “:”, suffix(option dhcp6.client-id, 6));
option dhcp6.leased-address = binary-to-ascii(16,16, “:”, substring(suffix(option dhcp6.ia-na, 24),0,16));
log (info, concat (“Lease for “,config-option dhcp6.leased-address, ” leased to “, config-option dhcp6.macaddr, ” DUID: “,  binary-to-ascii(16, 8, “:”, option dhcp6.client-id)));

The last line, the one beginning with “log”, has this at the end:

binary-to-ascii(16, 8, “:”, option dhcp6.client-id)

which it what puts the DUID in your log file whenever it receives a request. Now all you need to do is check your DHCPv6 log file!

This entry was posted in Linux and tagged , , , , . Bookmark the permalink.

Leave a Reply