Well dnsmasq has --dynamic-host for this use-case. Example:
dynamic-host=cafe.dxld.at,::cafe,lan0
Firewalls tend to support DNS, use it :)
I know for a fact nftables and pfSense allow this, worst case you need a cronjob to periodically reload your ruleset to refresh the DNS data as it's evaluated at ruleset load time (for nftables). Incidentally another TODO project of mine is a daemon to allow running scripts when RA information (such as the prefix) changes, this would come in handy here too.
For anyone interested in making IPv6 bettter come talk to me in #ipv6:ungleich.ch (Matrix).
Sad to say I'm surprised the proprietary vendors are lagging behind here, but there should be no architectural reason you can't deploy a more reasonable firewall.
I know for a fact nftables and pfSense allow this, worst case you need a cronjob to periodically reload your ruleset to refresh the DNS data as it's evaluated at ruleset load time (for nftables). Incidentally another TODO project of mine is a daemon to allow running scripts when RA information (such as the prefix) changes, this would come in handy here too.
For anyone interested in making IPv6 bettter come talk to me in #ipv6:ungleich.ch (Matrix).
--Daniel