okay. so the config's cleaned up, and we now create a sparse example config file.

utils/he_ipv6/example.tunnelbroker.xml

@@ -8,7 +8,8 @@
     https://www.tunnelbroker.net/tunnel_detail.php?tid=584532
   I highly recommend their (free) certification as well if you're brand-new to IPv6:
     https://ipv6.he.net/certification/
-  **It is VERY highly encouraged to only use one tunnel at a time on a machine.**
+  **It is VERY highly encouraged to only use one tunnel at a time on a machine. Completely unpredictable results will
+    incur if this is not heeded.**
   -->
   <creds>
     <!--
@@ -39,10 +40,14 @@
       -->
       <updateKey>xXxXxXxXxXxXxXXX</updateKey>
       <!--
-      Where to assign your allocations. The default allocation prefix is a /64 (prefix="64"), since that's what SLAAC
-      recommends.
-      It has one optional attribute, "raProvider", which can be "dnsmasq" or "radvd". Further system configuration may
-      be required. If not specified, the default is to not send router advertisements.
+      Where to assign your allocations. The default allocation prefix is a /64 (prefix="64"), since that's what
+      SLAAC (RFC 2462) recommends.
+      It has one optional attribute, "raProvider", which can be "dnsmasq" or "radvd". Its configuration file will be
+      regenerated and the service restarted after the addresses are allocated to interfaces. Further system
+      configuration may be required. If not specified, the default is to not send router advertisements (RFC 4861). See
+      the "ra" child element under <assign> for further details.
+      If you are using dnsmasq, you will want to edit dnsmasq.conf to *include* the generated file, most likely, as it
+      only generates configuration for IPv6 options.
       -->
       <assignments raProvider="dnsmasq">
         <!--
@@ -60,24 +65,52 @@
         -->
         <assign prefix="64" alloc="64" iface="eth0">
           <!--
-          Each assignment can have an "ra" child. The default is to not implement RA for this interface if not
-          present.
+          Each assignment CAN have an "ra" child. The default is to not implement RA for this interface if an ra element
+          is not present.
+          It takes one optional attribute, which is only used for raProvider="dnsmasq", "tag", which is the tag name for
+          the interface (this should be set in an earlier included conf/the main dnsmasq.conf).
           -->
-          <ra>
-            <dns>true</dns>
-            <dhcpv6>true</dhcpv6>
+          <ra tag="main">
+            <!--
+            Specify RDNSS (RFC 8106). If specified, this allocation's "router IP" (<PREFIX>::1) will be passed as a
+            resolver via RDNSS.
+            It takes one (optional) attribute, "domains", which is a space-separated list of search domains, referred
+            to in IPv6 as DNSSL (RFC 6106).
+            Note that Windows does not support DNSSL, and as such you must use dhcpv6's "domains" attribute if you wish
+            to do that.
+            If "domains" is specified but the element is false, the configuration will only advertise DNSSL and not
+            RDNSS.
+            -->
+            <dns domains="foo.com bar.com">true</dns>
+            <!--
+            Enable DHCPv6 for this assignment. Only used for dnsmasq, has no effect for radvd. As mentioned above, you
+            can also specify the "domains" attribute here as well, which will pass them via a regular DHCPv6 option.
+            If "domains" is specified but the element is false, only the domains will be passed.
+            Again, this only pertains to dnsmasq since radvd offers no DHCPv6 capabilities whatsoever.
+            -->
+            <dhcpv6 domains="foo.com bar.com">true</dhcpv6>
           </ra>
         </assign>
+        <!-- Disable RA for this set (no "ra" chiled specified). -->
         <assign prefix="64" alloc="48" iface="eth0"/>
         <assign prefix="64" alloc="48" iface="eth1">
-
+          <ra tag="vmlan">
+            <!-- This will use strictly SLAAC (if using dnsmasq, obviously - radvd only does SLAAC). -->
+            <dhcpv6>false</dhcpv6>
+            <!-- And let clients choose their own resolver. -->
+            <dns>false</dns>
+          </ra>
+        </assign>
+        <assign prefix="64" alloc="48" iface="eth2">
+          <ra tag="wlan">
+            <!-- Only pass RDNSS resolvers. -->
+            <dns>true</dns>
+            <dhcpv6>false</dhcpv6>
+          </ra>
         </assign>
-        <assign prefix="64" alloc="48" iface="eth2"/>
       </assignments>
     </tunnel>
-    <!--
-    And you can, of course, specify multiple tunnels.
-    -->
+    <!-- And you can, of course, specify multiple tunnels. -->
     <tunnel id="54321" creds="anotheruser">
       <updateKey>0000000000000000</updateKey>
       <assignments>