What's new

Solved DNS Server IPv6 (not working) (DHCPv6 returning wrong IPv6)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ZTHawk

Occasional Visitor
Solution: Post #27

I have a AX88U with 388.1 and a server running Adguard (both being a separate machine).
I try to setup that the router so it will provide the IPv6 of the Adguard server.
Right now I get the the Adguard server for DNS IPv4 only. DNS IPv6 is the routers IPv6.
Tested with:
ipconfig /all
Using Adguard server directly does work:
nslookup <test-domain.tld> <Adguard IPv6 local>
Setting the DNS server in IPv6 Settings of my client does also work.

I have also tried "Microsoft Network Monitor 3.4". All "DHCPv6" replies have the router IPv6 instead of the Adguard server IPv6 (see screenshot below).

How can I get the IPv6 of the Adguard Server to be distributed as DNS IPv6?

I tried the Adguard Server IPv6 (eg: 2000:...) and the local network IPv6 (eg: fe80:...) too.

System layout:
> Fritzbox (not bridged) with automatic IPv6 from ISP
-> Asus router​
=> Client​
=> Adguard Server​

My router settings:
DHCP:
asus_dns_ipv6_1.png


IPv6:
asus_dns_ipv6_2.png


System log IPv6
asus_dns_ipv6_3.png


My "ipconfig /all" extract:
asus_dns_ipv6_4.png


DHCPv6 (Microsoft Network Monitor 3.4):
asus_dns_ipv6_5.png
 
Last edited:
you're not running the most recent version of Merlin - is that for a specific systemic reason?
You're set to Passthrough in the IPv6 config - where is DHCPv6 being assigned?
Do you have Native IPv6 from your ISP?
 
You don't run a DNS secondary server for both IPV4 & IPV6 as fallback?
 
reason fpr not running most recent version: No particular, do not change a running system and wait if there are any serious reports.

@Passthrough: Router is behind a cable modem (Fritzbox 6490).

I am not sure if native IPv6 is supported or a tunnel is used. But I have an IPv6 available.

I want to ensure that DNSv4 and DNSv6 are working before adding any fallback solutions.
 
I haven't sorted through the Merlin v388 topics/threads here, so playing it safe with proven firmware may be the right path to take
Is your Fritzbox bridged, so the router does ISP authentication & DHCP? Can it be?
if so, try enabling Native IPv6 if you decide to make that change, and I suspect the config options will auto-populate based on AdGuard settings. If I'm mistaken though, you may have to do some AdGuard config... (do you have to enable DNS in the IPv6 setup of Merlin with AdGuard?)
 
My Fritzbox is not bridged.
I am not sure what you mean with the adguard config and the question with "DNS IPv6 of Merlin".
 
Now I'M confused -
so I went back to re-read your original post.

Your AdGuard server - where is it running? I initially interpreted your post to mean that you're running the AdGuard add-on/script available in amtm.
(would that simplify your setup?)
 
Adguard is running as a standalone application on a dedicated server.
So there are 4 individual devices to be considered (each of them having their own local IPv4 and IPv6):
1) AX88U
2) Adguard server
3) Client
4) Fritzbox (separate IPv4 range)
 
Do you see the IPv6 you expect if you run this on the router?
Code:
grep -F "dhcp-option=lan,option6:23" /etc/dnsmasq.conf
Ideally you could install tcpdump on the router and watch the router advertisements and dhcpv6.
Code:
tcpdump -i br0 -v -n '(icmp6 and ip6[40] == 134) or (udp and port 547)'
 
Do you see the IPv6 you expect if you run this on the router?
Code:
grep -F "dhcp-option=lan,option6:23" /etc/dnsmasq.conf
Yes the output is as expected (currently configured with Adguard local IPv6)
Ideally you could install tcpdump on the router and watch the router advertisements and dhcpv6.
Code:
tcpdump -i br0 -v -n '(icmp6 and ip6[40] == 134) or (udp and port 547)'
I do not know what I shall look for but I have this example:
22:29:48.370472 IP6 (hlim 64, next-header UDP (17) payload length: 72) --Router local IPv6-- > --Client local IPv6-- : [bad udp cksum 0x71fe -> 0x83bb!] dhcp6 reply (xid=c9d4b5 (server-ID hwaddr type 1 --Router MAC-- ) (client-ID hwaddr/time type 1 time 503663267 --Client MAC-- ) (DNS-server --Router IPv6 (not local)-- ) (lifetime 600))
 
I do not know what I shall look for but I have this example:
Let it run longer to try to capture a router advertisement. Put a device in and out of Airplane mode to trigger both RA and DHCPv6. Please be very careful to confirm the MAC is definitely the router‘s MAC. Add the e flag to the command line:
Code:
tcpdump -i br0 -e -v -n '(icmp6 and ip6[40] == 134) or (udp and port 547)'
 
The routers MAC is the same that is displayed on "Network Map" for "LAN MAC address" and when using ifconfig -a and output of br0.

I do not know how RA and DHCPv6 look like in the log. Maybe this?
21:49:06.609554 --Router MAC-- > --Other MAC--, ethertype IPv6 (0x86dd), length 166: (hlim 255, next-header ICMPv6 (58) payload length: 112) --Router local IPv6-- > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 112
hop limit 255, Flags [other stateful], pref medium, router lifetime 1800s, reachable time 0ms, retrans timer 0ms
prefix info option (3), length 32 (4): --Router IPv6 first 4 parts--::/64, Flags [onlink, auto], valid time 7200s, pref. time 3600s
rdnss option (25), length 24 (3): lifetime 1200s, addr: --Router IPv6--
mtu option (5), length 8 (1): 1500
route info option (24), length 8 (1): ::/0, pref=medium, lifetime=1800s
route info option (24), length 16 (2): --Router IPv6 first 4 parts--::/64, pref=medium, lifetime=1800s
source link-address option (1), length 8 (1): --Router MAC--
 
I don't think we'll get much further along if you continue to redact 100% of your IPs and MAC addresses. Redact the middle, but leave the beginning and the end, or some other method to give context to the output.

I'm not familiar with passthrough mode for IPv6, but I don't understand why your rdnss (DNS) advertisement has a lifetime of 1200 seconds while the rest of the RA is 1800s. I don't know what could account for that discrepancy.
 
Here is a new dump.
And a list identifying who is who:
Router
Local IPv6 = fe80::3e7c:0000:0000:ac40​
IPv6 = 2a02:0000:0000:f6e:3e7c:0000:0000:ac40​
MAC = 3c:00:00:00:ac:40 // 3c7c0000ac40​
Tested client
Local IPv6 = fe80::76c5:0000:0000:5bf3​
MAC = d05000002d1f​
09:40:52.708594 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 112) fe80::3e7c:0000:0000:ac40 > ip6-allnodes: [icmp6 sum ok] ICMP6, router advertisement, length 112
hop limit 255, Flags [other stateful], pref medium, router lifetime 1800s, reachable time 0ms, retrans timer 0ms
prefix info option (3), length 32 (4): 2a02:0000:0000:f6e::/64, Flags [onlink, auto], valid time 7200s, pref. time 3600s
rdnss option (25), length 24 (3): lifetime 1200s, addr: 2a02:0000:0000:f6e:3e7c:0000:0000:ac40
mtu option (5), length 8 (1): 1500
route info option (24), length 8 (1): ::/0, pref=medium, lifetime=1800s
route info option (24), length 16 (2): 2a02:0000:0000:f6e::/64, pref=medium, lifetime=1800s
source link-address option (1), length 8 (1): 3c:00:00:00:ac:40
09:43:03.579615 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 112) fe80::3e7c:0000:0000:ac40 > ip6-allnodes: [icmp6 sum ok] ICMP6, router advertisement, length 112
hop limit 255, Flags [other stateful], pref medium, router lifetime 1800s, reachable time 0ms, retrans timer 0ms
prefix info option (3), length 32 (4): 2a02:0000:0000:f6e::/64, Flags [onlink, auto], valid time 7200s, pref. time 3600s
rdnss option (25), length 24 (3): lifetime 1200s, addr: 2a02:0000:0000:f6e:3e7c:0000:0000:ac40
mtu option (5), length 8 (1): 1500
route info option (24), length 8 (1): ::/0, pref=medium, lifetime=1800s
route info option (24), length 16 (2): 2a02:0000:0000:f6e::/64, pref=medium, lifetime=1800s
source link-address option (1), length 8 (1): 3c:00:00:00:ac:40
09:43:10.653019 IP6 (flowlabel 0x33f39, hlim 1, next-header UDP (17) payload length: 66) fe80::76c5:0000:0000:5bf3.546 > ff02::1:2.547: [udp sum ok] dhcp6 inf-req (xid=c8490d (elapsed-time 700) (client-ID hwaddr/time type 1 time 503663267 d05000002d1f) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list lifetime))
09:43:10.653619 IP6 (hlim 64, next-header UDP (17) payload length: 72) fe80::3e7c:0000:0000:ac40.547 > fe80::76c5:0000:0000:5bf3.546: [bad udp cksum 0x71fe -> 0x0f65!] dhcp6 reply (xid=c8490d (server-ID hwaddr type 1 3c7c0000ac40) (client-ID hwaddr/time type 1 time 503663267 d05000002d1f) (DNS-server 2a02:0000:0000:f6e:3e7c:0000:0000:ac40) (lifetime 600))
09:43:10.872449 IP6 (flowlabel 0xf0e96, hlim 1, next-header UDP (17) payload length: 93) fe80::76c5:0000:0000:5bf3.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=591e00 (elapsed-time 0) (client-ID hwaddr/time type 1 time 503663267 d05000002d1f) (IA_NA IAID:80760985 T1:0 T2:0) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
09:43:10.873036 IP6 (hlim 64, next-header UDP (17) payload length: 112) fe80::3e7c:0000:0000:ac40.547 > fe80::76c5:0000:0000:5bf3.546: [bad udp cksum 0x7226 -> 0xd6fb!] dhcp6 advertise (xid=591e00 (server-ID hwaddr type 1 3c7c0000ac40) (client-ID hwaddr/time type 1 time 503663267 d05000002d1f) (DNS-server 2a02:0000:0000:f6e:3e7c:0000:0000:ac40) (reconfigure-accept) (IA_NA IAID:80760985 T1:1796 T2:2874 (IA_ADDR 2a02:0000:0000:f6e::332 pltime:3593 vltime:7193)))
09:43:11.887247 IP6 (flowlabel 0xf0e96, hlim 1, next-header UDP (17) payload length: 135) fe80::76c5:0000:0000:5bf3.546 > ff02::1:2.547: [udp sum ok] dhcp6 request (xid=591e00 (elapsed-time 0) (client-ID hwaddr/time type 1 time 503663267 d05000002d1f) (server-ID hwaddr type 1 3c7c0000ac40) (IA_NA IAID:80760985 T1:1796 T2:2874 (IA_ADDR 2a02:0000:0000:f6e::332 pltime:3593 vltime:7193)) (Client-FQDN) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list Client-FQDN))
09:43:11.887690 IP6 (hlim 64, next-header UDP (17) payload length: 144) fe80::3e7c:0000:0000:ac40.547 > fe80::76c5:0000:0000:5bf3.546: [bad udp cksum 0x7246 -> 0x2a93!] dhcp6 reply (xid=591e00 (server-ID hwaddr type 1 3c7c0000ac40) (client-ID hwaddr/time type 1 time 503663267 d05000002d1f) (DNS-server 2a02:0000:0000:f6e:3e7c:0000:0000:ac40) (reconfigure-accept) (authentication proto: reconfigure, alg: HMAC-MD5, RDM: mono, RD: 63dc c91f 0000 0152 reconfig-key value: f16a08f9 4a6cb75f b695c546 77776650) (IA_NA IAID:80760985 T1:1796 T2:2873 (IA_ADDR 2a02:0000:0000:f6e::332 pltime:3592 vltime:7192)))
09:45:09.070237 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 112) fe80::3e7c:0000:0000:ac40 > ip6-allnodes: [icmp6 sum ok] ICMP6, router advertisement, length 112
hop limit 255, Flags [other stateful], pref medium, router lifetime 1800s, reachable time 0ms, retrans timer 0ms
prefix info option (3), length 32 (4): 2a02:0000:0000:f6e::/64, Flags [onlink, auto], valid time 7200s, pref. time 3600s
rdnss option (25), length 24 (3): lifetime 1200s, addr: 2a02:0000:0000:f6e:3e7c:0000:0000:ac40
mtu option (5), length 8 (1): 1500
route info option (24), length 8 (1): ::/0, pref=medium, lifetime=1800s
route info option (24), length 16 (2): 2a02:0000:0000:f6e::/64, pref=medium, lifetime=1800s
source link-address option (1), length 8 (1): 3c:00:00:00:ac:40
09:45:09.697308 IP6 (flowlabel 0xf1a88, hlim 1, next-header UDP (17) payload length: 108) fe80::76c5:0000:0000:5bf3.546 > ff02::1:2.547: [udp sum ok] dhcp6 confirm (xid=fb98ae (elapsed-time 0) (client-ID hwaddr/time type 1 time 503663267 d05000002d1f) (IA_NA IAID:80760985 T1:0 T2:0 (IA_ADDR 2a02:0000:0000:f6e::332 pltime:0 vltime:0)) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list))
09:45:09.697820 IP6 (hlim 64, next-header UDP (17) payload length: 86) fe80::3e7c:0000:0000:ac40.547 > fe80::76c5:0000:0000:5bf3.546: [bad udp cksum 0x720c -> 0x6c5f!] dhcp6 reply (xid=fb98ae (server-ID hwaddr type 1 3c7c0000ac40) (client-ID hwaddr/time type 1 time 503663267 d05000002d1f) (DNS-server 2a02:0000:0000:f6e:3e7c:0000:0000:ac40) (IA_NA IAID:80760985 T1:0 T2:0 (status-code NotOnLink)))
09:45:09.710943 IP6 (flowlabel 0xd87a0, hlim 1, next-header UDP (17) payload length: 122) fe80::76c5:0000:0000:5bf3.546 > ff02::1:2.547: [udp sum ok] dhcp6 release (xid=f800b7 (elapsed-time 0) (client-ID hwaddr/time type 1 time 503663267 d05000002d1f) (server-ID hwaddr type 1 3c7c0000ac40) (IA_NA IAID:80760985 T1:1796 T2:2873 (IA_ADDR 2a02:0000:0000:f6e::332 pltime:3592 vltime:7192)) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list))
09:45:09.711211 IP6 (hlim 64, next-header UDP (17) payload length: 70) fe80::3e7c:0000:0000:ac40.547 > fe80::76c5:0000:0000:5bf3.546: [bad udp cksum 0x71fc -> 0x59fc!] dhcp6 reply (xid=f800b7 (server-ID hwaddr type 1 3c7c0000ac40) (client-ID hwaddr/time type 1 time 503663267 d05000002d1f) (DNS-server 2a02:0000:0000:f6e:3e7c:0000:0000:ac40) (status-code Success))
09:45:09.763060 IP6 (flowlabel 0xc1bce, hlim 1, next-header UDP (17) payload length: 66) fe80::76c5:0000:0000:5bf3.546 > ff02::1:2.547: [udp sum ok] dhcp6 inf-req (xid=7f1645 (elapsed-time 0) (client-ID hwaddr/time type 1 time 503663267 d05000002d1f) (vendor-class) (option-request vendor-specific-info DNS-server DNS-search-list lifetime))
09:45:09.763354 IP6 (hlim 64, next-header UDP (17) payload length: 72) fe80::3e7c:0000:0000:ac40.547 > fe80::76c5:0000:0000:5bf3.546: [bad udp cksum 0x71fe -> 0x4276!] dhcp6 reply (xid=7f1645 (server-ID hwaddr type 1 3c7c0000ac40) (client-ID hwaddr/time type 1 time 503663267 d05000002d1f) (DNS-server 2a02:0000:0000:f6e:3e7c:0000:0000:ac40) (lifetime 600))
09:45:51.723857 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 112) fe80::3e7c:0000:0000:ac40 > ip6-allnodes: [icmp6 sum ok] ICMP6, router advertisement, length 112
hop limit 255, Flags [other stateful], pref medium, router lifetime 1800s, reachable time 0ms, retrans timer 0ms
prefix info option (3), length 32 (4): 2a02:0000:0000:f6e::/64, Flags [onlink, auto], valid time 7200s, pref. time 3600s
rdnss option (25), length 24 (3): lifetime 1200s, addr: 2a02:0000:0000:f6e:3e7c:0000:0000:ac40
mtu option (5), length 8 (1): 1500
route info option (24), length 8 (1): ::/0, pref=medium, lifetime=1800s
route info option (24), length 16 (2): 2a02:0000:0000:f6e::/64, pref=medium, lifetime=1800s
source link-address option (1), length 8 (1): 3c:00:00:00:ac:40
09:46:07.488015 IP6 (hlim 255, next-header UDP (17) payload length: 76) fe80::6aa4:0000:0000:fd7c.546 > ff02::1:2.547: [udp sum ok] dhcp6 rebind (xid=1275da (client-ID hwaddr type 6 68a40000fd7c) (elapsed-time 65535) (IA_NA IAID:305419896 T1:0 T2:0 (IA_ADDR 2a02:0000:0000:f6e::303 pltime:3108 vltime:6708)))
09:46:07.488874 IP6 (hlim 64, next-header UDP (17) payload length: 104) fe80::3e7c:0000:0000:ac40.547 > fe80::6aa4:0000:0000:fd7c.546: [bad udp cksum 0x9be8 -> 0xc903!] dhcp6 reply (xid=1275da (server-ID hwaddr type 1 3c7c0000ac40) (client-ID hwaddr type 6 68a40000fd7c) (DNS-server 2a02:0000:0000:f6e:3e7c:0000:0000:ac40) (IA_NA IAID:305419896 T1:1792 T2:2868 (IA_ADDR 2a02:0000:0000:f6e::303 pltime:3585 vltime:7185)))
09:46:21.512401 IP6 (hlim 64, next-header UDP (17) payload length: 104) fe80::3e7c:0000:0000:ac40.547 > fe80::6aa4:0000:0000:544f.546: [bad udp cksum 0xf2b9 -> 0xd7e9!] dhcp6 reply (xid=60b2e8 (server-ID hwaddr type 1 3c7c0000ac40) (client-ID hwaddr type 6 68a40000544f) (DNS-server 2a02:0000:0000:f6e:3e7c:0000:0000:ac40) (IA_NA IAID:305419896 T1:1785 T2:2856 (IA_ADDR 2a02:0000:0000:f6e::94d pltime:3571 vltime:7171)))
 
Upgraded to 388.2
Still IPv6 DNS is only advertising the routers IP and not the one defined in "IPv6" and "LAN > DHCP Server".
 
Upgraded to 388.2
Still IPv6 DNS is only advertising the routers IP and not the one defined in "IPv6" and "LAN > DHCP Server".

With my AC86U I have to use to dnsmasq.postconf script with the following line to set the IPv6 address of my PiHole:

Code:
sed -i "s/dhcp-option=lan,option6:23,.*/dhcp-option=lan,option6:23,[IPv6 address here]/" $1
 
My "/etc/dnsmasq.conf" has already this line:
dhcp-option=lan,option6:23,fe80::ea84:0000:0000:fe69
Which is the local IPv6 of my Adguard

So adding this script seems to be useless as it would replace something with the same. Or am I wrong?
 
My "/etc/dnsmasq.conf" has already this line:
dhcp-option=lan,option6:23,fe80::ea84:0000:0000:fe69
Which is the local IPv6 of my Adguard

So adding this script seems to be useless as it would replace something with the same. Or am I wrong?

In my dnsmasq.conf it has the square brackets around the IPv6 address (as per the script), though I admit I don't know if they are definitely required but it is working for me.
 
I added a script to "/jffs/configs/dnsmasq.postconf" with content:
Bash:
#!/bin/sh
#/jffs/configs/dnsmasq.postconf
CONFIG=$1
source /usr/sbin/helper.sh

sed -i "s/dhcp-option=lan,option6:23,.*/dhcp-option=lan,option6:23,[fe80::ea84:0000:0000:fe69]/" $CONFIG
After reboot my "dnsmasq.conf" still has "dhcp-option=lan,option6:23,fe80::ea84:0000:0000:fe69".
If I execute the "sed" command manually then the "dnsmasq.conf" is updated (brackets are added). Am I doing anything wrong?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top