Trouble with IPv6 custom DNS, or with DHCPv6 Server disabled

[wraithdu]

I have a pretty basic home setup, with a Pi2 running my DHCP server and Unbound for DNS. I have Comcast and I'd like to setup the router to do one of two options :

Option 1) Provide DHCPv6 and specify my internal DNS server
Option 2) Provide only RA for default gateway and allow my internal DHCPv6 server to hand out IP address and DNS

Unfortunately I have problems with both configurations.

1) Even though I specify my internal DNS with 'Connect to DNS Server automatically' disabled, my clients are configuring the router as the DNS server
2) If I disable the DHCPv6 server then my clients don't get IP addresses or a default gateway.

Is it possible to do what I want? Is it legal to let the router do RA and run a DHCPv6 server on a separate machine?

If Option 1 was working this would be easy and I wouldn't need the extra DHCPv6 server, but I have internal host names and need my DNS server.

PS
If I let the router do both DHCP and DNS, can I setup static IPs and custom host names for both IPv4 and IPv6?

 

[Taralas]

I'm in the same boat, except I am on TWC, and the router seems to lose my IPv6 assignment if any elements of the IPv6 page are changed. What makes this even more difficult to troubleshoot, is that TWC changes my IPv6 address every time the router reboots...

So, getting a working IPv6 with internal DNS has been an absolute nightmare with this setup.

Any assistance would be appreciated.

 

[Taralas]

So, I'm pretty much convinced that the IPv6 support when trying to integrate a DNS server that isn't the router is... less than functional. Right now, I can reproduce a bug to force the device to lose its IPv6 network by updating the IPv6 DNS setting in the appropriate page. Honestly, I am not convinced that any of the current consumer vendors have a solution that works at this time...

I would love to be proven wrong. Does ANYONE have this working in an environment with DNS and DHCP not running on the router?

 

[wraithdu]

So I did figure this out, though it takes a few non-intuitive settings to get it to work. One thing first, yes the IPv6 settings are lost after changing something like the IPv6 DNS until a reboot of the router. I don't know why it happens but it is consistent. Not a problem really, after setting it all up I haven't had to change anything further for IPv6 and it has been stable.

Also, I have switched back to the router DHCP server, but I think it will work even if you turn it off.

Here's what to make sure is set:

1) WAN > Connect to DNS Server Automatically -> No
2) WAN > DNS Server1 -> Your local DNS server IPv4
3) LAN > DHCP Server > RT-AC56U's Domain Name -> Your domain
4) LAN > DHCP Server > DNS Server1 / DNS Server2 -> blank
5) LAN > DHCP Server > Advertise router's IP in addition to user-specified DNS -> No
6) LAN > DHCP Server > Forward local domain queries to upstream DNS -> Yes

Setup IPv6 correctly for your ISP. I have Comcast so it is Native and Stateless, and RA and DHCPv6 are Enabled.

7) IPv6 > Connect to DNS Server automatically -> Disable
8) IPv6> IPv6 DNS Server 1 -> Link local IPv6 address of your local DNS server

After all that reboot, and you should have your IPv6 assignment. My clients get DHCP v4 and v6 from the router, DNS is forwarded by the router to my local DNS server so I get my local host names resolved properly, and everything but ipv6-test.com 'Hostname' test passes (I get 19/20, I do not have an IPv6 reverse DNS record) which is correct since I run my own DNS.

Make sure your local DNS server has an IPv6 address, accepts queries on it, and can use it as an outgoing interface. I use Unbound and it works fine.

I haven't tried all this with my old local DHCP server. I don't know if turning off the router DHCP server disables DNS lookups and forwarding. But in the end, the router DHCP works fine for what I need. The DNS server is what I really wanted working.

Good luck!

 

[Taralas]

Thank you for the report. Once I have a few spare moments, I will give it a try and report back.

 

[Taralas]

Well, my results are mixed. For machines that are part of the active directory domain, they are receiving the correct information via DHCP (specifically, the link local address for the DNS server).

For other machines, they are receiving a DNS server for IPv6 of the discovered prefix, and then ::1 (which should be the router, if I am interpreting this correctly)

So, this seems more than a bit confusing. I would expect the the DHCPv6 process to hand out the link local address of the indicated DNSv6 server to all clients.

 

[wraithdu]

Your active directory machines are actually the outliers. They are receiving their DHCPv6 info from somewhere else, not the router. The router will actually hand out its real IPv6 address to LAN clients. Internally, it forwards to your specified DNS server, using its link local address you defined. This works the same as IPv4, except the router hands out its local IPv4 address in that case.

I personally think the router DHCPv6 server should hand out its link local address for DNS. That's an issue to take up with Merlin though.

 

[Taralas]

That is what is making this so difficult. I don't understand why the device is not simply handing out the address listed in the config (in this case, the link local for the device). Maybe it has something to do with dnsmasq trying to serve as the proxy; in this case, I would LOVE to turn that off.

 

[wraithdu]

Correct, the router uses dnsmasq as a proxy to your defined DNS servers, and clients get the router address for DNS. I do not think you can turn this off. You would have to use the custom config files and scripts to modify the dnsmasq configuration dynamically. I don't think you can turn dnsmasq off entirely, as it also handles DHCP and DHCPv6.

 

[wraithdu]

The solution is to use the postconf custom config file to modify the generated dnsmasq.conf so that dnsmasq hands out your desired DNS servers. See here for usage:

https://github.com/RMerl/asuswrt-merlin/wiki/Custom-config-files

First you need to enable the custom config files:
Administration > System > Enable JFFS custom scripts and configs -> Yes

Then create /jffs/scripts/dnsmasq.postconf . Make sure to chmod +x the script, and add content like the following:

#!/bin/sh
sed -i "s/dhcp-option=lan,option6:23,.*/dhcp-option=lan,option6:23,[<fe80... DNS IPv6 address>]/" $1
echo "dhcp-option=lan,6,<DNS IPv4 address>" >> $1

Reboot the router and you should be good to go. You can check the final modified config at /etc/dnsmasq.conf .

 

[Taralas]

Thank you. That worked perfectly.

 

[Manny]

Thank You for this info. I will work on this weekend after I do a factory reset of my RT-AC88U

 

[blueshark]

The solution is to use the postconf custom config file to modify the generated dnsmasq.conf so that dnsmasq hands out your desired DNS servers. See here for usage:

https://github.com/RMerl/asuswrt-merlin/wiki/Custom-config-files

First you need to enable the custom config files:
Administration > System > Enable JFFS custom scripts and configs -> Yes

Then create /jffs/scripts/dnsmasq.postconf . Make sure to chmod +x the script, and add content like the following:

#!/bin/sh
sed -i "s/dhcp-option=lan,option6:23,.*/dhcp-option=lan,option6:23,[<fe80... DNS IPv6 address>]/" $1
echo "dhcp-option=lan,6,<DNS IPv4 address>" >> $1

Reboot the router and you should be good to go. You can check the final modified config at /etc/dnsmasq.conf .

It work like a charme.
Thanks

 

[ender84]

I want to thank wraithdu for figuring this out!!!
I will sumurize his posts and my config in hopes that it helps any other people wanting to use a PiHole with ipv6 and have it actually work.

My Setup:
ISP: AT&T U-Verse (DSL 24) (IPv6 Native & Stateless)
Gateway/Modem Box (AT&T's): Arris/Pace 5268AC (firmware: 10.7.0.530220-att)
Router Box: ASUS RT-AC68R (firmware: Merlin 384.5)
DNS Box: Raspberry Pi B+ (Pi-hole Version v3.3.1)

You will need to reconfigure the PiHole if you just now enableing IPv6 on your router as it would not have an address to enter on #9 below.

Router Settings:

1. WAN > Connect to DNS Server Automatically -> No
2. WAN > DNS Server1 -> Your local DNS server IPv4 (pihole)
3. LAN > DHCP Server > RT-AC56U's Domain Name -> Your domain ('home' or whatever you want)
4. LAN > DHCP Server > DNS Server1 / DNS Server2 -> blank
5. LAN > DHCP Server > Advertise router's IP in addition to user-specified DNS -> No
6. LAN > DHCP Server > Forward local domain queries to upstream DNS -> Yes
7. Setup IPv6 correctly for your ISP. I have AT&T so it is Native and Stateless, and Enable Router Advertisement and DHCD-PD are Enabled.
8. IPv6 > Connect to DNS Server automatically -> Disable
9. IPv6> IPv6 DNS Server 1 -> Link local IPv6 address of your local DNS server (PiHole)*

To finish up and make it work completely, you need to use wraithdu's postconf custom config file to modify the generated dnsmasq.conf so that dnsmasq hands out your desired DNS servers. See here for usage:

https://github.com/RMerl/asuswrt-merlin/wiki/Custom-config-files

First you need to enable the custom config files on the router:

• Administration > System > Enable JFFS custom scripts and configs -> Yes

Then create /jffs/scripts/dnsmasq.postconf . Make sure to chmod +x the script.

1. #: touch /jffs/scripts/dnsmasq.postconf
2. Use your favorite text editor to add the code below in to /jffs/scripts/dnsmasq.postconf. Be sure to enter the proper IPv6 and IPv4 addresses in the code! Leave the brackets [] around the IPv6 address!!
3. #: chmod +x /jiffs/scripts/dnsmasq.postconf
4. #: reboot

Code:
#!/bin/sh
sed -i "s/dhcp-option=lan,option6:23,.*/dhcp-option=lan,option6:23,[<fe80... DNS IPv6 address>]/" $1
echo "dhcp-option=lan,6,<DNS IPv4 address>" >> $1

Reboot the router and you should be good to go. You can check the final modified config at /etc/dnsmasq.conf .


*If you have already configured your PiHole and did not enable IPv6, do the following:

1. Reboot your PiHole and check if you now have an IPv6 address.
2. Add a valid DNS server to /etc/resolv.conf like: nameserver 8.8.8.8 (This is just temporary, it will be wiped upon reboot).
3. Reconfigure PiHole (#: sudo pihole -r) and make sure to enable IPv6.
4. Reboot PiHole again.

 

[Speedliner]

I want to thank wraithdu for figuring this out!!!
I will sumurize his posts and my config in hopes that it helps any other people wanting to use a PiHole with ipv6 and have it actually work.

My Setup:
ISP: AT&T U-Verse (DSL 24) (IPv6 Native & Stateless)
Gateway/Modem Box (AT&T's): Arris/Pace 5268AC (firmware: 10.7.0.530220-att)
Router Box: ASUS RT-AC68R (firmware: Merlin 384.5)
DNS Box: Raspberry Pi B+ (Pi-hole Version v3.3.1)

You will need to reconfigure the PiHole if you just now enableing IPv6 on your router as it would not have an address to enter on #9 below.

Router Settings:

1. WAN > Connect to DNS Server Automatically -> No
2. WAN > DNS Server1 -> Your local DNS server IPv4 (pihole)
3. LAN > DHCP Server > RT-AC56U's Domain Name -> Your domain ('home' or whatever you want)
4. LAN > DHCP Server > DNS Server1 / DNS Server2 -> blank
5. LAN > DHCP Server > Advertise router's IP in addition to user-specified DNS -> No
6. LAN > DHCP Server > Forward local domain queries to upstream DNS -> Yes
7. Setup IPv6 correctly for your ISP. I have AT&T so it is Native and Stateless, and Enable Router Advertisement and DHCD-PD are Enabled.
8. IPv6 > Connect to DNS Server automatically -> Disable
9. IPv6> IPv6 DNS Server 1 -> Link local IPv6 address of your local DNS server (PiHole)*

To finish up and make it work completely, you need to use wraithdu's postconf custom config file to modify the generated dnsmasq.conf so that dnsmasq hands out your desired DNS servers. See here for usage:

https://github.com/RMerl/asuswrt-merlin/wiki/Custom-config-files

First you need to enable the custom config files on the router:

• Administration > System > Enable JFFS custom scripts and configs -> Yes

Then create /jffs/scripts/dnsmasq.postconf . Make sure to chmod +x the script.

1. #: touch /jffs/scripts/dnsmasq.postconf
2. Use your favorite text editor to add the code below in to /jffs/scripts/dnsmasq.postconf. Be sure to enter the proper IPv6 and IPv4 addresses in the code! Leave the brackets [] around the IPv6 address!!
3. #: chmod +x /jiffs/scripts/dnsmasq.postconf
4. #: reboot

Code:
#!/bin/sh
sed -i "s/dhcp-option=lan,option6:23,.*/dhcp-option=lan,option6:23,[<fe80... DNS IPv6 address>]/" $1
echo "dhcp-option=lan,6,<DNS IPv4 address>" >> $1

Reboot the router and you should be good to go. You can check the final modified config at /etc/dnsmasq.conf .


*If you have already configured your PiHole and did not enable IPv6, do the following:

1. Reboot your PiHole and check if you now have an IPv6 address.
2. Add a valid DNS server to /etc/resolv.conf like: nameserver 8.8.8.8 (This is just temporary, it will be wiped upon reboot).
3. Reconfigure PiHole (#: sudo pihole -r) and make sure to enable IPv6.
4. Reboot PiHole again.

Thanks for summarizing, this works like a charm, if you are not using any guest networks.

In case you are using guest networks with "access intranet" disabled, your clients won't reach the internal IP-address of your pi-hole installation. But in case you don't want to allow your guest clients to reach internal ressources, you will have to use YazFi for specifing your router as DNS server instead for those networks:

--> https://www.snbforums.com/threads/yazfi-enhanced-asuswrt-merlin-guest-wifi-networks.45924/

 

[Unspec]

I want to thank wraithdu for figuring this out!!!
I will sumurize his posts and my config in hopes that it helps any other people wanting to use a PiHole with ipv6 and have it actually work.

My Setup:
ISP: AT&T U-Verse (DSL 24) (IPv6 Native & Stateless)
Gateway/Modem Box (AT&T's): Arris/Pace 5268AC (firmware: 10.7.0.530220-att)
Router Box: ASUS RT-AC68R (firmware: Merlin 384.5)
DNS Box: Raspberry Pi B+ (Pi-hole Version v3.3.1)

You will need to reconfigure the PiHole if you just now enableing IPv6 on your router as it would not have an address to enter on #9 below.

Router Settings:

1. WAN > Connect to DNS Server Automatically -> No
2. WAN > DNS Server1 -> Your local DNS server IPv4 (pihole)
3. LAN > DHCP Server > RT-AC56U's Domain Name -> Your domain ('home' or whatever you want)
4. LAN > DHCP Server > DNS Server1 / DNS Server2 -> blank
5. LAN > DHCP Server > Advertise router's IP in addition to user-specified DNS -> No
6. LAN > DHCP Server > Forward local domain queries to upstream DNS -> Yes
7. Setup IPv6 correctly for your ISP. I have AT&T so it is Native and Stateless, and Enable Router Advertisement and DHCD-PD are Enabled.
8. IPv6 > Connect to DNS Server automatically -> Disable
9. IPv6> IPv6 DNS Server 1 -> Link local IPv6 address of your local DNS server (PiHole)*

To finish up and make it work completely, you need to use wraithdu's postconf custom config file to modify the generated dnsmasq.conf so that dnsmasq hands out your desired DNS servers. See here for usage:

https://github.com/RMerl/asuswrt-merlin/wiki/Custom-config-files

First you need to enable the custom config files on the router:

• Administration > System > Enable JFFS custom scripts and configs -> Yes

Then create /jffs/scripts/dnsmasq.postconf . Make sure to chmod +x the script.

1. #: touch /jffs/scripts/dnsmasq.postconf
2. Use your favorite text editor to add the code below in to /jffs/scripts/dnsmasq.postconf. Be sure to enter the proper IPv6 and IPv4 addresses in the code! Leave the brackets [] around the IPv6 address!!
3. #: chmod +x /jiffs/scripts/dnsmasq.postconf
4. #: reboot

Code:
#!/bin/sh
sed -i "s/dhcp-option=lan,option6:23,.*/dhcp-option=lan,option6:23,[<fe80... DNS IPv6 address>]/" $1
echo "dhcp-option=lan,6,<DNS IPv4 address>" >> $1

Reboot the router and you should be good to go. You can check the final modified config at /etc/dnsmasq.conf .


*If you have already configured your PiHole and did not enable IPv6, do the following:

1. Reboot your PiHole and check if you now have an IPv6 address.
2. Add a valid DNS server to /etc/resolv.conf like: nameserver 8.8.8.8 (This is just temporary, it will be wiped upon reboot).
3. Reconfigure PiHole (#: sudo pihole -r) and make sure to enable IPv6.
4. Reboot PiHole again.

Sorry, quick question. For the postconf part, do you specifically put in the link local address of the pihole? Or the IPv6 address you see in the pihole web admin settings area. Thanks!

 

[GHammer]

Sorry, quick question. For the postconf part, do you specifically put in the link local address of the pihole? Or the IPv6 address you see in the pihole web admin settings area. Thanks!

Link local is what I use here.

 

[Unspec]

Link local is what I use here.

Do you have issues with IPv6 hostname resolution? I can't get my pihole to resolve link local hostnames

 

[GHammer]

Do you have issues with IPv6 hostname resolution? I can't get my pihole to resolve link local hostnames

They do not resolve for me. There is a way to get them to resolve, but it is involved and I don't really care since this is for ad blocking and not security.

 

[Unspec]

They do not resolve for me. There is a way to get them to resolve, but it is involved and I don't really care since this is for ad blocking and not security.

Makes sense. Not sure how much experience you have with this, but using the "real" IPv6 address would work too right? Or is link local required.