OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: puithove on December 28, 2018, 05:54:08 pm
-
I'm on 18.7.9
I have IPV6 configured to go through TunnelBroker/HE. All traffic on IPV6 flows fine. Unbound is running as a forwarder - forwarding to IPv4 addresses - and successfullly resolves all IPV6 queries. DHCPv4 apparently includes the interface's IPV6 address in the list of DNS servers provided as it shows up in client's resolvers. This results in slow DNS queries as clients sometimes attempt to contact DNS on IPV6 which times out.
Unbound is not listening on any IPV6 address. Output from "sockstat | grep -i unbound" run on the OPNsense router:
unbound unbound 79724 3 stream /tmp/php-fastcgi.socket-1
unbound unbound 79724 4 udp4 *:53 *:*
unbound unbound 79724 5 tcp4 *:53 *:*
unbound unbound 79724 6 tcp4 127.0.0.1:953 *:*
unbound unbound 79724 7 dgram -> /var/run/logpriv
unbound unbound 79724 8 stream -> ??
unbound unbound 79724 9 stream -> ??
unbound unbound 79724 10 stream -> ??
unbound unbound 79724 11 stream -> ??
unbound unbound 79724 12 stream -> ??
unbound unbound 79724 13 stream -> ??
unbound unbound 79724 14 stream -> ??
unbound unbound 79724 15 stream -> ??
You can see it's listening on all udp4 and tcp4 addresses. On the config page, I have "ALL" set on both Network Interfaces and Outgoing Network Interfaces. Unbound ACLs automatically include all IPV6 subnets from all my interfaces.
I saw in some other threads there may be a need to manually add config option "do-ip6: yes", but when I put that in Custom Options on the General config page, Unbound fails to start.
Any tips here?
-
Nobody run into this? No thoughts?
-
Hi.
I'm interested too.
I've experienced the same issue and didn't manage to solve it.
Br
-
Ok, found this little gold nugget in the release notes for 18.7.9:
unbound: only use IPv6 when enabled and IPv4 is not preferred
So I turned off the "Prefer IPv4" option (under System / Settings / General), and now it's listening on IPv6, and working correctly.
That seems valid - but if this is to be the case, then that option should also make it so that the DNS server list handed out by DHCP does NOT include any of the IPv6 addresses.
-
Thanks. I need to play a little bit around with my IPv6 setup, unitl now its just a playground.
Thanks for the hint!
br
-
In my opinion, this still sounds like a bug.
"Prefer IPv4 over IPv6" should not mean the daemon shall not listen on IPv6 at all. What I'd expect is that whenever outbound connections are made, IPv4 is preferred. It might be that this is not possible to do properly with Unbound but then a dedicated setting in Unbound should be there for it and the central setting should not be taken into account.
Might be worth opening a ticket for it on Github, but that's up to you guys.
-
Sorry, Unbound disables responding to queries on IPv6 using do-ip6 as well and defaults prefer-ip6 to 'no' which is a bit confusing and out of the scope of the feature request posted on GitHub...
https://github.com/opnsense/core/commit/53024b5c
# opnsense-patch 53024b5c
Won't be fixed in 18.7.10 as that is already waiting for final QA, but easily patched.
Even though I would not recommend preferring IPv4 in this day and age (it's the OPNsense default as well).
Cheers,
Franco
-
PS: quick issue opened in GitHub would be perfect... forum post is easily missed.