OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: espen on March 29, 2017, 08:37:08 pm

Title: DNS oddness with IPv6
Post by: espen on March 29, 2017, 08:37:08 pm
Hi guys,

I have been struggling for a while with DNS issues on my local network. My local computers, which I have created overrides for in DNS forwarder, suddenly stopped resolving on a few, but not all, of my systems. I managed to track the issues down to my experimentation with OpenDNS and more specifically to DNS servers in System: Settings: General.

Here is the system version:    
OPNsense 17.1.4-i386
FreeBSD 11.0-RELEASE-p8
OpenSSL 1.0.2k 26 Jan 2017

With the following entries, everything works fine:
DNS Server
 - 208.67.220.220
 - 208.67.222.222

My computer receives both IPv4 and IPv6 addresses from the LAN interface on OPNsense:
# Generated by NetworkManager
nameserver 10.0.0.1
nameserver 2001::1 (not my real IPv6)

I then added OpenDNS IPv6 servers in System:Settings:General, ending up with this list:
DNS Server
 - 208.67.220.220
 - 208.67.222.222
 - 2620:0:ccc::2
 - 2620:0:ccd::2

Resulting in that the IPv6 addresses "bleed through" and my computer ends up with:
# Generated by NetworkManager
nameserver 10.0.0.1
nameserver 2001::1
nameserver 2620:0:ccc::2
# NOTE: the libc resolver may not support more than 3 nameservers.
# The nameservers listed below may not be recognized.
nameserver 2620:0:ccd::2

Using only IPv6 DNS addresses in System:Settings:General result in no IPv6 address given out to clients at all, my computer only gets IPv4:
# Generated by NetworkManager
nameserver 10.0.0.1

I would expect that the DHCP server ignores whatever servers are configured under System:Settings:General and only give ut LAN interface addresses, but that does not seem to be the case with IPv6. Does anyone have an idea why this happens?

And while I'm asking, although unrelated to my original issue, why are link-local addresses not allowed to be used for DNS lookup?

/Espen