1
23.7 Legacy Series / DNS Priority, IPv4, IPv6
« on: November 18, 2023, 02:57:09 pm »
I'm enjoying OPNsense and getting to grips with IPv6 on my network.
Background
In summary my setup is very simple: OPNsense on a little PC (https://www.aliexpress.us/item/3256805846674072.html - I really like it!), a couple of switches around the house, a UniFi Cloud Key 2 (no DHCP on this - it's all on the OPNsense) with a couple of UniFi access points.
The OPNSense setup is pretty basic. A WAN with both DHCP and DHCPv6 clients connecting to the ISP (Community Fibre London 1Gb symmetric), from which I get a CGNAT IPv4 address and a /56 IPv6. On the LAN side I run a DHCPv4 service and let SLAAC do IPv6 addressing.
Question 1
In Windows clients on a wired LAN, I get DNS servers showing as follows using ipconfig /all:
That's all good (IPv4 DNS server addresses are as set in DHCP service, nothing set in Router Advertisement, so using system settings). My question is, how do I get the IPv6 DNS server address to have priority? Currently, if I do an nslookup it defaults to 192.168.0.1 as the DNS server.
Question 2:
On Wi-Fi, Windows clients don't show the IPv6 DNS server address in ipconfig /all (they do get IPv6 static and temp addresses and gateway):
However, netsh interface ipv6 show dnsservers does show that windows is getting the correct info from RA:
So what's going on?
Even more curious:
On a couple of iPhones, in Settings>Wi-Fi>'network name'>Info>Configure DNS, all the DNS Servers are shown with the IPv6 DNS address last (just like Windows LAN). But after about 10 minutes following Wi-Fi being turned 'Off and On', the IPv6 DNS server address disappears.
On MacOS on Wi-Fi, it behaves just like Windows on LAN: i.e. Two IP 4 addresses followed by IPv6.
--------------------------------------
I figure the IPv6 info on the clients is just buggy (but I haven't ruled out UniFi as the issue either), but would be interested in peoples thoughts.
From a strictly OPN perspective, I would ideally like the IPv6 DNS server address to be the highest priority. Is that something that OPNsense can do without enabling DHCPv6?
Thanks in advance![Smiley :)](https://forum.opnsense.org/Smileys/default/smiley.gif)
Background
In summary my setup is very simple: OPNsense on a little PC (https://www.aliexpress.us/item/3256805846674072.html - I really like it!), a couple of switches around the house, a UniFi Cloud Key 2 (no DHCP on this - it's all on the OPNsense) with a couple of UniFi access points.
The OPNSense setup is pretty basic. A WAN with both DHCP and DHCPv6 clients connecting to the ISP (Community Fibre London 1Gb symmetric), from which I get a CGNAT IPv4 address and a /56 IPv6. On the LAN side I run a DHCPv4 service and let SLAAC do IPv6 addressing.
Question 1
In Windows clients on a wired LAN, I get DNS servers showing as follows using ipconfig /all:
Code: [Select]
DNS Servers . . . . . . . . . . . . .: 192.168.0.1
1.1.1.1
2a02:xxxx:xxxx:xxxx:xxxx:fcff:fe10:6d75
That's all good (IPv4 DNS server addresses are as set in DHCP service, nothing set in Router Advertisement, so using system settings). My question is, how do I get the IPv6 DNS server address to have priority? Currently, if I do an nslookup it defaults to 192.168.0.1 as the DNS server.
Question 2:
On Wi-Fi, Windows clients don't show the IPv6 DNS server address in ipconfig /all (they do get IPv6 static and temp addresses and gateway):
Code: [Select]
DNS Servers . . . . . . . . . . . . .: 192.168.0.1
1.1.1.1
However, netsh interface ipv6 show dnsservers does show that windows is getting the correct info from RA:
Code: [Select]
Configuration for interface "Wi-Fi"
DNS servers configured through DHCP: 2a02:xxxx:xxxx:xxxx:xxxx:fcff:fe10:6d75
Register with which suffix: Primary only
So what's going on?
Even more curious:
On a couple of iPhones, in Settings>Wi-Fi>'network name'>Info>Configure DNS, all the DNS Servers are shown with the IPv6 DNS address last (just like Windows LAN). But after about 10 minutes following Wi-Fi being turned 'Off and On', the IPv6 DNS server address disappears.
On MacOS on Wi-Fi, it behaves just like Windows on LAN: i.e. Two IP 4 addresses followed by IPv6.
--------------------------------------
I figure the IPv6 info on the clients is just buggy (but I haven't ruled out UniFi as the issue either), but would be interested in peoples thoughts.
From a strictly OPN perspective, I would ideally like the IPv6 DNS server address to be the highest priority. Is that something that OPNsense can do without enabling DHCPv6?
Thanks in advance
![Smiley :)](https://forum.opnsense.org/Smileys/default/smiley.gif)