"
If IPv6 is the issue, it may be because of the way your ISP delegates IPv6 to you. I am on Verizon Fios and receive a /56 prefix from them and use a similar setup as used in this post: Verizon Fios IPv6. If you are absolutely sure your ISP supports IPv6 and provides thier users with a IPv6 address, it's best to just do a simple duckduckgo search for "<ISPname> IPv6 opnsense". There may already be some posts or guides pointing out how to setup IPv6 with your ISP properly. Once you have IPv6 properly working on the WAN, from there you can start working on IPv6 for your LAN, though truthfully it doesn't matter unless you are planning on hosting services via IPv6.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
Intrusion Detection and Prevention / Crowdsec and logs?
March 24, 2026, 06:55:54 PM
I am probably misunderstanding how Crowdsec works, but from what I have read, it seems that Crowdsec doesn't monitor the packets going across the interfaces like other IDS/IPS software does, but instead just watches firewall logs for any known abusive patterns. Does this mean that if I have any IP blocking lists in the Opnsense firewall, that I need to enable logging on each entry in order for Crowdsec to "see" any potential patterns? Or is the enable logging option only for the users eyes, and internally Opnsense still keeps logs?
I ask because after adding in some block lists, my Crowdsec Console reports that it's been very quiet from my setup, which could mean either I screwed up the settings and its no longer reporting (not likely because it still sees the firewall and other systems reporting on my network), or as thier own popup help states, that it could just be there is nothing to report on (the blocklists are blocking any suspicious activity, but Crowdsec doesn't see it).
I ask because after adding in some block lists, my Crowdsec Console reports that it's been very quiet from my setup, which could mean either I screwed up the settings and its no longer reporting (not likely because it still sees the firewall and other systems reporting on my network), or as thier own popup help states, that it could just be there is nothing to report on (the blocklists are blocking any suspicious activity, but Crowdsec doesn't see it).
#3
General Discussion / Re: Internet access problems
March 23, 2026, 03:40:09 PMQuote from: Jebecca on March 09, 2026, 09:19:39 PM* OPNsense connection to Internet - WAN port(em0 Interface) is connected to a Nokia Fastmile 5G Gateway set to Bridge mode.
Just a observation, but I haven't seen anyone mention it. This Nokia Fastmile 5G sounds like a cellphone network adapter, which means it's possible their connection is CGNAT and (or?) IPv6 only.
#4
General Discussion / Re: What is the memtester tool called here?
March 17, 2026, 08:21:59 PM
Memtester is a user space application. It can never test RAM that is in use (allocated).
As far as I understand it (I am not a programmer), in simplest terms to be capable of doing such a thing as testing RAM that is in use, would require it to be baked into the OS kernal itself, as the OS would need to move data in RAM that is in use to other sections to allow such a RAM testing application to test those sectors. This would require a very high level of choreography between the OS, the RAM testing application, and all the other applications that are loaded in, running in, and using RAM as those programs need to be aware that the sectors of RAM allocated to them could change at any given time. The programs would need to be "Live RAM Testing" aware, or such an action would fail (the program would error out because the data it expects in a specific sector of the RAM is no longer there). It's the same reason some backup programs for VMs require the VM being backed up to be shutdown, cause it can't handle data on a drive being live (actively in use) or "locked" (only the OS can access said data).
There probably is a way to have memtester available in Opnsense, but again, running it while Opnsense is live will only result in the unused free RAM being tested. You would need to shutdown and boot into a RAM tester like Memtester86+ in order to test all the system RAM.
As far as I understand it (I am not a programmer), in simplest terms to be capable of doing such a thing as testing RAM that is in use, would require it to be baked into the OS kernal itself, as the OS would need to move data in RAM that is in use to other sections to allow such a RAM testing application to test those sectors. This would require a very high level of choreography between the OS, the RAM testing application, and all the other applications that are loaded in, running in, and using RAM as those programs need to be aware that the sectors of RAM allocated to them could change at any given time. The programs would need to be "Live RAM Testing" aware, or such an action would fail (the program would error out because the data it expects in a specific sector of the RAM is no longer there). It's the same reason some backup programs for VMs require the VM being backed up to be shutdown, cause it can't handle data on a drive being live (actively in use) or "locked" (only the OS can access said data).
There probably is a way to have memtester available in Opnsense, but again, running it while Opnsense is live will only result in the unused free RAM being tested. You would need to shutdown and boot into a RAM tester like Memtester86+ in order to test all the system RAM.
#5
Intrusion Detection and Prevention / Re: Adding IPv6 private address range to the Home Networks
March 15, 2026, 04:04:18 PMQuote from: Patrick M. Hausen on March 15, 2026, 03:54:31 PMAnd again we are again discussing miniscule details of the IPv6 addressing schemes and nobody seems to want to answer the question if you should put the ULA you are using into the home networks ... 🙄
Isn't that what I just said in my previous post? Or do I need to specifically point it out and not assume the OP can't infer to use that result in thier Intrusion Detection Home Networks?
I get my post before that one was vague, but again, one should be able to infer the answer from that.
#6
Intrusion Detection and Prevention / Re: Adding IPv6 private address range to the Home Networks
March 15, 2026, 03:37:38 PM
It's my understanding that fc00:: is not officially part of the LAN only routable range as it is still possible it could be assigned in the future, however miniscule (improbable? not in any of our lifetimes?) that possibility may be. Hence fc00::0/7 should not be used. fd00::0/8 is the official range to be used for LAN routeable only ULAs and is why I responded with using a proper ULA calculator. The OP can then use the calculated fdxx:xxxx:xxxx::/48 address for thier own network, or fd00::0/8 if they have plans in the future of merging thier LAN with another LAN using ULAs.
Also, use this calculator or this calculator (automatically enters your MAC). The one I linked previously appears to give out borked addresses.
Also, use this calculator or this calculator (automatically enters your MAC). The one I linked previously appears to give out borked addresses.
#7
Intrusion Detection and Prevention / Re: Adding IPv6 private address range to the Home Networks
March 15, 2026, 08:25:02 AMQuote from: Diggy on March 12, 2026, 07:12:07 PMWe are using private IPv6 addresses along with IPv4 addresses on our local network. I noticed that the IPv6 range "fc00::0/7" is not included in the default Home Networks list. Why? Does "Home Networks" not apply to IPv6? Are there any special considerations when adding "fc00::0/7" to the Home Networks list?
In advance, thanks for guidance on this matter.
Why? Because fc00: shouldn't be use for ULA. Use a proper ULA calculator like
#8
General Discussion / Re: What is the memtester tool called here?
March 14, 2026, 06:40:35 PMQuote from: drosophila on March 14, 2026, 06:06:24 PM... so what am I overlooking?
For the same reason a program like badblocks can't test a drive that is mounted and in use, memtest can't test RAM while it's in use by anything other then itself.
Quotememtester will malloc(3) the amount of memory specified, if possible. If this fails, it will decrease the amount of memory requested until it succeeds. It will then attempt to mlock(3) this memory; if it cannot do so, testing will be slower and much less effective. Run memtester as root so that it can mlock the memory it tests
#9
General Discussion / Re: internal DNS issues
March 14, 2026, 02:55:05 AM
Unbound should handle all external name lookups. Unbound should pass all internal lookups to DNSmasq. As suggested, do not use ISC as it will eventually be dropped. This is the setup I have come up with after gleaning over many articles, guides, and posts, over a long time trying to get my DNS resolution to work as I want it to on my network. It is a mixed IPv4/IPv6 setup that uses the typical 192.168.1.1, only a single LAN network segment (no VLANS either), as well as IPv6 GUA addresses as my ISP supplies a dynamic /56 IPv6 prefix. I also use 2 Pihole servers in my setup, but I will leave that part out to not complicate the setup. If you or anyone else wants I can include Pihole in the mix in another post.
Starting with Unbound:
General:
Listen Port: 53
Network Interfaces: Lan (Check all interfaces you want Unbound to listen on. Leave those you don't want it to listen to unchecked)
Enable DNSSEC Support: (If you are going to use DNSSEC with a DNS server that supports it, check it)
DHCP Domain Override: lan.internal (.internal is the only current top level local domain name for LAN use by ICANN, and is recognized by many modern apps to *not* be used in the WAN. You can add in whatever you want before .internal as your LAN FQDN. System > Settings > General > Domain: should also match)
Register DHCP Static Mappings: Checked
Overrides:
I do not use overrides as DNSmasq can take care of that for local LAN systems.
Advanced:
Private Domains: lan.internal (Enter your domain)
Rebind protection networks: (Add in any local LAN networks you are using that are not already entered here by default)
Insecure Domains: lan.internal (Enter your domain if you are using DNSSEC)
Access List:
Default Action: Allow (unless you have multiple networks being served up by different DNS daemons, leave at Allow to let Unbound responds to all network segments its listening on that was configured earlier. There is no need for any entries when set to Allow)
Query Forwarding:
Use System Nameservers: Unchecked (We are going to use DNSmasq for local DNS FQDN resolution)
Add a new server entry:
Domain: lan.internal (what you used earlier)
Server IP: 192.168.1.1 (The LAN IP address of your Opnsense)
Server Port: 53053 (this is the port we will use to contact DNSmasq. Do not use 5353 as often suggested. I forget the exact reason, but there's another established service out there that uses that port. You can of course, use whatever port you want, just make sure its not a commonly used port)
Add another new server entry:
Domain: 1.168.192.in-addr.arpa (this entry will perform reverse lookups for you LAN addresses)
Server IP: 192.168.1.1 (same as before)
Server Port: 53053 (same as before)
Now onto DNSmasq:
General:
Interface: LAN (As with Unbound, check all interfaces you want Unbound to listen on. Leave those you don't want it to listen to unchecked)
Listen Port: 53053 (same as what you used in previous settings)
No hosts lookup: Checked
Query DNS servers sequentially: Unchecked
Require domain: Checked (I have it checked because I always use FQDN, but even then I can still nslookup a name without domain and receive the IP address)
Do not forward to system defined DNS servers: Checked (since DNSmasq is used only for Local LAN lookups, we check this)
Do not forward private reverse lookups: Checked (same as above)
DHCP FQDN: Checked (this will register system names obtain through DHCP requests)
DHCP default domain: lan.internal (enter your LAN FQDN)
DHCP local domain: Checked
DHCP authoritative: Checked
DHCP register firewall rules: Checked (I don't fully understand what rules are added or needed, so I leave it checked)
Router advertisements: Checked (because I do use dynamic IPv6 on my network)
Domains:
Nothing needed here
Skip to DHCP ranges:
Add a new entry:
Interface: LAN (I only have 1 LAN segment, if you have multiple and you want DNSmasq to serve as the DHCP on each segment, you will need to make additional server entries)
Start address: 192.168.1.10 (where to start handing out IPv4 address in your DHCP range)
End address: 192.168.1.200 (where to end)
Domain: lan.internal (enter your LAN FQDN)
If using IPv6 and you want to assign a DHCP range for IPv6, add another entry:
Interface: LAN
Start address: ::a:b:c:1000 (again, I have a dynamic IPv6 prefix address assigned to me by my ISP, so this would be where I enter the remaining bits to assign to local clients)
End address: ::a:b:c:9000
Constructor: LAN
RA mode: slaac, ra-names (this will allow clients to obtain thier own IPv6 address via SLAAC [like Android devices], as well as being able to assign a fixed IPv6 GUA address to those clients that support that feature. The mode will depend on how you are assigned IPv6 by your ISP but this should work in most cases)
Domain: lan.internal (you know the drill, enter your LAN FQDN)
DHCP options:
Add a new entry: (This will tell the DHCP client the IPv4 address of your DNS server(s))
Interface: LAN
Type: Set
Option: dns-server [6]
Option6: None
Value: 192.168.1.1 (In this example we use the LAN ip address of the OPNSense firewall since that is where Unbound resides and listens)
Force: Checked
I have IPv6, so I add another entry:
Interface: LAN
Type: Set
Option: None
Option6: dns-server [23]
Value: fe80::1 (Use the IPv6 address that starts with fe80: for your LAN interface. Link Local Addresses (LLA, fe80:) don't change unless the network hardware itself changes as it's derived from the MAC address, and will work in mixed IPv4, IPv6 networks)
Force: Checked
Now back to DHCP Hosts tab:
The DHCP Hosts tab is where you will enter any and every device on your network that you want to assign a FQDN for your local LAN, and fixed IP address, be it IPv4, or GUA IPv6 with the assigned prefix from your ISP. These IP address you assign do not have to be in the DHCP range(s) you defined earlier. You can also define devices that don't use DHCP, but have a fixed IP address and you want to assign a FQDN to them. For instance, my Opnsense firewall has a entry for it for the FQDN, IPv4 and internal Link Local IPv6 address it can be reached at. CNAME and Alias records can also be defined in this section.
When dealing with IPv6, be aware that not every device will support being assigned a IPv6 address via DHCP. You can easily tell what devices can be assigned a IPv6 address by allowing the device to connect via DHCP and in the 'DNSmasq > Leases' window you can look for the device IPv6 address, and the DUID that you need to use to assign a IPv6 address via DHCP will be there as well. Devices that only support IPv6 via SLAAC (like Android) will not show up in the 'Leases' window IPv6 section, and cannot be assigned a fixed IPv6 GUA address.
Those devices that do not need a fixed IP or FQDN of any kind you do not need to define here, as they will just grab a random IPv4 and/or IPv6 address according to your DHCP ranges setting. Those devices that request a DHCP address, can also report to DNSmasq thier device name, and DNSmasq will register that name as a FQDN, that can be used just like any other fixed entry you yourself added.
With this setup, all local FQDN lookups will stay within Opnsense, and will be resolvable via DNSmasq. Any other lookups will go out to the net via Unbound. You will only need to maintain 1 set of entries for you LAN devices via DNSmasq, and not have to use Unbound for overrides.
Starting with Unbound:
General:
Listen Port: 53
Network Interfaces: Lan (Check all interfaces you want Unbound to listen on. Leave those you don't want it to listen to unchecked)
Enable DNSSEC Support: (If you are going to use DNSSEC with a DNS server that supports it, check it)
DHCP Domain Override: lan.internal (.internal is the only current top level local domain name for LAN use by ICANN, and is recognized by many modern apps to *not* be used in the WAN. You can add in whatever you want before .internal as your LAN FQDN. System > Settings > General > Domain: should also match)
Register DHCP Static Mappings: Checked
Overrides:
I do not use overrides as DNSmasq can take care of that for local LAN systems.
Advanced:
Private Domains: lan.internal (Enter your domain)
Rebind protection networks: (Add in any local LAN networks you are using that are not already entered here by default)
Insecure Domains: lan.internal (Enter your domain if you are using DNSSEC)
Access List:
Default Action: Allow (unless you have multiple networks being served up by different DNS daemons, leave at Allow to let Unbound responds to all network segments its listening on that was configured earlier. There is no need for any entries when set to Allow)
Query Forwarding:
Use System Nameservers: Unchecked (We are going to use DNSmasq for local DNS FQDN resolution)
Add a new server entry:
Domain: lan.internal (what you used earlier)
Server IP: 192.168.1.1 (The LAN IP address of your Opnsense)
Server Port: 53053 (this is the port we will use to contact DNSmasq. Do not use 5353 as often suggested. I forget the exact reason, but there's another established service out there that uses that port. You can of course, use whatever port you want, just make sure its not a commonly used port)
Add another new server entry:
Domain: 1.168.192.in-addr.arpa (this entry will perform reverse lookups for you LAN addresses)
Server IP: 192.168.1.1 (same as before)
Server Port: 53053 (same as before)
Now onto DNSmasq:
General:
Interface: LAN (As with Unbound, check all interfaces you want Unbound to listen on. Leave those you don't want it to listen to unchecked)
Listen Port: 53053 (same as what you used in previous settings)
No hosts lookup: Checked
Query DNS servers sequentially: Unchecked
Require domain: Checked (I have it checked because I always use FQDN, but even then I can still nslookup a name without domain and receive the IP address)
Do not forward to system defined DNS servers: Checked (since DNSmasq is used only for Local LAN lookups, we check this)
Do not forward private reverse lookups: Checked (same as above)
DHCP FQDN: Checked (this will register system names obtain through DHCP requests)
DHCP default domain: lan.internal (enter your LAN FQDN)
DHCP local domain: Checked
DHCP authoritative: Checked
DHCP register firewall rules: Checked (I don't fully understand what rules are added or needed, so I leave it checked)
Router advertisements: Checked (because I do use dynamic IPv6 on my network)
Domains:
Nothing needed here
Skip to DHCP ranges:
Add a new entry:
Interface: LAN (I only have 1 LAN segment, if you have multiple and you want DNSmasq to serve as the DHCP on each segment, you will need to make additional server entries)
Start address: 192.168.1.10 (where to start handing out IPv4 address in your DHCP range)
End address: 192.168.1.200 (where to end)
Domain: lan.internal (enter your LAN FQDN)
If using IPv6 and you want to assign a DHCP range for IPv6, add another entry:
Interface: LAN
Start address: ::a:b:c:1000 (again, I have a dynamic IPv6 prefix address assigned to me by my ISP, so this would be where I enter the remaining bits to assign to local clients)
End address: ::a:b:c:9000
Constructor: LAN
RA mode: slaac, ra-names (this will allow clients to obtain thier own IPv6 address via SLAAC [like Android devices], as well as being able to assign a fixed IPv6 GUA address to those clients that support that feature. The mode will depend on how you are assigned IPv6 by your ISP but this should work in most cases)
Domain: lan.internal (you know the drill, enter your LAN FQDN)
DHCP options:
Add a new entry: (This will tell the DHCP client the IPv4 address of your DNS server(s))
Interface: LAN
Type: Set
Option: dns-server [6]
Option6: None
Value: 192.168.1.1 (In this example we use the LAN ip address of the OPNSense firewall since that is where Unbound resides and listens)
Force: Checked
I have IPv6, so I add another entry:
Interface: LAN
Type: Set
Option: None
Option6: dns-server [23]
Value: fe80::1 (Use the IPv6 address that starts with fe80: for your LAN interface. Link Local Addresses (LLA, fe80:) don't change unless the network hardware itself changes as it's derived from the MAC address, and will work in mixed IPv4, IPv6 networks)
Force: Checked
Now back to DHCP Hosts tab:
The DHCP Hosts tab is where you will enter any and every device on your network that you want to assign a FQDN for your local LAN, and fixed IP address, be it IPv4, or GUA IPv6 with the assigned prefix from your ISP. These IP address you assign do not have to be in the DHCP range(s) you defined earlier. You can also define devices that don't use DHCP, but have a fixed IP address and you want to assign a FQDN to them. For instance, my Opnsense firewall has a entry for it for the FQDN, IPv4 and internal Link Local IPv6 address it can be reached at. CNAME and Alias records can also be defined in this section.
When dealing with IPv6, be aware that not every device will support being assigned a IPv6 address via DHCP. You can easily tell what devices can be assigned a IPv6 address by allowing the device to connect via DHCP and in the 'DNSmasq > Leases' window you can look for the device IPv6 address, and the DUID that you need to use to assign a IPv6 address via DHCP will be there as well. Devices that only support IPv6 via SLAAC (like Android) will not show up in the 'Leases' window IPv6 section, and cannot be assigned a fixed IPv6 GUA address.
Those devices that do not need a fixed IP or FQDN of any kind you do not need to define here, as they will just grab a random IPv4 and/or IPv6 address according to your DHCP ranges setting. Those devices that request a DHCP address, can also report to DNSmasq thier device name, and DNSmasq will register that name as a FQDN, that can be used just like any other fixed entry you yourself added.
With this setup, all local FQDN lookups will stay within Opnsense, and will be resolvable via DNSmasq. Any other lookups will go out to the net via Unbound. You will only need to maintain 1 set of entries for you LAN devices via DNSmasq, and not have to use Unbound for overrides.
#10
General Discussion / Alias bug? Or just a "quirk"?
March 13, 2026, 10:49:26 PM
Was setting up a port forward and IPv6 passthrough for my NTP server and came across a issue trying to setup the IPv6 part.
When creating the alias, I accidently created a type 'Host(s)' alias instead of a type 'Dynamic IPv6 Host' alias. I didn't realize what I did because the type 'Host(s)' alias did not give an error when I used the second half of the IPv6 GUA address for the machine. When testing, Opnsense was blocking the incoming connections with 'Default Deny/State Violation Rule'. Upon checking the rule and alias, it was then I realized I had that alias type set as 'Host(s)' instead of 'Dynamic IPv6 Host'. So I simply changed the type to 'Dynamic IPv6 Host', and tested again, only for Opnsense to continue to block the incoming connection. I couldn't figure out why as everything, the rule and alias, should be correct now. I thought maybe it was something with the rule and spent the next hour+ editing it, deleting it, manually recreating it, and even cloning the working IPv6 pass rule I already had in place for another service. It wasn't untill I deleted the Alias and recreated it from the start with the correct type 'Dynamic IPv6 Host' set, that the rule then started to work and the connections could pass through the firewall.
Currently running:
OPNsense 26.1.4-amd64
FreeBSD 14.3-RELEASE-p9
TL/DR - If you attempt to create a Alias for a dynamic IPv6 host, but you choose type 'Host(s)' and save, you cannot simply change the type after to correct it. You must delete the Alias, and recreate it again with the correct type.
When creating the alias, I accidently created a type 'Host(s)' alias instead of a type 'Dynamic IPv6 Host' alias. I didn't realize what I did because the type 'Host(s)' alias did not give an error when I used the second half of the IPv6 GUA address for the machine. When testing, Opnsense was blocking the incoming connections with 'Default Deny/State Violation Rule'. Upon checking the rule and alias, it was then I realized I had that alias type set as 'Host(s)' instead of 'Dynamic IPv6 Host'. So I simply changed the type to 'Dynamic IPv6 Host', and tested again, only for Opnsense to continue to block the incoming connection. I couldn't figure out why as everything, the rule and alias, should be correct now. I thought maybe it was something with the rule and spent the next hour+ editing it, deleting it, manually recreating it, and even cloning the working IPv6 pass rule I already had in place for another service. It wasn't untill I deleted the Alias and recreated it from the start with the correct type 'Dynamic IPv6 Host' set, that the rule then started to work and the connections could pass through the firewall.
Currently running:
OPNsense 26.1.4-amd64
FreeBSD 14.3-RELEASE-p9
TL/DR - If you attempt to create a Alias for a dynamic IPv6 host, but you choose type 'Host(s)' and save, you cannot simply change the type after to correct it. You must delete the Alias, and recreate it again with the correct type.
#11
General Discussion / Re: Opnsense DOSing upstream DNS with bursts of requests
March 10, 2026, 06:58:14 AM
I don't know if this will help you at all, but I ran into a similar problem not that long ago. Near as I could figure, I think Unbound on OPNSense was getting into a infinite loop with Pi-Hole because of the way I have my DNS redirection setup, and I had introduced ULA IPv6 addresses to my network. Removing the ULA addresses from my network stopped the flooding from OPNSense to the Pi-Holes.
https://forum.opnsense.org/index.php?topic=47568.msg239712#msg239712
https://forum.opnsense.org/index.php?topic=47568.msg239712#msg239712
#12
General Discussion / Re: noip + ipv6?
March 02, 2026, 01:29:17 AM
Not sure if this will be helpful for you, but I too have T-Mobile/Metro for my cell phone. Currently my home setup for VPN consists of a docker install of WG-Easy, and on the same Linux VM, I also run the Linux CLI version of the No-IP updater as that is the only method currently you can use to update the IPv6 address of the system it's running on. Afaik, there is no current method for IPv6 update in OpnSense (or Windows if you were thinking of using that as an option), and it also made networking alot easier since I didnt have to deal with adding in firewall rules in OpnSense for the WG client(s) being able to access the LAN and WAN. Just need a single (or dual if also using IPv4) firewall rule to open the port for the incoming WG connection to the Linux VM it's running on. This will of course work for ISPs that don't give out a fixed IPv6 address range, which is pretty much every single ISP.
<edit> Oh, and I've tried Tailscale. Horribly slow as it always appears to use it's relay servers and it was constantly disconnecting and reconnecting, not to mention the very high battery usage, even with the screen off. YMMV, but that was my experience with Tailscale & T-Mobile. </edit>
<edit> Oh, and I've tried Tailscale. Horribly slow as it always appears to use it's relay servers and it was constantly disconnecting and reconnecting, not to mention the very high battery usage, even with the screen off. YMMV, but that was my experience with Tailscale & T-Mobile. </edit>
#13
General Discussion / Re: upgrade from 21.7.8 failed
February 13, 2026, 06:01:52 AM
If your current 21.7.8 appears to be running fine with no issues, you could just save the configuration and install the next higher version from ISO, then import the configuration you saved.
#14
General Discussion / Re: How to use DHCP options in Dnsmasq?
February 11, 2026, 04:53:34 AM
Its one or the other,IPv4 -or- IPv6. You have to create individual IPv4 options, and seperate IPv6 options.
For your dns-server [6] option, that would only apply to IPv4, and the ip address you enter would of course only be IPv4 ip, seperated by a comma if entering multiple addresses.
For your dns-server [6] option, that would only apply to IPv4, and the ip address you enter would of course only be IPv4 ip, seperated by a comma if entering multiple addresses.
#15
General Discussion / Re: dnsmasq - no address range available for DHCPv6 request via wan warnings
February 10, 2026, 03:31:42 AM
In the DNSmasq Interface setting, after you disabled the WAN interface, were the other interfaces that you do need DNSmasq on checked? I just finished the swithover from ISC to DNSmasq myself today, and didn't see any such warnings in my DNSmasq logs. I know the little help blurb for Interface says "If no interfaces are selected, Dnsmasq will listen on all available IPv4 and IPv6 addresses by default", but I find more often then not, that you have to add in or explicitly choose an option to make sure it actually works.
