Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - WiteWulf

Pages1
#1
26.1, 26,4 Series / Re: Help With DHCP, IPv6 and DNS Please (OPNsense Newbie)
Today at 01:39:53 PM
Thank you, that's gone some way to explaining a previous problem I had.

When I initially set the OPNsense device up I tried setting my 'LAN IPv6 Configuration Type' to 'Identity Association' (as per some docs I found), but my LAN clients didn't receive an IPv6 configuration. Changing that to 'Track Interface (legacy)' "just worked", so I left it at that. It seems that this automatically configures a DHCPv6/RA for the LAN, and I suspect this ignores any changes made in the dnsmasq settings UI.

I assume, then, that I need to manually configure an RA or DHCPv6 range when using 'Identity Association'? I'll have a detailed read of your article you linked to and have a go at that. Thanks again.
#2
26.1, 26,4 Series / Help With DHCP, IPv6 and DNS Please (OPNsense Newbie)
Today at 12:02:01 PM
Hi folks, first time poster. I've recently moved to OPNsense (26.1.10, running as a VM on Proxmox) from OpenWrt. The migration went really well for the most part, but there's one thing I can't figure out and would like help with please.

I have a PiHole running on my network (in docker on a different device to OPNsense), and use DHCP Option 6 to tell my clients to use it as their DHCP server, with Unbound on the OPNsense device as the fallback. This was all I had to do on OpenWrt to get all LAN client DNS queries to go via my PiHole and I replicated this in dnsmasq on OPNsense. My IPv6 clients didn't receive an IPv6 DNS server with OpenWrt.

Since moving to OPNsense I noticed that some of my devices had started showing ads again, but saw that PiHole was still serving (some) requests on the LAN.

OPNsense is configuring the IPv6 clients on the LAN to use it's Unbound service for DNS over IPv6, so I added DHCP Option 23 with the Pihole and Unbound servers' IPv6 addresses on dnsmasq hoping that would override whatever default setting was being applied.

My clients are acting on the DHCP Option 6 and configuring the PiHole and OPNsense as their IPv4 DNS servers, but ignoring the DHCP Option 23, and only configuring the OPNsense device for DNS over IPv6. Both DHCP Options are set to 'Force'.

Consequently:
a) IPv6 enabled devices prefer to use DNS over IPv6, and are only using Unbound on OPNsense (thus bypassing the PiHole)
b) IPv4 only devices are correctly using the PiHole as instructed via DHCP Option 6

I've tried both renewing DHCP leases and restarting my clients with no change in behaviour. I've checked that the PiHole is serving queries over IPv6.

How do I correctly tell my IPv6 clients to use the PiHole server?
Pages1