Issue: DHCPv6 - Old DNS ip still being used - OPNsense 24.7.9_1-amd64

[Mpegger]

Yet another issue I've found which does cause minor problems. I switched the hardware I was running my DNS server (Pi-hole) on, updated any and every entry in Opnsense in regards to IPv6 address (I use fixed link-local fe80: addresses for this), and many of my devices are still using the old IPv6 addresses for DNS server. I've deleted all the leases, I've stopped the ISC DHCPv6, disabled the service entirely, deleted all IPv6 leases in Opnsense list, re-enabled, restarted, forced clients to renew DHCP, and yet they are still getting and using the old IPv6 addresses for the IPv6 DNS servers. Only 1 of my computers so far has changed the IPv6 DNS server address entries to the updated ones.

I exported a configuration to see if I could find where that old IPv6 was showing up and found them in the <dhcpdv6> section.

Code Select Expand

<dhcpdv6>
    <lan>
      <domainsearchlist>home.lan</domainsearchlist>
      <ddnsdomainalgorithm>hmac-md5</ddnsdomainalgorithm>
      <enable>1</enable>
      <range>
        <from>::0</from>
        <to>::ffff</to>
      </range>
      <prefixrange>
        <from/>
        <to/>
        <prefixlength>48</prefixlength>
      </prefixrange>
      <dnsserver/>
      <ntpserver>fe80::xyz</ntpserver>
      <numberoptions>
        <item/>
      </numberoptions>
      <ramode>assist</ramode>
      <rapriority>medium</rapriority>
      <ramininterval>200</ramininterval>
      <ramaxinterval>600</ramaxinterval>
      <radomainsearchlist/>
      <radnsserver>fe80::aaaa</radnsserver> #This contains the old IPv6 DNS server address
      <radnsserver>fe80::bbbb</radnsserver> #This contains the old IPv6 DNS server address
    </lan>
  </dhcpdv6>

The <radnsserver> entries contain the old IPv6 DNS server entries, and I have no idea how to change that in the GUI. I can't even find any reference to that in the ISC DHCPv6 panel at all.

I did however manage to "fix" the issue by editing the configuration file and uploading/applying the new configuration to Opnsense. Now the new IPv6 DNS server addresses are being given to the DHCPv6 clients on my network. If I simply deleted those entries, Opnsense would start giving out the IPv6 address for my ISP dns server (definetely not what I want) even though I have the IPv6 DNS server address entries in System>Settings>General tab setup. I had to change the IPv6 addresses for both of the <radnsserver> entries.

Again, that did fix the issue, but I still have no idea where in the Opnsense GUI that can be changed, if at all, nor why Opnsense continued to use those old entries, and ignore the new ones, when the appropiate changes where made in the ISC DHCPv6 panel.

[gmartin]

I'm having a similar issue. New opnSense install and it appears the dhcpv6 is handing out the router ip as the DNS. I need it to be the pihole ipv6.  How does one edit the config file?

[enchante]

Yet another issue I've found which does cause minor problems. I switched the hardware I was running my DNS server (Pi-hole) on, updated any and every entry in Opnsense in regards to IPv6 address (I use fixed link-local fe80: addresses for this), and many of my devices are still using the old Geometry Dash Lite addresses for DNS server. I've deleted all the leases, I've stopped the ISC DHCPv6, disabled the service entirely, deleted all IPv6 leases in Opnsense list, re-enabled, restarted, forced clients to renew DHCP, and yet they are still getting and using the old IPv6 addresses for the IPv6 DNS servers. Only 1 of my computers so far has changed the IPv6 DNS server address entries to the updated ones.

I exported a configuration to see if I could find where that old IPv6 was showing up and found them in the <dhcpdv6> section.

The <radnsserver> entries contain the old IPv6 DNS server entries, and I have no idea how to change that in the GUI. I can't even find any reference to that in the ISC DHCPv6 panel at all.

I did however manage to "fix" the issue by editing the configuration file and uploading/applying the new configuration to Opnsense. Now the new IPv6 DNS server addresses are being given to the DHCPv6 clients on my network. If I simply deleted those entries, Opnsense would start giving out the IPv6 address for my ISP dns server (definetely not what I want) even though I have the IPv6 DNS server address entries in System>Settings>General tab setup. I had to change the IPv6 addresses for both of the <radnsserver> entries.

Again, that did fix the issue, but I still have no idea where in the Opnsense GUI that can be changed, if at all, nor why Opnsense continued to use those old entries, and ignore the new ones, when the appropiate changes where made in the ISC DHCPv6 panel.

It seems Opnsense prioritizes the RA-specified DNS servers for clients doing SLAAC+RA, even if DHCPv6 says otherwise. I wish they made the relationship between these services clearer in the GUI. Your fix via editing the config directly is totally valid, but definitely not intuitive for most users.