Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
LAN Hosts Getting IPv6 DNS Addresses
« previous
next »
Print
Pages: [
1
]
Author
Topic: LAN Hosts Getting IPv6 DNS Addresses (Read 1297 times)
MrBee
Newbie
Posts: 7
Karma: 0
LAN Hosts Getting IPv6 DNS Addresses
«
on:
July 17, 2021, 01:42:25 am »
Hi all, I'm not sure what's happening here.. I recently got new hardware for OPNSense, I started from scratch in getting my router setup again.
I'm using Pi-Hole on a VM, and Unbound on OPNSense (not in forwarding mode).
I have port-forwarding rules to send all DNS traffic not destined for the Pi-Hole VM, to the Pi-Hole VM.
I have the IP address (192.168.1.101) of the Pi-Hole VM set as my DNS address in the DHCPv4 settings (on the LAN interface).
I am not allowing DNS to be overwritten from WAN DHCP (Settings->General).
The idea: all DHCP hosts on my network get the Pi-Hole address as their DNS server, the Pi-Hole, in turn forwards valid requests to OPNSense, OPNSense then resolves the requests. If it's some tricky LAN host that's trying to use its own hardcoded DNS, it'll get forwarded to the Pi-Hole due to the port-forwarding rules.
On my old setup this worked perfectly, and as far as I can tell I've got it setup the same way now.
The way I would test it before is shut down the Pi-Hole VM and I wouldn't be able to resolve any websites (which makes sense because the Pi-Hole was shut off).
I just tried that same test now that I've got my new OPNSense hardware running, and to my surprise, I was able to resolve websites with the Pi-Hole shut down.
I checked my IP Settings -> ipconfig /all on the Windows machine I was testing from. The DNS servers listed were:
192.168.1.101 (as expected from the OPNSense DHCP server)
two IPv6 addresses (no idea where these are coming from)
It seems DNS requests are being handled by whatever those IPv6 addresses are.
The problem is, I have no idea how my Windows machine is getting these as DNS servers. I triple checked the DHCP server, they're not listed there.
Any ideas on this one? I'm not sure what I'm missing.
Thanks!
Edit: I should mention that the IPv6 DNS server my LAN hosts are getting is my OPNSense box's IPv6 address on its LAN interface. I just did a "what's my DNS server" test from one of those website, and it's my public IPv4 address that's being shown as my DNS server. So, my OPNSense Unbound instance is doing the resolving.
«
Last Edit: July 17, 2021, 02:08:11 am by MrBee
»
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: LAN Hosts Getting IPv6 DNS Addresses
«
Reply #1 on:
July 17, 2021, 09:20:55 am »
Have you configured RADVD to advertise the Pi-hole IPv6 to your SLAAC clients?
If not, head to Services, Router Advertisements and configure the DNS servers on your LAN.
You do have IPv6 configured on your Pi-hole, don't you?
Bart...
Logged
MrBee
Newbie
Posts: 7
Karma: 0
Re: LAN Hosts Getting IPv6 DNS Addresses
«
Reply #2 on:
July 17, 2021, 04:12:25 pm »
Hi thanks for the reply.
I'm not seeing Router Advertisements under Services.
Looked around other places, but not seeing it anywhere.
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: LAN Hosts Getting IPv6 DNS Addresses
«
Reply #3 on:
July 18, 2021, 04:52:39 pm »
Do you have a static IPv6 address assigned to the LAN interface of the firewall?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
LAN Hosts Getting IPv6 DNS Addresses
