Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
radvd seemingly advertising Cloudflare and Google IPv6 servers to clients
« previous
next »
Print
Pages: [
1
]
Author
Topic: radvd seemingly advertising Cloudflare and Google IPv6 servers to clients (Read 888 times)
Wendo
Newbie
Posts: 5
Karma: 1
radvd seemingly advertising Cloudflare and Google IPv6 servers to clients
«
on:
May 05, 2023, 11:19:44 am »
Hi
I've got Track Interface on for my WAN interface and IPv6 has been working fine for years. After upgrading to 23.1.7 I noticed that radvd (at least I think it it's radvd doing it) appears to be advertising Cloudflare and Google IPv6 DNS servers to the LAN clients, as well as the opnsense server itself. However after rolling back it's happening on my previous version of 21.1.3 as well so it's probably been going on for a while and I've just never noticed.
What this means is my internal DNS resolution isn't working anymore. I've also got AdGuardHome installed and running on port 53 but forwarding local queries to Unbound on 5353. AdGuardHome's DHCP is disabled so I don't _believe_ that's involved.
Logs don't appear to show much but then radvd is seemingly "Automatic" and so doesn't have any exposed config options but it's config file doesn't have these DNS servers in it. They are however specified under System -> Settings -> General -> DNS Servers.
How do I stop external DNS server being advertised to my LAN clients?
Thanks
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: radvd seemingly advertising Cloudflare and Google IPv6 servers to clients
«
Reply #1 on:
May 05, 2023, 12:11:16 pm »
I think there's a primary DNS checkbox now in AdGuard plugin. It's not supported by us and AdGuard is only loosely integrated so these tricks need to carried out in order to keep working with 23.1.6 and onwards.
Enable option if you run AdGuard on port 53 (making sure it listens on all the LAN interfaces where you expect to use it) and restart all relevant DHCP/RADVD services (a reboot works too).
Cheers,
Franco
Logged
Wendo
Newbie
Posts: 5
Karma: 1
Re: radvd seemingly advertising Cloudflare and Google IPv6 servers to clients
«
Reply #2 on:
May 05, 2023, 09:11:24 pm »
That appears to have solved it thanks!
Can you outline why this fixed it? Is radvd detecting that unbound isn't running on port 53 and so giving out system DNS servers to clients thinking there is no DNS server running on opnsense?
That's the only thing I can think of I just didn't think it was _that_ smart
Thanks
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: radvd seemingly advertising Cloudflare and Google IPv6 servers to clients
«
Reply #3 on:
May 05, 2023, 10:20:06 pm »
Correct, the actual change is this:
https://github.com/opnsense/core/commit/9f6df9e5f30
As you can see, the system previously blindly assumed when Unbound or Dnsmasq was enabled that port 53 could be used and advertised as such, but that is not the case. AdGuard plugin sort of benefited from this situation as long as you would try to run on port 53 and keep Unbound or Dnsmasq enabled everything was "ok".
But with BIND and Dnscrypt-Proxy in the plugins it wasn't possible to run those as a stand-alone core service so this change was made and now any of the 4 DNS services can be used as stand-alone when correctly configured on port 53.
That also includes AdGuard as stand-alone (not being included in our code it's the 5th, but not mentioned above for that reason) after the checkbox was added (so it's safe to turn off Unbound/Dnsmasq if you don't need it). The checkbox behaviour and AdGuard integration isn't great but if it works it works.
Cheers,
Franco
Logged
Wendo
Newbie
Posts: 5
Karma: 1
Re: radvd seemingly advertising Cloudflare and Google IPv6 servers to clients
«
Reply #4 on:
May 05, 2023, 10:27:01 pm »
Awesome, thanks!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
radvd seemingly advertising Cloudflare and Google IPv6 servers to clients