IPv6 Not Allowing Manual DNS Server

[nickp85]

I recently changed ISPs and the new ISP uses CG-NAT but allows IPv6 passthrough. I enabled it and my clients can get IPv6 IPs which helps get around the limitations of CG-NAT to some degree but I also use Pihole on my local network with the router configured to give out the pihole IP as DNS. I noticed since enabling passthrough IPv6, my clients are getting an IPv6 DNS server which I have not configured anywhere. I would like the clients to continue to use IPv4 Pihole and get AAAA records from it. I cannot find any way to stop this other IPv6 DNS server (I assume the router's IP or the ISP) from being sent to the local clients.

I even tried to configure Pihole with an ipv6 local static IP and set this as the IPv6 DNS server under DHCP but that IP is not being give to the client, still getting the other one that's coming from somewhere (assume ISP).

How can I use IPv6 but limit DNS to only pihole server IPv4 address?

My router is ASUS RT-AX86U PRO with latest Merlin firmware

Thanks

 

[nickp85]

Update: I was able to reconfigure to use Native for IPv6, my ISP or the router is finicky and I need to do a full reboot every time I make a change that impacts WAN even if saving the setting in the GUI does not trigger a full reboot.

I put Pihole on a static IPv6 address in the range given by my ISP that the router registered as LAN IP and then configured IPv6 DNS for DHCP to give out Pihole DNS and it appears to be working.

I still wish there was a way to simply disable IPv6 DNS and just rely on IPv4 for DNS. If I don't specify an IP, it gives out the router's address.

 

[nickp85]

Update 2: seems the ipv6 prefix given by the ISP is definitely not static. My pihole is still working but is on a different prefix than the rest of my LAN now. Whats the best way to make this work?

 

[ZebMcKayhan]

Update 2: seems the ipv6 prefix given by the ISP is definitely not static. My pihole is still working but is on a different prefix than the rest of my LAN now. Whats the best way to make this work?

Any reason you can't use dnsdirector with pihole link-local address globally, then use pihole mac and set to no redirection?

 

[nickp85]

pihole seems to get the same MAC as the Unraid server it's running on even with a custom IP. Router doesn't see it as a separate device

 

[ZebMcKayhan]

pihole seems to get the same MAC as the Unraid server it's running on even with a custom IP. Router doesn't see it as a separate device

Ok...

Have you tried putting in the ula address of the pihole as dns server in the ipv6 page (connect to dns automatically = no)? It should remain static and is exactly for this type of purpose. But I don't know if it will work, altough I dont see why not...

I wonder what happens if you leave them all blank? Would that mean only ipv4 is deligated for dns?
Edit, just saw you already answered this. Assuming you put "announce router as dns..." to know this feels like a bug... sorry, Asus ipv6 support is really lacking. It hopefully gets better as people are using it and report these bugs.

If all else fail, you might need to make a custom dnsmasq.conf.add to remove the ipv6 dns line, or change it.

 

[nickp85]

Ok...

Have you tried putting in the link-local address of the pihole as dns server in the ipv6 page (connect to dns automatically = no)? It should remain static and is exactly for this type of purpose. But I don't know if it will work, altough I dont see why not...

I wonder what happens if you leave them all blank? Would that mean only ipv4 is deligated for dns?
Edit, just saw you already answered this. Assuming you put "announce router as dns..." to know this feels like a bug... sorry, Asus ipv6 support is really lacking. It hopefully gets better as people are using it and report these bugs.

If all else fail, you might need to make a custom dnsmasq.conf.add to remove the ipv6 dns line, or change it.

yeah if you set add router as "no" and don't define an IPv6 DNS, it automatically adds itself anyway

I'm not familiar with how to do custom editing of config files, how is that done? I'm not even sure what to edit. I just want the router not to hand out ipv6 DNS at all.

 

[ZebMcKayhan]

I'm not familiar with how to do custom editing of config files, how is that done? I'm not even sure what to edit. I just want the router not to hand out ipv6 DNS at all.

https://github.com/RMerl/asuswrt-merlin.ng/wiki/Custom-config-files

I think this is the line you want to remove:

dhcp-option=lan,option6:23

But check in your current running config in /etc/dnsmasq.conf

Something like
/jffs/scripts/dnsmasq.postconf

#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh

pc_delete "dhcp-option=lan,option6:23" $CONFIG

Other options would be to use pc_replace to replace the router [::] to whatever you wish, like pihole ula address (fc.... / fd.....)

Edit: please note, if you make Something wrong dnsmasq may not start and you may not get an ip when attempting to connect.
Use ssh commands

service restart_dnsmasq

After you made some changes but don't disconnect, but check syslog first so dnsmasq starts properly.
If you find yourself without ip, set a static ip to get to the router and check what is wrong.

 

[jtp10181]

I just want the router not to hand out ipv6 DNS at all.

I found this was impossible.
Also using the pc_delete to remove the entry did not work either, I forget why, possibly the router hands out its own IP anyway.

What I ended up doing was using a postconf file as described above but I injected the IPv4 (converted to IPv6 notation) as the IPv6 DNS.

#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh

#for 192.168.1.8 = [::ffff:c0a8:108]
pc_replace "dhcp-option=lan,option6:23,[::]" "dhcp-option=lan,option6:23,[::ffff:c0a8:108]" $CONFIG

# Restart avahi-deamon
service restart_mdns

This site can convert from the IPv4 to IPv6 https://dnschecker.org/ipv4-to-ipv6.php

This is how it shows up on windows clients

 

[ZebMcKayhan]

I found this was impossible.
Also using the pc_delete to remove the entry did not work either, I forget why, possibly the router hands out its own IP anyway.

What I ended up doing was using a postconf file as described above but I injected the IPv4 (converted to IPv6 notation) as the IPv6 DNS.

#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh

#for 192.168.1.8 = [::ffff:c0a8:108]
pc_replace "dhcp-option=lan,option6:23,[::]" "dhcp-option=lan,option6:23,[::ffff:c0a8:108]" $CONFIG

# Restart avahi-deamon
service restart_mdns

This site can convert from the IPv4 to IPv6 https://dnschecker.org/ipv4-to-ipv6.php

This is how it shows up on windows clients

View attachment 63166

Thanks for sharing!

While I knew this type of addressing was possible I've never really tried it. This gives me a great opportunity to dive into the details about this stateless Ip/Icmp translation (SIIP). I wonder where the translation really happens, at the router?

Wierd that while the address is ::ffff:a:b:c:d where a:b:c:d is the hexadecimal value of the decimal ipv4 (0d192 0d168 0d1 0d8 = 0xC0 0xA8 0x01 0x08) the windows client chooses to display the decimal variant in an ipv6 hexadecimal type of way (altough the dots instead of colons hints of this, just not very obvious)... they sure knows how to make things confusing!

 

[nickp85]

I found this was impossible.
Also using the pc_delete to remove the entry did not work either, I forget why, possibly the router hands out its own IP anyway.

What I ended up doing was using a postconf file as described above but I injected the IPv4 (converted to IPv6 notation) as the IPv6 DNS.

#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh

#for 192.168.1.8 = [::ffff:c0a8:108]
pc_replace "dhcp-option=lan,option6:23,[::]" "dhcp-option=lan,option6:23,[::ffff:c0a8:108]" $CONFIG

# Restart avahi-deamon
service restart_mdns

This site can convert from the IPv4 to IPv6 https://dnschecker.org/ipv4-to-ipv6.php

This is how it shows up on windows clients

View attachment 63166

I don't think you need the script. I just put the IPv6 equivalent in the router GUI for ipv6 DNS and it saved. Clients are now getting the converted IPv6 DNS

 

[jtp10181]

I don't think you need the script. I just put the IPv6 equivalent in the router GUI for ipv6 DNS and it saved. Clients are now getting the converted IPv6 DNS

Nice, I could not get that to work originally but it was a while ago. I think I was also trying to use the notation as shown on the windows client but I found later dnsmasq likes the proper hex notation better.

windows client chooses to display the decimal variant in an ipv6 hexadecimal type of way

Yeah that is also technically a valid way to show an IPv4 address in IPv6 notation. Makes it more clear what it really is versus the hex encoded version.

 

[ZebMcKayhan]

Yeah that is also technically a valid way to show an IPv4 address in IPv6 notation. Makes it more clear what it really is versus the hex encoded version.

Thanks!

Just for whoever is interested, there is no ipv6 to ipv4 translation at all, it is just an ipv4 written in an ipv6 type of way. Any data to this ip will be over ipv4 only. I could confirm this by accessing my own router from an ipv4 only network by entering the web address http://[::ffff:c0a8:8001] or http://[::ffff:192.168.128.1]. Anyone with 192.168.50.1 may access their webui by entering http://[::ffff:c0a8:3201] or http://[::ffff:192.168.50.1].

But it does not seem to work everywhere, for example I cannot ping it using the router itself or Android ping tool, but I can use it to run iperf3 test from Android ping tool. It seems to be up to the app to interpret.
But regardless for your use case it's a success either way.

Edit, correction; ping doesn't work from router as it interprets as an ipv6 which doesn't work. Ping -4 works

# ping -4 [::ffff:c0a8:8001]
PING [::ffff:c0a8:8001] (192.168.128.1): 56 data bytes
64 bytes from 192.168.128.1: seq=0 ttl=64 time=0.142 ms