IPv6 & Unbound Problems

[Skeptical.me]

Today I installed Unbound, and enabled IPv6 in my RT-AX88U after installing Merlin 384.15_beta1

1. From a Networking App on my iMac I keep receiving warnings that "DNS resolution is not working"

2. On ipleak.net I see this:

3. Only very few web pages will load, for example Google.com

I'm completely inexperienced with Unbound, and IPv6, so I'm just looking for some direction. Thank you very much for any help.

 

[L&LD]

@Skeptical.me, what order did you do things in?

 

[Skeptical.me]

@Skeptical.me, what order did you do things in?

1 Merlin, 2. IPv6, 3. Unbound

 

[L&LD]

Between 2 and 3, did you test that IPv6 was working properly?

Did you at least reboot modem/ONT and the device you're testing on?

After you installed Unbound, did you reboot the router and confirm that it was still 'alive' and working?

 

[Skeptical.me]

Between 2 and 3, did you test that IPv6 was working properly?

Did you at least reboot modem/ONT and the device you're testing on?

After you installed Unbound, did you reboot the router and confirm that it was still 'alive' and working?

I rebooted everything each time I made a change.


I've disable IPv6 as I use ExpressVPN in a OpenVPN client on the router for the majority of the time. ExpressVPN doesn't use IPv6, as far as I can tell.

If I'm going to see Australian IPv6, or any other DNS server other than ExpressVPN on a ipleak.net test then I can't use IPv6.

However, I'll reboot the router again after I find the command that can tell me if Unbound is "alive".

Edit: I'm only learning now that IPv6 is completely different to IPv4. The VPN using IPv4 addresses is completely separate from the IPv6 address. What I see is the VPN IPv4 US addresses on ipleak.net. Then there is also an IPv6 Australian address. So if websites use IPv6 addresses my VPN doesn't protect my location

 

[L&LD]

@Skeptical.me here are the troubleshooting steps that I would do.

• Install RMerlin 384.15 Beta 1 and thoroughly test that your network and devices are working as expected.
  • I am assuming at this point, this has been determined and no issues are apparent.
• Enable IPv6 and use it normally for at least a couple of days. Making sure your network and devices are still working as you expect.
  • A reboot of the modem/ONT and the router and the client devices are usually required within the first hour after enabling IPv6 in my experience.
  • A further shutting down of all networked equipment may also be needed. This will properly reset the ISP connection between the modem/ONT and the router for a more stable experience. At least 10 minutes is required for this step, if necessary, and up to one hour with all equipment turned off depending on the ISP.
  • What I am looking for specifically is an IPv6 address in the router GUI IPv6 page. This is the same page where you enabled IPv6.
  • Also, each client device should have both IPv4 and IPv6 addresses in their connection properties.
• If the steps above prove the network and client devices continue to work as expected, then I would add further customizations to the network (below).
• Install unbound_manager v2.03 in default mode (hit Enter = 'No' to all setup questions.
  • Use the network as you usually do. Check the unbound_manager 's' output for proof that it is caching as designed.
  • At roughly the hour mark, I would reboot and after 10 to 15 minutes check that unbound is 'alive' by using unbound_manager and the '?' command.

Of course, using paid/commercial VPN providers may throw some wrenches into the works here. I would be looking for a provider that worked with the full setup above if there is one available at a reasonable cost.

The overall idea here though is to test at each stage before a change is made to know where to begin troubleshooting. If everything is done all at once, it makes it much more difficult to track down the actual cause(s).

While the whole world can live happily on IPv4 today, I don't want to be at the bottom of the learning curve when this isn't the case anymore. And that day will be here sooner, rather than later.

 

[Skeptical.me]

@Skeptical.me here are the troubleshooting steps that I would do.

• Install RMerlin 384.15 Beta 1 and thoroughly test that your network and devices are working as expected.
  • I am assuming at this point, this has been determined and no issues are apparent.
• Enable IPv6 and use it normally for at least a couple of days. Making sure your network and devices are still working as you expect.
  • A reboot of the modem/ONT and the router and the client devices are usually required within the first hour after enabling IPv6 in my experience.
  • A further shutting down of all networked equipment may also be needed. This will properly reset the ISP connection between the modem/ONT and the router for a more stable experience. At least 10 minutes is required for this step, if necessary, and up to one hour with all equipment turned off depending on the ISP.
  • What I am looking for specifically is an IPv6 address in the router GUI IPv6 page. This is the same page where you enabled IPv6.
  • Also, each client device should have both IPv4 and IPv6 addresses in their connection properties.
• If the steps above prove the network and client devices continue to work as expected, then I would add further customizations to the network (below).
• Install unbound_manager v2.03 in default mode (hit Enter = 'No' to all setup questions.
  • Use the network as you usually do. Check the unbound_manager 's' output for proof that it is caching as designed.
  • At roughly the hour mark, I would reboot and after 10 to 15 minutes check that unbound is 'alive' by using unbound_manager and the '?' command.

Of course, using paid/commercial VPN providers may throw some wrenches into the works here. I would be looking for a provider that worked with the full setup above if there is one available at a reasonable cost.

The overall idea here though is to test at each stage before a change is made to know where to begin troubleshooting. If everything is done all at once, it makes it much more difficult to track down the actual cause(s).

While the whole world can live happily on IPv4 today, I don't want to be at the bottom of the learning curve when this isn't the case anymore. And that day will be here sooner, rather than later.

Thanks for the reply.

Unfortunately I've discovered that when using a VPN client in the router IPv6 will leak your location, and as far as I can tell in the router there's no way to have the VPN client disable IPv6 when using a VPN service. As I always use a VPN service there's no point in using IPv6.

Also, apparently when I use Unbound I have to change a setting in the the Ubound conf and add the VPN addresses to it. I'm not sure, but wouldn't that mean I'd have to change the Ubound conf every time I changed VPN servers?

So, at this stage I'm not sure I can use either.

I have updated to Merlin 384.15_beta1 and so far so good.

 

[dave14305]

Thanks for the reply.

Unfortunately I've discovered that when using a VPN client in the router IPv6 will leak your location, and as far as I can tell in the router there's no way to have the VPN client disable IPv6 when using a VPN service. As I always use a VPN service there's no point in using IPv6.

Also, apparently when I use Unbound I have to change a setting in the the Ubound conf and add the VPN addresses to it. I'm not sure, but wouldn't that mean I'd have to change the Ubound conf every time I changed VPN servers?

So, at this stage I'm not sure I can use either.

I have updated to Merlin 384.15_beta1 and so far so good.

Is the router itself routed to the WAN or VPN in your policy rules?

 

[Skeptical.me]

Is the router itself routed to the WAN or VPN in your policy rules?

In order for Diversion to work with ExpressVPN I have to set "Accept DNS Configuration" to Exclusive, and set "Force Internet Traffic through Tunnel" to "Yes".

So all traffic is forced through the VPN tunnel.

Therefore, I can not use Policy Routing.