[SCRIPT] Force IPv6 LAN DNS to mirror IPv4 DNS

[jtp10181]

I am guessing other people have this problem as well. I have setup PiHole or AdguardHome on a separate server and using the router as DHCP. The first issue is that the router will force the routers IP as the IPv6 DNS server over DHCP and there is no option to change it on the LAN side only. I prefer to leave the WAN DNS as auto configure so I can quickly revert to that if needed, and also so the router itself can always access DNS as soon as its online. I also want the clients to talk to the DNS directly and not through the router so that I get better stats and logging on the interface.

To solve that first issue I had used a dnsmasq.postconf to replace the [::] with the IPv6 address of the DNS server. This works but then the clients will make the request over IPv6 which makes it hard to keep track of who is who, especially when the hostnames are less reliable on IPv6 and many devices will use multiple IPv6 addresses.

I came up with an idea to replace [::] instead with a mapped IPv4 address in place of the IPv6. With this all the clients connect to the DNS over IPv4. They can still get AAAA records over IPv4, there is really no reason to use IPv6 internally inside my small home LAN. I think I want to make a small script (to share of course) that would automate this setting based on what is filled in on the GUI for the IPv4 DNS on the WAN page. A set it and forget it type of thing so I don't have to edit the script if anything changes. But before I work on it, is there any problem anyone can think of with doing this?

Here is the relevant parts of my final dnsmasq.conf looks like after my manual postconf right now.

dhcp-option=lan,6,192.168.1.8

dhcp-option=lan,option6:23,[::ffff:192.168.1.8]

Here is how it shows up on my windows PC (no idea why it always shows the IPv6 twice).

Well, no one said I was crazy for putting in the mapped IPv4 address so I made a little script to automate it based off the IPv4 settings. There might be a more elegant way to do this, but this is what I came up with. This could be put directly into the dnsmasq.postconf or into its own file and executed from the postconf

#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh

#Get IP list from LAN DHCP IPv4 DNS Config (cannot have more than 2 + router)
IPLIST=$( sed -nr 's/^dhcp-option=lan,6(,.+?)$/\1/p' $CONFIG )
IP1=$( echo "$IPLIST" | cut -d',' -f2 )
IP2=$( echo "$IPLIST" | cut -d',' -f3 )
IP3=$( echo "$IPLIST" | cut -d',' -f4 )

#Convert to mapped IPv6 format if not blank
[ -n "$IP1" ] && IP1=[::ffff:${IP1}]
[ -n "$IP2" ] && IP2=,[::ffff:${IP2}]
[ -n "$IP3" ] && IP3=,[::ffff:${IP3}]

#Join back to single string to inject into config
IPLIST=${IP1}${IP2}${IP3}

#Inject into config file
pc_replace "dhcp-option=lan,option6:23,[::]" "dhcp-option=lan,option6:23,${IPLIST}" $CONFIG

 

[Deleted member 62525]

I have Unbound DNS running on my Synology NAS. I configured the router as follows.
1. WAN DNS set to my local DNS unbound
2. Forward DNS to WAN - yes
3. Lan dns set to my DNS

With this setup all my clients on the LAN use my local DNS.

 

[jtp10181]

I have Unbound DNS running on my Synology NAS. I configured the router as follows.
1. WAN DNS set to my local DNS unbound

Do you have IPv6 enabled? Did you manually set the IPv6 DNS on the IPv6 Page also?
Also, I believe with this setup the clients will have the router as the DNS server (you can easily see in the IP config on a client), and then the router sends it to your server. So if you looked at the logs for the DNS it would show all the requests are from the router. This is one of the things I am trying to avoid by having the clients talk to the DNS directly with the setup I have.

 

[Deleted member 62525]

I dont use IPv6 but it should not matter in this case. My setup I descibed would pass DNS to all clients.
If I do dig command form the client computer I can clearly see it is using my DNS.

Router Admin Web Config

1. Tools/Other/WAN Use local caching -> No
2. WAN DNS1 -> {Local DNS IP}
3. WAN Forward local requests to upstream DNS -> No
4. LAN DNS Filter -> Off (Router)
5. LAN DNS set to {Local DNS IP}

 

[jtp10181]

The whole premise of my post is a challenge regarding IPv6, and a possible solution since the router does not let you specify an IPv6 LAN DNS setting.
In your list of settings, it is #5 which is causing the clients to use the local DNS directly instead of the router.

 

[Deleted member 62525]

Asus DNS management and number of settings can be a hand full and the number of combinations make it difficult to figure out. I rememeber not long time ago I got frustrated trying to figure my setup. My initial setup was settiing
WAN DNS to my local DNS, Forward local domain queries to WAN DNS set to Yes, leaving LAN DNS blank.

This was working fine and all DNS quesries were routed to my local DNS throught the router IP. This maybe something you have to consider. In this config the clients DNS IP will be set to router IP, but as I mentioned all dns queries will be routed to your local DNS. Also, if I can remmeber in this setup you can actually set DNS IP on the client and it would work too.

 

[DarkWolfSLV]

Thanks for the script! I'm not super familiar with postconf files, but I just need a *.sh under /jffs/scripts/* as explained on the Wiki, right?
User scripts · RMerl/asuswrt-merlin.ng Wiki · GitHub

Thank you!

 

[jtp10181]

Thanks for the script! I'm not super familiar with postconf files, but I just need a *.sh under /jffs/scripts/* as explained on the Wiki, right?
User scripts · RMerl/asuswrt-merlin.ng Wiki · GitHub

Thank you!

Yes, specifically it should be named dnsmasq.postconf (no sh extension) which will then automatically run as needed to "fix" the actual config file with the new settings.

You can run

cat /etc/dnsmasq.conf

after rebooting (or restarting dnsmasq manually) to see the changes.

 

[heysoundude]

I have Unbound DNS running on my Synology NAS. I configured the router as follows.
1. WAN DNS set to my local DNS unbound
2. Forward DNS to WAN - yes
3. Lan dns set to my DNS

With this setup all my clients on the LAN use my local DNS.

This Is The Way
the unbound script in amtm makes it so

 

[ColinTaylor]

This Is The Way
the unbound script in amtm makes it so

It misses the entire point of this thread though.

 

[DarkWolfSLV]

Th

Yes, specifically it should be named dnsmasq.postconf (no sh extension) which will then automatically run as needed to "fix" the actual config file with the new settings.

You can run

cat /etc/dnsmasq.conf

after rebooting (or restarting dnsmasq manually) to see the changes.

Thank you for the confirmation, I applied the changes. They are reflected on /etc/dnsmasq.conf but by devices (pc, cellphone and ipad) are still getting the full IPv6 auto discovery IP.
This is after a few service restarts and a reboot.

Your scripts works since it applied the changes, but could it be that I am missing something for dnsmasq?

 

[jtp10181]

Thank you for the confirmation, I applied the changes. They are reflected on /etc/dnsmasq.conf but by devices (pc, cellphone and ipad) are still getting the full IPv6 auto discovery IP.
This is after a few service restarts and a reboot.

Your scripts works since it applied the changes, but could it be that I am missing something for dnsmasq?

The devices might have the DNS server cached, so I would wait 24hrs and see if that clears it up. Just to be clear the only thing that will change is the DNS servers the devices discover from DHCP.

 

[DarkWolfSLV]

The devices might have the DNS server cached, so I would wait 24hrs and see if that clears it up. Just to be clear the only thing that will change is the DNS servers the devices discover from DHCP.

mmmm nop, still auto discovering the old settings my IPv6 are set to passthrough

 

[jtp10181]

mmmm nop, still auto discovering the old settings my IPv6 are set to passthrough

I am not an IPv6 expert but I am guessing the passthrough option is just letting the devices get the IPv6 info from the ISP router/upstream. I have mine set to Native with all the defaults which lets the router have some control over the IPv6.