Send IPv6 lookups to PiHole

[zaxcom]

So I want to have all IPv6 DNS lookups go to my PiHole directly using its address. I came across this older thread that says this is how to make it work by making a new file in jffs/scripts called dnsmasq.postconf

There were two different options of scripts to use. This one:

#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh

pc_replace "dhcp-option=lan,option6:23,[::]" "dhcp-option=lan,option6:23,[ipv6 address of DNS server]" $CONFIG

Or this one:


#!/bin/sh
sed -i "s/dhcp-option=lan,option6:23,.*/dhcp-option=lan,option6:23,[YOUR PI-HOLE IPV6 ADDRESS]/" $1

So three questions.
1: which one is the right one?
2: do I still have to enable the IPv6 section on the router or do I leave that off?
3: do I enable or disable the router advertisement in the IPv6 section?

thx all!

 

[zaxcom]

Well I decided to try both scripts and neither one works. The routers IPv6 DNS is being pushed to my clients, not the PiHoles IPv6.

I followed these steps to the letter;


Administration > System > Enable JFFS custom scripts and configs -> Yes

Then create /jffs/scripts/dnsmasq.postconf
#: touch /jffs/scripts/dnsmasq.postconf
Use your favorite text editor to add the code below in to /jffs/scripts/dnsmasq.postconf. Be sure to enter the proper IPv6 and IPv4 addresses in the code! Leave the brackets [] around the IPv6 address!!
#: chmod +x /jffs/scripts/dnsmasq.postconf
#: reboot
Code:
Code:
#!/bin/sh
sed -i "s/dhcp-option=lan,option6:23,.*/dhcp-option=lan,option6:23,[<fe80... DNS IPv6 address>]/" $1
echo "dhcp-option=lan,6,<DNS IPv4 address>" >> $1


note: corrected this post for a spelling error in the commands

 

[heysoundude]

I'd love to know just how much of my traffic is v4 and how much is v6...it would be nice if there was just a simple gauge, left being v4 with a traffic counter below, right being v6 with a traffic counter, right up the middle being 50/50...can that be easily scripted?

 

[zaxcom]

I got it to work! Turns out there was a spelling error in the commands I copied from the old thread. Once I fixed that the IPv6 address of my PiHole populated to the DNS settings on all my devices. Based on this photo it looks like it’s all good now.

 

[dave14305]

Do you see IPv6 addresses for your clients in the query log? The presence of AAAA queries isn’t enough to confirm they arrived at the Pi-Hole via an IPv6 client address.

Please update the earlier post to correct the spelling mistake (I assume it was jiffs?).

 

[zaxcom]

Do you see IPv6 addresses for your clients in the query log? The presence of AAAA queries isn’t enough to confirm they arrived at the Pi-Hole via an IPv6 client address.

Please update the earlier post to correct the spelling mistake (I assume it was jiffs?).

I don’t see ip’s. The PiHole resolves the device names. I should add that pihole has been scripted to connect to cloudflare over DOH.

 

[dave14305]

I don’t see ip’s. The PiHole resolves the device names. I should add that pihole has been scripted to connect to cloudflare over DOH.

OK, it’s been a while since I used Pi-Hole.

 

[drone540]

I'm also having this Problem with Pi-Hole and Asus Merlin.

But I just realized my pihole was not effectively working due to ipv6 getting resolved by the ISP instead of the routers set DNS server in the IPv6 page

I tried to enable the DNS settings in the asus router to point to the Pi-hole address and it kept pulling from the ISP no matter what.

I am using manually assigned DHCP from the Asus router rather then the DHCP from Pi-Hole. Would this script work for me? Is it just manually setting the IPv6 DNS to use the IPv4 DNS servers?

I currently disabled IPv6 until I can figure out a implement the pihole DNS at router level.

 

[drone540]

Hmm. Looking at this thread: IPv6 DNS Servers not applied to dnsmasq configuration · Issue #376 · RMerl/asuswrt-merlin.ng (github.com)

Pointed me to this file. Which I checked on the router.

# cat /tmp/resolv.dnsmasq
server=75.75.75.75
server=75.75.76.76
server=/hsd1.xx.comcast.net./75.75.75.75
server=/hsd1.xx.comcast.net./75.75.76.76
server=2601:c4:8200:743:ba27:ebff:fec3:8e24

Changing the WAN DNS in the Asus Router to also use the IPv4 DNS server results in:

# cat /tmp/resolv.dnsmasq - (actually this file went blank after this - can't seem to find the IPv6 address set in asus page anywhere now)
server=192.168.1.200
server=2601:c4:8200:743:ba27:ebff:fec3:8e24

Which does in fact fix nslookup on both the router and on my computer.

However DNS servers on windows now shows 4 DNS servers:

DNS Servers . . . . . . . . . . . : 2601:c4:8200:743::1
                                    192.168.1.200
                                    2601:c4:8200:743::1
                                    fe80::1a31:bfff:feac:b870%8

That last one is new, and I'm not sure what that actually is.

/etc/resolve.conf now only shows the IPv4 address 192.168.1.200 now. instead of 75.75.75.75, 75.75.75.76

Also changing WAN to just blank ip also seems to work. /etc/resolve.conf goes blank but I set it back to 192.168.1.200 as I found the router showing 0.0.0.0 doing DNS resolves even though it seems to be using the pihole. 0.0.0.0 just seems to make it look like it's resolving them itself. But maybe it's really just the DNSmasq below?

/etc/dnsmasq.conf has this in it:
dhcp-option=lan,6,192.168.1.200
dhcp-option=lan,option6:23,[::]

So it looks like it's still going to ignore the IPv6 DNS address no matter what and looks like the router will just resolve them over IPv4 itself.

But I guess this fix is still missing the IPv6 address from above that will push that IPv6 DNS address to the clients also?

Edit: TLDR
It looks like this issue is just a matter of the IPv6 page not even setting the DNS servers entered into the /etc/dnsmasq.conf file at all. It's just set to [::], which causes all clients to resolve thru WAN, which if you didn't turn off the Connect to DNS Server automatically on both the WAN and IPv6 pages, will end up using your ISP's DNS server

 

[zaxcom]

So I got it to work just fine using the terminal commands which sent the IPv4 and IPv6 addresses of my Pihole to all my devices. The only hitch was that using DOH to Cloudflare would not allow IPv6 connections directly to their DNS server as the DOH script only works over IPv4.

Also upon reading further and discovering that your ISP can tell the websites you go to through other means even if you use DOH I gave up on my quest to be stealth and decided to turn off DOH and set up Pihole to go to Cloudflare servers directly.

So now my clients get the Pihole for DNS, and Pihole connects to v4 and v6 servers.
.

 

[drone540]

Ok yeah. I just tested this and it does work. Here are the Steps for anyone else needing to fix IPv6 DNS assignment.

Step 1:
In Administration / System:
Enable JFFS custom scripts and configs: Yes
Enable SSH: LAN only or / LAN/WAN (if on WiFi)

Step 2:
SSH in to the router with Terminal or Putty/Kitty
Login with user/password to access the webui

Step 3:
Type this into terminal
nano /jffs/scripts/dnsmasq.postconf

Step 4:
Paste this code in and replace [Insert:Your:IPv6:DNS:Server:Here] with your IPv6 address inside the [Brackets] and [comma],[separated] for more then one IPv6 DNS Server

#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh

pc_replace "dhcp-option=lan,option6:23,[::]" "dhcp-option=lan,option6:23,[Insert:Your:IPv6:DNS:Server:Here]" $CONFIG

Alternate version if your router is setting something else beside [::] as the IPv6 that you need to replace.

#!/bin/sh
# sed -i "s/dhcp-option=lan,option6:23,.*/dhcp-option=lan,option6:23,[Insert:Your:IPv6:DNS:Server:Here]/" $1

Step 5:
Press <control> + X, then Y followed be <Enter> when prompted to save file.

Step 6:
Reboot router with reboot command or from WebUI.

Step 7:
Verify it worked and then disable SSH In Administration / System: Enable SSH: No



This seems to actually set the IPv6 DNS IP for me correctly now on all clients. Windows/Mac/Linux
IPv4 DNS settings works as expected from the LAN/DHCP/DNS and WINS Server Setting / DNS Server 1 and 2, so no need to override that one.