What's new

Setting up IPV6 with DNS-over-TLS

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

gattaca

Senior Member
Starting this thread to see if there's any interest in hashing this out. I've kept IPV4 set to OFF on my Asus setup forever. Opening this thread based on this -> https://www.snbforums.com/threads/cloud9-dns.56918/page-7#post-497299

The biggest gotcha in even thinking about IPV6 is from this 2014 article -> https://major.io/2014/09/11/howto-time-warner-cable-ipv6/ (maybe there's newer) The other gotcha is I think each ISP can be slightly different.

"IPv6 eliminates the need for network address translation (NAT). This means that by the time you finish this howto, each device in your network with have a publicly accessible internet address. Also, bear in mind that with almost all network devices, firewall rules and ACL’s that are configured with IPv4 will have no effect on IPv6. This means that you’ll end up with devices on your network with all of their ports exposed to the internet."

I'm not really sure that's what we expect - no NAT, no router protection? Open for comments!
 
That 2014 article is no longer accurate.

I have Spectrum aka Time Warner as my ISP and have had IPv6 up and running for over a year on my 86U with IPv6 firewall enabled. I still use NAT because not all my devices support IPv6 and not all my destinations are IPv6 enabled.
 
I am also interested in this also but first must enable IPv6 on my RT-AC68U connected to my Telus Actiontec 1200H.
So far am stuck at whether to set Native, Passthrough or Static IPv6. following this instruction:
https://www.asus.com/support/FAQ/113990
I have had no success in getting assistance or information from Telus and am reluctant to experiment as my setup is working so well on latest Merlin stable.
Can anyone please steer me in the right direction?

Actiontec screenshots:
upload_2019-6-11_10-55-17.png

upload_2019-6-11_10-56-30.png
 
@Brenneke
So far am stuck at whether to set Native, Passthrough or Static IPv6.
Native.

For DNS servers I would use 'Custom Servers' and then use whatever you want. ISP DNS servers are usually slower. I use Google: 2001:4860:4860::8888 and 2001:4860:4860::8844
 
I'm not really sure that's what we expect - no NAT, no router protection? Open for comments!

Hey gattaca,

What exactly is your question? IPv6 works perfectly fine with DNS-over-TLS, in case that's what you were wondering. Do you need assistance in configuring DoT on Asuswrt-Merlin?
 
Hey gattaca,

What exactly is your question? IPv6 works perfectly fine with DNS-over-TLS, in case that's what you were wondering. Do you need assistance in configuring DoT on Asuswrt-Merlin?
This is more about making the switch from IPv4 home networks to IPv6 home networks and the expected changes, driven by the recommendation to use Quad9 IPv6 server as the primary resolver. The tail is wagging the dog, but I admit I'm interested to know what to expect if I wanted to switchover to IPv6 at home.
 
My main concerns with going straight ipv6 is the fact that IPv6 functioning depends on ICMPv6 for error messages, path MTU discovery, multicast group management and Neighbour Discovery. IPv6 also relies upon multicast availability, which will impact on firewalls, intrusion detection and access control rules.
 
This is more about making the switch from IPv4 home networks to IPv6 home networks and the expected changes, driven by the recommendation to use Quad9 IPv6 server as the primary resolver. The tail is wagging the dog, but I admit I'm interested to know what to expect if I wanted to switchover to IPv6 at home.
Correct. I was interested in trying to get QUAD9 working with IPV6 but I have always set IPV6 to OFF on my ASUS routers. I'm guessing by setting IPV6 to disabled, I cannot get the IPV6 working for DNS-over-TLS. My ISP (Spectrum) should support IPV6 but I've never tried using it. I also want to make sure I understand what might bite me if I enable IPV6.

Correct, the interest comes from the DNS-over-TLS going on in the Network Security thread.
 
My main concerns with going straight ipv6 is the fact that IPv6 functioning depends on ICMPv6 for error messages, path MTU discovery, multicast group management and Neighbour Discovery. IPv6 also relies upon multicast availability, which will impact on firewalls, intrusion detection and access control rules.

I'm basically running dual-stack (both IPv4 and IPv6) for a few months now without any issues.
 
@Brenneke

Native.

For DNS servers I would use 'Custom Servers' and then use whatever you want. ISP DNS servers are usually slower. I use Google: 2001:4860:4860::8888 and 2001:4860:4860::8844

I made the changes and rebooted router but I do not have IPv6 connectivity: (https://test-ipv6.com/)
When I connect directly through my ISP modem I do get IPv6.
What am I missing?
Thanks for your help!
 

Attachments

  • asus-router.png
    asus-router.png
    116.5 KB · Views: 675
  • isp-modem.png
    isp-modem.png
    118.4 KB · Views: 673
  • asus-ipv6-settings.png
    asus-ipv6-settings.png
    39.1 KB · Views: 693
  • asus-wan-dns-settings.png
    asus-wan-dns-settings.png
    288.9 KB · Views: 610
I made the changes and rebooted router but I do not have IPv6 connectivity: (https://test-ipv6.com/)
When I connect directly through my ISP modem I do get IPv6.
What am I missing?
Thanks for your help!
Does running the following fix it?
Code:
echo "1" > /proc/sys/net/ipv6/conf/eth0/accept_ra
 
I made the changes and rebooted router but I do not have IPv6 connectivity: (https://test-ipv6.com/)
When I connect directly through my ISP modem I do get IPv6.
What am I missing?
Thanks for your help!
Except for choosing my own DNS server (Quad 9) it's the same as mine. I use Cox Cable in Texas and it passes those tests.

Do you have access to another router to test?
 
Except for choosing my own DNS server (Quad 9) it's the same as mine. I use Cox Cable in Texas and it passes those tests.

Do you have access to another router to test?
I do not have another router to test.
 
I'm basically running dual-stack (both IPv4 and IPv6) for a few months now without any issues.
Yea dual stack is that transition period where you would only see issues if you had slac enabled.
 
Screenshot_20190611-214242112.jpg
It isnt an issue to run ipv6 the question you must ask yourself is does the router setup and your isp really support it to be runned by itself. It is easy to run ipv6. But even some providers dont truly fully support it to run by itself
 
I have recently been able to get IPV6 working on Comcast. First I had them replace the aged cable modem with one that supported IPV6. The modem was set up so I could use static IPV4 addresses on the four routers I have connected to the modem. Connecting a PC directly to the modem did get IPV6 address. My AC68U's were running John's fork which just would not get an IPV6 address. I upgraded each router to 384.10 (now 384.11_2) and the native IPV6 worked! I use Quad9 DNS resolvers for both IPV4 and IPV6 but have not enabled DoT on those routers yet. When I do I will alternate Quad9 IPV4 preset with IPV6 preset and repeat. I will likely modify dnsmasq and stubby to communicate on IPV4 and IPV6 loopback port 5453. For my home router I am waiting for my ISP to get native IPV6. Maybe this fall when I move and have FIOS I will get the native IPV6. But, I will not turn off IPV4!
 
I wondered if running VPN on my router was preventing IPv6 from functioning - seems this is so as Nord tells me they do not support IPv6 - so much for that!
 
Last edited:

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top