Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsDesktop computingNew PiHole install not blocking ads properly / no IPv6 DNS assigned
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
timmmay

20575 posts

Uber Geek

Trusted
Lifetime subscriber

  #3127229 13-Sep-2023 16:38
Send private message

tanivula:

 

Hey Timmay, any reason you don't just let the Fritz sort DHCP and leave the piHole to just DNS? 

 

What are the pro's for the piHole to to DHCP as well? 

 

 

Good question, and that's a good option. The original reason for moving to Pi Hole DHCP seems to be on this thread. In short it looks like I was having problems with blocking ads on IPv6, and the Fritzbox wasn't handing out DNS servers as I would expect it to.

 

I could try moving back to the Fritzbox, it'd just mean a bunch of copy and paste work to get the static leases set up. I don't really need static leases for many things, though quite a few things are addressed by IP for home automation, but I find it easier to identify devices on the network that way.

 

I'd rather try to get the Pi Hole working before I move back to the Fritzbox, partly because I will probably learn something that way :)



Tinkerisk
4226 posts

Uber Geek


  #3127247 13-Sep-2023 17:14
Send private message

Could it be that you are complicating things unnecessarily?

 

In my case, the router is in charge of everything in the first row and the DNS server is his assistant to whom he delegates.




- NET: FTTH, OPNsense, 10G backbone, GWN APs, ipPBX
- SRV: 12 RU HA server cluster, 0.1 PB storage on premise
- IoT:   thread, zigbee, tasmota, BidCoS, LoRa, WX suite, IR
- 3D:    two 3D printers, 3D scanner, CNC router, laser cutter

timmmay

20575 posts

Uber Geek

Trusted
Lifetime subscriber

  #3127251 13-Sep-2023 17:20
Send private message

Tinkerisk:

Could it be that you are complicating things unnecessarily?


In my case, the router is in charge of everything in the first row and the DNS server is his assistant to whom he delegates.



That was the question asked a half hour ago, that I answered above. Short answer, it looks like I did it for a good reason, but it might be worth trying Fritzbox again if I can't get PiHole dchp working properly with IPv6.



Tinkerisk
4226 posts

Uber Geek


  #3127254 13-Sep-2023 17:23
Send private message

timmmay:
Tinkerisk:

 

Could it be that you are complicating things unnecessarily?

 

 


That was the question asked a half hour ago, that I answered above.

 

Nope, my question was different - see. πŸ˜‰




- NET: FTTH, OPNsense, 10G backbone, GWN APs, ipPBX
- SRV: 12 RU HA server cluster, 0.1 PB storage on premise
- IoT:   thread, zigbee, tasmota, BidCoS, LoRa, WX suite, IR
- 3D:    two 3D printers, 3D scanner, CNC router, laser cutter

nzkc
1571 posts

Uber Geek


  #3127275 13-Sep-2023 17:39
Send private message

tanivula:

 

Hey Timmay, any reason you don't just let the Fritz sort DHCP and leave the piHole to just DNS? 

 

What are the pro's for the piHole to to DHCP as well? 

 

 

When I ran a Fritzbox my one gripe with it was no ability to set the domain for my home network. Maybe that has changed since. But I moved to a Pihole issuing DHCP so I could set the domain and have greater control over DNS too.

nzkc
1571 posts

Uber Geek


  #3127277 13-Sep-2023 17:41
Send private message

timmmay:
Tinkerisk:

 

Could it be that you are complicating things unnecessarily?

 

 

 

In my case, the router is in charge of everything in the first row and the DNS server is his assistant to whom he delegates.

 



That was the question asked a half hour ago, that I answered above. Short answer, it looks like I did it for a good reason, but it might be worth trying Fritzbox again if I can't get PiHole dchp working properly with IPv6.

 

Is the problem perhaps you have both Pihole and your Fritzbox responding to IPv6 dhcp requests?

timmmay

20575 posts

Uber Geek

Trusted
Lifetime subscriber

  #3127364 13-Sep-2023 18:45
Send private message

Tinkerisk:

 

Nope, my question was different - see. πŸ˜‰

 

 

It's possible πŸ˜€ I will generally go for the simplest solution that does what I need.

 

It looks like I moved to Pi Hole for a good reason, described above. I think I have a fairly standard Pi Hole setup, and some PCs are behaving weirdly around IPv6.

 

It was four years ago I moved from Fritz to PiHole for DHCP, so it would probably be worth the 10 minutes it would take to copy and paste my static reservations back to the Pi Hole to see if that fixes the problem, if nothing else comes up soon.

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
timmmay

20575 posts

Uber Geek

Trusted
Lifetime subscriber

  #3127366 13-Sep-2023 18:48
Send private message

nzkc:

 

Is the problem perhaps you have both Pihole and your Fritzbox responding to IPv6 dhcp requests?

 

 

It's possible - IPv6 is a bit more complicated than IPv4. I've put the Fritzbox IPv6 settings below, what do you think? I have selected "Disable DHCP v6 server in the Fritz Box" but there's a bunch more options on that page that could be messing things up.

 

What's odd is my PC works perfectly for IPv6, the work PCs and my wife's laptop are having problems with IPv6.

 

 

 

 

 

 

The IPv6 address there is for the Pi Hole.

 

 

 

 

 

 

Here's the Pi Hole DHCP configuration

 

 

 

Tinkerisk
4226 posts

Uber Geek


  #3127395 13-Sep-2023 20:47
Send private message

I’d assign ULA prefix (Pic1) manually in the LAN, reboot pi-hole, and get the new ip address via cmd

 

ip address | grep "inet6 fd"         (rem: fd - not fe80)

 

then enter Pi-hole's new stable IPv6 address manually as "Local DNSv6 server" in the section „Local DNSv6 server in the Home Network.“ (Pic2)

 

 

 

 




- NET: FTTH, OPNsense, 10G backbone, GWN APs, ipPBX
- SRV: 12 RU HA server cluster, 0.1 PB storage on premise
- IoT:   thread, zigbee, tasmota, BidCoS, LoRa, WX suite, IR
- 3D:    two 3D printers, 3D scanner, CNC router, laser cutter

timmmay

20575 posts

Uber Geek

Trusted
Lifetime subscriber

  #3127435 13-Sep-2023 21:56
Send private message

Tinkerisk:

 

I’d assign ULA prefix (Pic1) manually in the LAN, reboot pi-hole, and get the new ip address via cmd

 

ip address | grep "inet6 fd"         (rem: fd - not fe80)

 

then enter Pi-hole's new stable IPv6 address manually as "Local DNSv6 server" in the section „Local DNSv6 server in the Home Network.“ (Pic2)

 

 

Thanks for that. I'd just seen that recommendation on the Pi Hole website so I was thinking about it. I've changed it to see what happens.

 

The FD / FE difference is somewhat subtle. I chose FE originally because it was valid "forever" whereas FD was only valid for an hour - but it's renewed. The difference:

 

  • FD: IPv6 Unique Local Addresses: Unique local IPv6 addresses have a similar function as IPv4 private addresses. They are not allocated by an address registry and are not meant to be routed outside their domain.
  • FE: IPv6 Link-Local Addresses: Link-local IPv6 addresses have a smaller scope of how far they can travel: only within a network segment to which a host is connected.

I thought for a minute the network segment thing could be the answer, but my home PC and work computer are both ethernet connected to a switch connected to the same router port, so I suspect they're on the same network segment with no router between them. The others are on WiFi. The Pi Hole is directly connected to the router, so it's on a different network segment from anything else.

 

I guess I'll just wait and see what happens tomorrow once DHCP refreshes.

 

 

 

Any thoughts Tinkerisk or anyone on which of the DHCPv6 flag options to choose? Second diagram, under "Disable DHCP". This post suggests DHCPv6 isn't even required, SLAAC (Stateless Address Autoconfiguration) should work fine.

fe31nz
1228 posts

Uber Geek


  #3127457 14-Sep-2023 00:44
Send private message

timmmay:

 

Thanks for that. I'd just seen that recommendation on the Pi Hole website so I was thinking about it. I've changed it to see what happens.

 

The FD / FE difference is somewhat subtle. I chose FE originally because it was valid "forever" whereas FD was only valid for an hour - but it's renewed. The difference:

 

  • FD: IPv6 Unique Local Addresses: Unique local IPv6 addresses have a similar function as IPv4 private addresses. They are not allocated by an address registry and are not meant to be routed outside their domain.
  • FE: IPv6 Link-Local Addresses: Link-local IPv6 addresses have a smaller scope of how far they can travel: only within a network segment to which a host is connected.

I thought for a minute the network segment thing could be the answer, but my home PC and work computer are both ethernet connected to a switch connected to the same router port, so I suspect they're on the same network segment with no router between them. The others are on WiFi. The Pi Hole is directly connected to the router, so it's on a different network segment from anything else.

 

I guess I'll just wait and see what happens tomorrow once DHCP refreshes.

 

 

 

Any thoughts Tinkerisk or anyone on which of the DHCPv6 flag options to choose? Second diagram, under "Disable DHCP". This post suggests DHCPv6 isn't even required, SLAAC (Stateless Address Autoconfiguration) should work fine.

 

 

The difference between the IPv6 Unique Local Addresses (FD) and IPv6 Link Local Addresses (FE) is not at all subtle.  Link local addresses are only valid for the subnet the are on, and can not be used to route traffic to or from other nets or subnets.  All IPv6 devices get Link Local Address as having one is the only way they can initially talk IPv6, to see Router Advertisement (RA) packets, do DHCPv6 or various other things.

 

IPv6 Unique Local Addresses are the IPv6 version of the IPv4 private address blocks (192.168.0.0/24, 172.16.0.0/12 and 10.0.0.0/8).  These addresses are routable over local networks and subnets, but not routeable via Internet routers.  They are not normally used, as you want your IPv6 devices to have fully routeable Global Unicast IPv6 addresses so they can talk to the Internet using IPv6.  The Global Unicast addresses are assigned staticly on the device, by DHCPv6, or by SLAAC.  If SLAAC is used, then the addresses can change occasionally as IPv6 devices come and go on the network, but it is quite unusual for that to happen.  And also, if you are running your own DNS server, you need to have SLAAC devices talk to the DNS server to tell it their IPv6 address, which many devices can not do as they do not support the DNS update protocol.  So if you run your own DNS server, or are using the IPv6 addresses to identify devices (eg kid's PC for blocking traffic), then it is better to assign permanent IPv6 Global Unicast addresses either staticly or via DHCPv6.  However, in defiance of the RFCs defining IPv6, Android does not support DHCPv6 (except via third party software on rooted devices), so if using DHCPv6, you need to either run a separate subnet for Android devices where SLAAC is used (RA packet has M=0 and A=1), or allow both DHCPv6 and SLAAC addressing on your normal IPv6 subnets (RA packet has M=1 and A=1).  With M=1 and A=1, devices that are capable of using DHCPv6 will normally choose to use DHCPv6 and will only use SLAAC if they do not get a reply from a DHCPv6 server.  Devices that are not capable of DHCPv6 will immediately calculate a SLAAC address and check it for conflicts before using it.

 

So, in your FritzBox settings, I would recommend changing to "Do not assign unique local addresses", and set the Router Advertisement priority to High.  Leave it set to "Enable the M and O flags in router advertisements of the Fritz!Box (SLAAC possible).  That means the RA packets will have M=1 (use DHCPv6 if possible), O=1 (get other information such as DNS server addresses, domain name, NTP server, ... from the DHCPv6 server), and A=1 (SLAAC allowed)".  Make sure that your DHCPv6 server is set up to supply the correct IPv6 DNS server addresses.  Devices that use SLAAC addresses are supposed to use DHCPv6 protocol (when the O flag is set) to obtain the IPv6 DNS server addresses and other such information, but as Andoid devices do not do DHCPv6, they will not be getting the DNS server addresses that way.  In which case, the only other ways for them to get the IPv6 DNS server addresses is via static assignment on the device (which is unlikely to be possible), or to get the addresses from the RA packets (where the DNS server addresses are optional fields).  In the latter case, the Fritz!Box would need to be advertising the IPv6 DNS server addresses in its RA packets, and I am not sure how that is configured.  If Android devices do not get IPv6 DNS server addresses from somewhere, they will however be able to request IPv6 addresses using IPv4 packets to the IPv4 DNS servers, and if the IPv4 and IPv6 DNS servers are actually the same or are configured the same, that may just work.

timmmay

20575 posts

Uber Geek

Trusted
Lifetime subscriber

  #3127517 14-Sep-2023 07:37
Send private message

Thanks very much @fe31nz, you seem to have a good grasp on IPv6! I've set up the configuration you suggested, we'll see what happens in a couple of hours when devices refresh DHCP.

 

After changing the PiHole IPv6 address from fe00 to fd00 last night nothing has changed, my work PC still doesn't get IPv6 DNS assigned. Any thoughts in that area would be welcome. If I could be bothered I might work out how to use WireShark and look for the packets announcing DNSv6, but I don't have that kind of time available, it'd take me ages because I almost never do that sort of thing.

 

The next thing I have to try is moving DHCP back to the Fritzbox. In that case I would go back to the recommended settings in the Fritzbox such as "Assign unique local addresses (ULA) as long as no IPv6 connection exists"

Tinkerisk
4226 posts

Uber Geek


  #3127526 14-Sep-2023 08:16
Send private message

timmmay:

 

After changing the PiHole IPv6 address from fe00 to fd00 last night nothing has changed, my work PC still doesn't get IPv6 DNS assigned. Any thoughts in that area would be welcome.

 



 

Nobody wrote fe00, I wrote fe80. Nobody wrote fd00, I wrote fd<rest of the pi-hole address>.

 


The next thing I have to try is moving DHCP back to the Fritzbox. In that case I would go back to the recommended settings in the Fritzbox such as "Assign unique local addresses (ULA) as long as no IPv6 connection exists"

 

 

Yes, the recommended setting for IPv6.

 

 

 

If you are bored, you can set up the whole thing with 2 pi-holes and unbound as DNS 1 and DNS 2 (one native and one as VM). Of course, the gravity lists between master and slave should also be automatically synchronised after an update. And it should also work the same in several VLANs.

 

(I have implemented this in my case, because my h/w pi(-hole) has a nice TFT status display in the rack and the VM doesn‘t need extra power. If one fails or get maintenance, the other is still there as a backup/alternate DNS) πŸ™‚

 

 

 

 




- NET: FTTH, OPNsense, 10G backbone, GWN APs, ipPBX
- SRV: 12 RU HA server cluster, 0.1 PB storage on premise
- IoT:   thread, zigbee, tasmota, BidCoS, LoRa, WX suite, IR
- 3D:    two 3D printers, 3D scanner, CNC router, laser cutter

timmmay

20575 posts

Uber Geek

Trusted
Lifetime subscriber

  #3127529 14-Sep-2023 08:34
Send private message

Tinkerisk:

 

Nobody wrote fe00, I wrote fe80. Nobody wrote fd00, I wrote fd<rest of the pi-hole address>.

 

 

Mine just happened to be fe00 / fd00. I did read up a bit about IPv6 and yeah it'd FD / FE.

timmmay

20575 posts

Uber Geek

Trusted
Lifetime subscriber

  #3127552 14-Sep-2023 09:53
Send private message

I ran radvdump to see what IPv6 Router Advertisement messages were on the network. Things generally look as expected. I've removed the parts other than DNS from the output below for brevity.

 

In short, it looks to me like the Fritzbox is correctly sending out the RDNSS (Recursive DNS Server) address as the Pi Hole, on the fd00 interface I put into the Fritzbox. The PiHole is sending out messages advertising itself as an RDNSS server using its 2406 IP address. My work PC can ping every IP address with no issues.

 

It's looking like Windows may be the problem, ignoring RDNSS messages announcing the IPv6 DNS (link1, link2). I'm still puzzled why my home Windows 10 machine picks it up fine, whereas work Windows 11, wife's work Windows 10, and wife's home windows 10 machines don't.

 

 

 

PiHole

 

# radvd configuration generated by radvdump 2.18
# based on Router Advertisement from fe80::xxxx:d1c7 (PiHole)
#
interface eth0
{
        RDNSS 2406:xxxx:2ee9 (PiHole)
        {
                AdvRDNSSLifetime 2321;
        };

 

};

 

Fritzbox

 

# radvd configuration generated by radvdump 2.18
# based on Router Advertisement from fe80::xxxx:429c (Fritzbox)
interface eth0
{
        RDNSS fd00::xxxx:98c5 (PiHole)
        {
                AdvRDNSSLifetime 1200;
        };
};

1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright