Calling all people with Piholes and with IPv6 support

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Calling all people with Piholes and with IPv6 support

MaxineN

Max
2049 posts

Uber Geek
+1 received by user: 1662

ID Verified

Trusted

Subscriber

#289853 3-Oct-2021 20:49

So I'm trying to route all of my IPv6 internet traffic through the Pihole on my network as it is both my DHCP server and also my DNS server for both IPv4 and IPv6.

It can assign both IP protocols just fine that's great however my ISP(Vocus branded) is also getting through it's DHCPv6 IPs as well to all of my devices and on the Pihole through query logs it's showing up as just the upstream DNS hostname vs the client within the network.

Now I run a ASUS AX3000 as my gateway and WiFi AP only(as my Pihole takes over DHCP and DNS) however I think the AX3000 is leaking my upstream IPV6 prefix.

I'm wondering how I can solve this without having to disable IPv6 traffic entirely, as the goal was to not just have IPv4 but also IPv6.

If I disable IPv6. Sure my pihole query logs look correct and is not showing upstream DNS hostname. But with it enabled... yea it makes it hard to actually query what's accessing what and where it got blocked.

Can this be resolved? Or am I SOL because of how IPv6 works and how it's delegated when used.

Ramblings from a mysterious lady who's into tech. Warning I may often create zingers.

michaelmurfy

meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#2788786 3-Oct-2021 22:07

I don't think it can be resolved with your current router I'm afraid - you're basically running a consumer grade router and expecting a feature that isn't so consumer grade.

I have PiHole (x2) running on my network with sync between them, full IPv6 support etc but I also am running a Mikrotik as my router with much more control. There is normally a feature dependent on the router to not announce IPv6 DNS from your provider.

Also as you can't whitelist per site on PiHole just remember Geekzone is fully ad or subscription supported and I do think you get some value out of this - perhaps consider a subscription? It funds the occasional Whisky for myself from the BDFL. It is also great to support the sites you get the most use from.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

pih

666 posts

Ultimate Geek
+1 received by user: 359

Lifetime subscriber

#2788788 3-Oct-2021 22:12

Following with interest as I had similar IPv6 issues when I tried PiHole last year...

ANglEAUT

altered-ego
2436 posts

Uber Geek
+1 received by user: 841

Trusted

Lifetime subscriber

#2788791 3-Oct-2021 22:30

MaxineN: ... Or am I SOL ...

As michaelmurfy said, you are running a consumer grade router & looking at page 81 of the manual, the manufacturer is ignoring IPv6 completely.

You might be lucky & have similar options under the IPv6 settings as you have for the IPv4 DHCP server under the LAN settings on page 65 of the manual. For the IPv4 DHCP server, you can manually set the DNS server. You should have the same DNS server options available under IPv6. Set those to the IPv6 address of your Pihole.

D34DC3N73R seemed to have a similar problem: Turns out the router ipv6 DNS doesn't (yet) work the same way its ipv4 DNS works. It will always offer its own ipv6 address as the DNS server.

He had a script that fixed the issue for him.

Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

nzkc

1634 posts

Uber Geek
+1 received by user: 1041

#2788797 3-Oct-2021 22:53

When you say "route all my traffic through the pihole" - do you mean you want all DNS queries to go there?

If you mean have it act as a router - I cant help. If the former, here's how I have my setup configured.

On the pihole I have "Enable IPv6 support (SLAAC + RA)" enabled.

On my router (an ASUS RT-AC68U so hopefully the same, or very similar, software) I have...

Under the IPv6 settings:

DHCP-PD - enabled

Accept Default Route - enabled

Auto Configuration Setting - stateless

Connect to DNS Server automatically - disabled

IPv6 DNS Server 1 - the IPv6 address for my Pihole.

IPv6 DNS Server 2 & 3 - blank/empty

Enable Router Advertisement - enabled

I do have a static IPv6 range from 2degrees. However; before that I think I used the link local IPv6 address (fe80:...) for my Pihole.

It was this DNS setting that made all the difference!

I also have a static IP address (both v4 and v6) set on my pihole. Its using a value from my static range.

Im unsure if this gives you _exactly_ what you want as you mention your router "leaking your IPv6 prefix". This set up has all my devices getting an IPv6 in my prefix range. What it does do is ensure all DNS queries go via the Pihole - which was my only goal.

MaxineN

Max
2049 posts

Uber Geek
+1 received by user: 1662

ID Verified

Trusted

Subscriber

#2788810 4-Oct-2021 05:29

nzkc:
When you say "route all my traffic through the pihole" - do you mean you want all DNS queries to go there?

If you mean have it act as a router - I cant help. If the former, here's how I have my setup configured.

On the pihole I have "Enable IPv6 support (SLAAC + RA)" enabled.

On my router (an ASUS RT-AC68U so hopefully the same, or very similar, software) I have...

Under the IPv6 settings:

DHCP-PD - enabled

Accept Default Route - enabled

Auto Configuration Setting - stateless

Connect to DNS Server automatically - disabled

IPv6 DNS Server 1 - the IPv6 address for my Pihole.

IPv6 DNS Server 2 & 3 - blank/empty

Enable Router Advertisement - enabled

I do have a static IPv6 range from 2degrees. However; before that I think I used the link local IPv6 address (fe80:...) for my Pihole.

It was this DNS setting that made all the difference!

I also have a static IP address (both v4 and v6) set on my pihole. Its using a value from my static range.

Im unsure if this gives you _exactly_ what you want as you mention your router "leaking your IPv6 prefix". This set up has all my devices getting an IPv6 in my prefix range. What it does do is ensure all DNS queries go via the Pihole - which was my only goal.

Pretty much want to insure that all queues are via pihole and not actually being tampered in anyway by my gateway. Because if I flick on ipv6 support for both router and the pinhole’s dhcpv6, I end up with the host name being replaced by default-rdns.vocus.co.nz which is not ideal. And that’s what I’d like to resolve.

Ramblings from a mysterious lady who's into tech. Warning I may often create zingers.

MaxineN

Max
2049 posts

Uber Geek
+1 received by user: 1662

ID Verified

Trusted

Subscriber

#2788811 4-Oct-2021 05:35

michaelmurfy:
I don't think it can be resolved with your current router I'm afraid - you're basically running a consumer grade router and expecting a feature that isn't so consumer grade.

I have PiHole (x2) running on my network with sync between them, full IPv6 support etc but I also am running a Mikrotik as my router with much more control. There is normally a feature dependent on the router to not announce IPv6 DNS from your provider.

Also as you can't whitelist per site on PiHole just remember Geekzone is fully ad or subscription supported and I do think you get some value out of this - perhaps consider a subscription? It funds the occasional Whisky for myself from the BDFL. It is also great to support the sites you get the most use from.

I would but I’m broke, job market for me in particular is great at denying people who have a few health issues and I find google ads to be extremely abhorrent and just flat out wrong(manscape and mens underwear to a lady… really google?) so I’m more inclined to block them vs let them through.

Not announcing ipv6 dns might be the way forward and I believe this is something I can set. Will report in a few hours.

Ramblings from a mysterious lady who's into tech. Warning I may often create zingers.

New World

Shop on-line at New World now for your groceries (affiliate link).

timmmay

20858 posts

Uber Geek
+1 received by user: 5350

Trusted

Lifetime subscriber

#2788812 4-Oct-2021 06:18

My Pi Hole works fine on IPv6. I just checked the query log, it's showing the client on my LAN as an IPv6 address in many cases - not all. Can't tell with some devices as it's named them.

I configured my Fritzbox to hand out the PiHole IP for IPv4 and IPv6 addresses, so it was pretty easy. ipconfig shows both Pi Hole ip4 and ip6 addresses.

I also have Pi Hole handing DCHP, delegated from the router. This is something you could try if your router won't hand out the Pi Hole IPs for DNS, as the Pi Hole doing DHCP probably hands out its own IPs for DNS.

nzkc

1634 posts

Uber Geek
+1 received by user: 1041

#2789303 4-Oct-2021 19:53

Im pretty sure your issue is the need to explicitly define your IPv6 DNS server. See my earlier post on that and make sure you assign it to the pihole IPv6 address.

I had the same issue you are describing until I did that.

MaxineN

Max
2049 posts

Uber Geek
+1 received by user: 1662

ID Verified

Trusted

Subscriber

#2789306 4-Oct-2021 19:58

Done some changes but now I’m straight up hitting another wall(not getting ipv6 addresses at all but I know why)

nzkc:
Im pretty sure your issue is the need to explicitly define your IPv6 DNS server. See my earlier post on that and make sure you assign it to the pihole IPv6 address.

I had the same issue you are describing until I did that.

See I did this initially when setting it all up in the first place. Because you do this for ipv4 as well.

Ipv6 still gets vocus’ hostname over the actual client in the query logs and it would also show up on the client itself when running ipconfig /all. Yes all clients did get restarts and dns was flushed before I made this thread but the problem persisted so hence this thread was born.

I’ll get more time tomorrow to crack at it. Too tired and tired brain breaks things.

Ramblings from a mysterious lady who's into tech. Warning I may often create zingers.