DHCP Push Pi-Hole as DNS with IPv6 enabled Windows clients

Discussion in 'Tomato Firmware' started by AlterEgo, Sep 4, 2018.

  1. AlterEgo

    AlterEgo LI Guru Member

    Hello,

    For understanding my network setup and basic details , please have a look at the following diagram

    [​IMG]

    I am not well versed with the basics, concepts and usage of IPv6, just was trying to make it work with my rudimentary knowledge to be able understand it with usage.

    I hope most of the required information would be available in the image, however please inform if I need to provide any other specific information.

    My queries as per the subject matter , are mentioned in Box no.5 (in the image - mainly point no.3,4).

    Thanks for your support and guidance.
     
  2. Sean B.

    Sean B. LI Guru Member

    You have 3 options:

    1. Run SLAAC only and configure the DNS server on each individual device statically.

    2. Run SLAAC and DHCPv6, in which case devices will auto configure their IPv6 addresses and use DHCPv6 for additional information such as routes and DNS servers.

    3. Run DHCPv6 only, in which case devices will receive their IPv6 addresses a long with routes and DNS via DHCPv6.

    For options 2 and 3, you can set the IPv6 DNS server handed out by DHCPv6 by using this line in the custom config box under Advanced->DHCP/dns:

    Code:
    dhcp-option=option6:dns-server,[XX]
    Where XX is the IPv6 address of the DNS server.
     
  3. AlterEgo

    AlterEgo LI Guru Member

    Thanks for your reply.

    While tinkering with the IP6 options I did configure the DNS with IP6 address in the following screen with the shown options. Dont know whether these are correct or not, I assumed using the standard WebUI fields the DNS Ip6 address would be pushed to the DHCP clients.

    [​IMG]

    Also I ticked the following opitons,

    [​IMG]

    Can you please inform if the above options are correct or do I still need to put the following

    Code:
    dhcp-option=option6:dns-server,[XX]
    Additionally I need to confirm while activating IPv6 for DHCP and DNS, would the older devices on my network which are not IPv6 capable, keep on working with IPv4 or not.

    Thanks for your guidance.
     
  4. Sean B.

    Sean B. LI Guru Member

    I don't remember if Tomato will send the IPv6 DNS servers from the GUI as it does for IPv4. For some reason I don't recall it working, but it's been a long time sense I've used the default options. If you try it that way and your clients don't receive the correct DNS servers, run this in Tools->System commands:

    Code:
    cat /etc/dnsmasq.conf
    Tomato would be adding the same line that I stated to dnsmasq's config file to set the DNS servers, so that line should be in there. If not, then you'd have to add it manually as I described.

    And yes, non-IPv6 capable clients will continue to function as normal when IPv6 is enabled on the router.
     
  5. AlterEgo

    AlterEgo LI Guru Member

    Sure will try the solution and will update.

    Just a couple of queries.

    To follow your solution do I have to tick the "Use Internal DNS" option and put the code in the advanced settings box as shown in the image below :

    [​IMG]

    However as I understood earlier , if I tick the "Use Internal DNS" then router address itself would be sent to all DHCP clients to be used as DNS, and not the custom DNS we want to use (the PiHole as in my case). Is the assumption correct or it would still push the desired custom DNS.

    Thanks.
     
  6. Sean B.

    Sean B. LI Guru Member

    The dhcp-option line will override the default behavior of dnsmasq sending out the routers own IPv6 address as the DNS server to clients, the main difference is when "Use internal DNS" is checked, the /etc/resolv.conf file on the router no longer contains the DNS server addresses. It only contains the line "nameserver 127.0.0.1" ( using IPv4 as example ), which directs all processes running on the router itself to send DNS queries to localhost ( dnsmasq ). The DNS server addresses are moved to /etc/resolv.dnsmasq for use by dnsmasq itself. Sense you'd want processes running on the router to also use your pi-hole DNS server, you would want to uncheck "Use internal DNS", in which case the DNS servers entered in the GUI would be placed in /etc/resolv.conf for use by the processes. The unknown is whether Tomato will correctly add a dhcp-option line for dnsmasq to override the default behavior of sending the routers LAN interfaces global IPv6 address as the DNS server. In theory it should, but as I stated earlier, for some reason I'm not sure it works. In which case the custom config line would be required.

    **note** Technically, running "use internal DNS", and having your pi-hole IP's in the GUI as static dns servers, you could allow dnsmasq to advertise itself as the dns server to clients. This would simply make the router a relay to your pi-hole. End result is the same, just an extra pass-through.
     
  7. Sean B.

    Sean B. LI Guru Member

    I don't think it will correctly change the IPv6 DNS server. Here's the code showing it will add a dhcp-option,6 ( 6 is dns-server ) for IPv4:

    Code:
    if (!do_dns) {
    // if not using dnsmasq for dns
    
    **TRUNCATED CODE FOR CLARITY**
    
    fprintf(f, "dhcp-option=tag:%s,6%s\n", nvram_safe_get(lanN_ifname), buf);
    However, there is no equivalent line using option6 for IPv6.

    To clarify:

    IPv4 version = dhcp-option=tag:br0,6,IP

    IPv6 version = dhcp-option=tag:br0,option6:6,[IP]

    dns-server can be substituted for the # 6 option code in either case.
     
    Monk E. Boy likes this.
  8. AlterEgo

    AlterEgo LI Guru Member

    Thanks for your support, I am afraid I am a bit lost and not able to clearly follow the last two posts. Can you please rephrase in combination what steps do I need to implement.

    Secondly while searching thru the DHCP IPv6 activation, I came across the information that we have to put some code in "Firewall" and "WAN UP" sections in the administration -> scripts .

    Appreciate your response.

    Thanks.
     
  9. Sean B.

    Sean B. LI Guru Member

    Just uncheck "use internal dns" and put the line from my first post into the custom config box.
     
  10. Sean B.

    Sean B. LI Guru Member

    And by the way, reminder that anything between the routers WAN port and your ISP ( IE: modem/router from ISP, proxies or firewalls etc ) will need to be configured to transparently bridge the IPv6 connection to the Tomato router. Otherwise the global WAN IP and prefix delegated for the LAN will be intercepted by one of those devices and IPv6 will not function on the Tomato router.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice