New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possible method for IPv6 #71
Comments
I'd rather not use another pacakge/DNS server, but I'll look into this more as I haven't heard of it before. |
Just to update this thread, I already mentioned in another thread some progress on this. dnsmasq works just fine as a resolver, no need to switch to unbound. (There may be performance improvements with another resolver package, but that's to be determined I guess.) Thanks to how DNS works the process isn't too difficult, it's a two step process. First get the IPv6 address of the PiHole, ( |
Do we don't need What about the people who are using DHCP options on their router? It seems this would not work for them. |
The DHCP configuration is going to be the toughest part of the process I think. I'll do a quick write-up of how I did IPv6 with a Windows 10 box in a post (It might be kind of long, lots of code snippets since I'm running |
Okay, here we go... Starting out with a fresh install of Raspbian Jessie (Lite Version) and a fresh install of PiHole via Client system is a Windows 10 box. By default my IPv6 is as follows (some bits are masked because I'm using the pubilc IPv6 addresses for both my Pi and my Windows 10 box.)
First to test if ads are showing, I go to On the Pi via SSH I run the following commands: Find the route my Pi is using to get to the IPv6 world by getting the route to Google's IPv6 DNS server:
This returns a reply of:
What I'm looking for is the So I go to the Windows 10 box, and for IPv6 settings I change my DNS resolver to the public IP address I just got. After the changes, my IPv6 is as follows:
(Again, some bits have been snipped for this display...) Now, I bring up a command window in Win 10 and flush the DNS cache to make sure I'm not pulling old data: Now another visit to You can watch the This was just with IPv6 change, I actually left the IPv4 resolver to the non-pihole DNS resolver address and ads were still blocked. |
For the DHCP server settings, it depends on how you have the network set up. If you are using the DHCP server as the DNS server and then setting the DHCP server to use PiHole as its resolver then I don't know if there would be any changes. If you want the DHCP server to give out an IPv6 resolver when it does DHCPv6 then you'd need to either set the DNS server manually if there is an option for IPv6 DNS servers, or you could set the DHCP additional options for Here's a link for a list of the options settings. https://www.incognito.com/tips-and-tutorials/dhcp-options-in-plain-english/ |
Hmmm, things seem to be a bit different that I expected. It looks like what my setup was doing was using my IPv6 resolver to grab A and AAAA records from my main DNS server that doesn't have any blocking, so when I changed the IPv6 resolver to the Pi-Hole box, then it started to pick up the blocked A records like it should. AAAA records are still getting through in some places, as seen below:
Name: google.com The A record is correct and blocked, but that AAAA comes through. |
Alright, it looks like the way to solve the problem is to add to the
Which gives a result of
Name: google.com |
@dschaper Interesting. I did something similar a while back, but did it all in one line with One thing that comes to mind is that we decided not to use the IPv4 loopback in the hosts files, which is essentially what the |
The ::1 is just a temporary hack to test to see if AAAA records work, in production it would need to be the IPv6 address that is detected with the |
What do you think of using Unbound in a split-horizon configuration to serve records pointing to localhost? There's a section of an article at calomel called Dnsspoof or 'Split horizon' with Unbound DNS that may help. That would mean another package though.
The text was updated successfully, but these errors were encountered: