Unmanaged can assign DNS servers, as radvd supports RDNSS and pfSense configures radvd's RDNSS functionality. Unfortunately many common clients do not support RDNSS, including all versions of Windows 'out of the box'.

I did read about RDNSS but most of my network comprises of Windows clients so this isn't useful for me. Pity!

As things stand, pfSense 2.3 requires you to configure an IPv6 range if you enable the DHCPv6 server. I believe the underlying server is capable of running in a DNS server only mode by omitting any range6 statement, but I haven't tested this.

I need to test this still. I'd like to avoide DHCPv6 handing out IP addresses as I think having two (private and public) global addresses is enough.

Another thing you can do is set option 7 in DHCPv6 to 255, this will reduce the priority of the DHCP assigned IPv6 address, yes clients will still end up with 4x IPv6 addresses but they will prefer to use the SLAAC temporary address over the DHCPv6 assignment.

If you end up with 4 IPv6 addresses (3 of which are global) then I assume the public address is permanent (if the MAC address doesn't change)? I Know the privacy address can change daily (or whenever).

With so many addresses in a /64 assignment - 3x per host plus a link local still isn't many!

I'm just loving the power and flexibility of my IPv6 range!! Although I have two ranges from HE, I currently use the /48 which I have subnetted using a /64. I even have my reverse DNS (PTR) setup with HE and it all works great so far. I plan on setting up a new IPv4/IPv6 network from scratch in 6 months so I can't wait. Of course, pfsense has been amazing in all this too. My old Draytek had no chance of establishing an IPv6 tunnel with HE. I even had one of our comms guys at work setup and configure a loan Cisco router for me and the tunnel still dodn't work. When I received my pfsense box I had it up and running in about 30min  :)

@Com:

Well that is strange. I've tried everything I can think of and the DNS server doesn't get assigned until I give a range greater than 0. When the range is greater than 0 it gets the dns server perfectly fine and ends up with two ipv6 addresses (one slaac and one dhcpv6). Not the end of the world as I've got one or two of them to go around in my /64 :)

The on interesting thing is that they are both listed as Preferred. I would think that only one of the IPv6 addresses should be preferred.

Thank you,

I blame Microsoft, Windows clients (I don't often use mine) don't collect the DNS servers from the RA packets.
So in the windows world if you want to provide DNS over IPv6 then DHCP is for you, the other suggestion I have is to set option 7 to 255 on the DHCPv6 server to make the client prefer to use its SLAAC address rather than the DHCPv6 assignment.

Great, thanks for the help. I will have to play around with it.

Further discussion in https://forum.pfsense.org/index.php?topic=110109.0

Easy to do - we always expect /48 and /64 assignments :)

Judging by your description initially, it seemed like you had a PD-assigned subnet, and were sending traffic out your WAN, but it was just disappearing somewhere upstream. Probably was something on the modem that flaked out from the sounds of it, or maybe Comcast missed adding a PD route for your delegated subnet and power cycling the modem fixed that upon your next DHCPv6 request. Glad that worked. Might want to try rebooting only pfsense to make sure it comes up clean after a reboot.

Upgraded to 2.3 and I can confirm that radvd doesn't start when it is marked as disabled in the GUI.  :D

Upgrading to pfSense v2.3 broke my IPv6-connectivity. :-)  Need to take a look at it when I get home tonight.

EDIT: Sorry. A new reboot was needed. Everything working again. Not sure why it never came up the first time.

@cmb:

Guessing maybe you were just trying ICMP? There was a bug in the GUI's firewall log display for ICMPv6 in versions pre-2.3, where it'd be in the log but not displayed in the GUI.

No, I was running a web-based IPv6 SMTP test, and also trying to access IMAP via my phone (also IPv6). Both attempts always timed out, but when I moved my rules over to the tunnel ruleset they started working… never saw any block messages.

DNS can return both types of records (A and AAAA) and it's completely up to the application that requested the DNS resolution to decide which ones it's going to use. Availability of IPv6 connectivity and set up preferences in the operating system (such as ip6addrctl(8) in FreeBSD) can also affect the decision whether to use the IPv4 or IPv6 address for the connection.

Ah… Those are some weird ass boxes to be sure.. Sorry off the top I do not think you can announce RA out the wan.. That could be a dangerous thing to do if you were directly connected to the ISP that is for sure.

You could prob do it via manual manipulation of the configs..  But I don't see a way to do it in the gui.  RA gui is tied to having static on the interface, since its under the dhcpv6 server tab..  Try setting static ipv6 on your wan interface connected to your fritz.. Then you should be able to enabled dhcpv6 and get the RA gui tab..

I tried lots of different combinations of configurations including the suggested ones. Without any luck.
Monitoring the pppoe interface as well as my local interface I've registered the following:

pppoe
not seeing dhcpv6 pd requests

local
Not seeing any router advertisements whatsoever by the router

My feeling is that pfsense is flawed in some place, but I'm too new to BSD and pfsense in order to pinpoint the source of the problem.
Maybe the problem is that I'm also using 6in4 with he.net. But even when I delete all configuration parameters of that config problems persist.
Might this be a concern?

Mar 28 02:10:14 pfsense php-fpm[34291]: /interfaces.php: The command '/usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid em0_vlan5 em0_vlan10' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.2.8 Copyright 2004-2015 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Wrote 0 deleted host decls to leases file. Wrote 0 new dynamic host decls to leases file. Wrote 21 leases to leases file. Listening on BPF/em0_vlan10/80:ee:73:b2:f5:07/10.10.151.0/24 Sending on  BPF/em0_vlan10/80:ee:73:b2:f5:07/10.10.151.0/24 Listening on BPF/em0_vlan5/80:ee:73:b2:f5:07/10.10.101.0/24 Sending on  BPF/em0_vlan5/80:ee:73:b2:f5:07/10.10.101.0/24 Can't bind to dhcp address: Address already in use Please make sure there is no other dhcp server running and that there's no entry for dhcp or bootp in /etc/inetd.conf.  Also make sure you are not running HP JetAdmin software, which includes a boo

What other configuration files can I post to help solve this?

thanks guys, it seems to have worked.

So far I was able to make the update in a bind DNS dunning on another server.

The issues I found are that with the release of IP. It is working fine as far as I have only IV6 configured. If I am playing with double stack there isn't any update in my bind servers.

Still playing to find if I can detect where is the issue (client, pfsense, bind server….)

I'm not sure if they are giving out static or dynamic v6 addresses.  My original problem wasnt that v6 addresses were changing on my domain controllers and causing dns issues.  I'm just trying to get it to work the first time.  I'm used to IPv4 and memorizing private IPs.

Sucess :)

In the event someone else comes across this here is what I did :)

Assign an IPv6 address to your pfSense WAN. For me, I added an IP address to the virtual interface on my Router. Make sure you can ping an ipv6 address from the WAN interface using Diagnostics > Ping.

interface ve 10 ip address 155.x.x.1 255.255.255.240 ipv6 address 2607:x:x:8200::1/64 ipv6 enable

Create a static route on your router to you pfSense WAN IP.

ipv6 route 2607:x:x:8201::/64 2607:x:x:8200::2

Assign the gateway IP to your pfSense LAN without a gateway. You should now be able to ping an ipv6 address from your LAN interface using Diagnostics > Ping.

Setup DHCPv6 (if you are using it) and RA.

Set any firewall rules that are needed for the outside world to communicate with your LAN side server

You should be able to speak to the internet and back to your LAN side server :)

@hda:

(Your ISP-box must delegate-on-request with use of its DHCP6-server, to pfSense)

Not if they're static. They actually seem to be part of some bigger net block anyway.

Just need to add a static route to send it to the other device in that case.

Don't manually modify anything. Either disable logging of default block rules, which will disable that logging, or uncheck "Allow IPv6" so your floating rule can match and block without logging.

Or just use the resolver.

It's not that I need 256 /64s here at the house but I can easily see myself needing more than 16. The whole point of IPv6 is to never worry about it again. There are enough /56 networks to give every person on earth 10.1 million of them (in general, not counting reserved space etc (2^56 / population of earth @ wolframalpha)). It's a non-issue. Just get a /56.