DNS Resolver not working for Link-Local addresses

son1c

Hi,

I use Pfsense 22.01 Home Edition and the DNS Resolver over the link-local address which doesn't work.
The IPv4 addresses and the global-unicast address work fine.

The Network Interfaces setting in the DNS Resolver tab is set to all and there are no firewall rules set who will block the requests.

Cu
son1c

JKnott

@son1c

Given you don't normally use link local addresses for carrying app data etc. why do you want them in DNS?

johnpoz

@son1c said in DNS Resolver not working for Link-Local addresses:

there are no firewall rules set who will block the requests.

Did you change source from say lan net to any? By default the IPv6 lan net any rule for internet would not allow link-local..

Also I do not believe the automatic access list for unbound would include link-local..

I also not sure why anyone would want to do this - but it does work.. So I enabled a IPv6 any rule for source vs just lan net.

So I can ping pfsense link-local address.

But you can see got back refused for dns query.

I then edited the access list to allow for link local address..

And now I can query the linklocal address

But just at a loss to actual use case for this to be honest.. But it works if you allow for it.

But default lan net IPv6 would not include linklocal network, nor would the default access lists in unbound.. I have always used my own access lists, but if lan net doesn't include the link local space, I doubt the auto access lists would..

son1c

Thank you for your help!

I use a DNS Filter, so my goal was to forward the DNS querys to the pfsense.
This should be no problem but my internet connection is over DSL, so every time the modem reconnects I get new ipv6 prefixes from my provider. That's why I need a static IP address to forward.

johnpoz

@son1c why would you not just forward to your IPv4 address - does that change as well?

JKnott

@son1c said in DNS Resolver not working for Link-Local addresses:

This should be no problem but my internet connection is over DSL, so every time the modem reconnects I get new ipv6 prefixes from my provider. That's why I need a static IP address to forward.

You can use Unique Local Addresses. I use them here, even though my prefix doesn't change.

son1c

@johnpoz no, i just want try a ipv6 only setup

johnpoz

@son1c said in DNS Resolver not working for Link-Local addresses:

no, i just want try a ipv6 only setup

Well good luck with that - you understand your not going to be able to get to MOST of the internet ;)

son1c

@jknott I see, i need to take a closer look to the virtual IP settings