Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How does one override ISP DNS with an Assisted RA

    Scheduled Pinned Locked Moved IPv6
    5 Posts 3 Posters 797 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yobyot
      last edited by

      Like others, I've recently discovered that Vz FiOS (central Mass.) now sends RAs. That lead me to attempt to configure IPv6 and I think I have it working in Assisted RA mode. I get IPs and IPv6 tests pass.

      But I'm having an issue with DNS. No matter where or how I specify the DNS -- in General or as in the screen snippet below, in the DHCP6 settings -- I always get the Vz DNS (2600:4040...).

      This means that local hostnames registered in the firewall cannot be resolved even though Settings, General is set to "Use local DNS".

      BTW, if I don't specify the three DNS servers from Google/CloudFlare in the DHCP6 settings they don't appear at all on a client interface -- even though the doc says in multiple places that they should.

      Does anyone have a suggestion for where to look at what I may have misconfigured?

      I'm an IPv6 newbie, so apologies if this is a dumb question.

      dhcp6.png

      MikeV7896M 1 Reply Last reply Reply Quote 0
      • MikeV7896M
        MikeV7896 @yobyot
        last edited by

        @yobyot
        Verizon doesn't actually specify IPv6 DNS servers, I'm pretty sure. At least not yet.

        Are you sure that's not the IPv6 address of the LAN interface on your pfSense device?

        By default, pfSense will advertise itself as a DNS server to your network if you're using DNS Resolver or DNS Forwarder. So just as 192.168.2.1 is your pfSense device's IPv4 address, I'm betting that next IPv6 address is your pfSense LAN interface's address.

        The S in IOT stands for Security

        JKnottJ Y 3 Replies Last reply Reply Quote 0
        • JKnottJ
          JKnott @MikeV7896
          last edited by

          @mikev7896

          Also, enable Provide DNS configuration via radvd on the RA page. There are 2 ways IPv6 can be provided. One is RDNSS, which is what that setting enables and via DHCPv6. You can use stateless mode for that. However, that won't work with Android devices.

          PfSense running on Qotom mini PC
          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
          UniFi AC-Lite access point

          I haven't lost my mind. It's around here...somewhere...

          1 Reply Last reply Reply Quote 0
          • Y
            yobyot @MikeV7896
            last edited by

            @mikev7896 Thanks!

            Yup, that was it.

            I kept thinking that the 2600:4040:558d:9300...address was Vz's DNS server. But it's actually the IPv6 address of the firewall.

            So, I took out the other DNS addresses shown in the screenshot, added them to General settings and made sure to tell pfSense to use the firewall for DNS. Works like a charm.

            This is all so new. I guess I have to wrap my head around seeing public IPv6 addresses on my private LAN. It's a gut, visceral IPv4 reaction to wonder what the heck is going on when you see that.

            But with no address space depletion in site, it's gonna be the new normal one day.

            1 Reply Last reply Reply Quote 0
            • Y
              yobyot @MikeV7896
              last edited by

              @mikev7896

              Thanks. The setting you recommend was set. I don't recall setting it. Maybe in CE 2.6.0 it's a default?

              More things to learn...RDNSS, etc. Sigh.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.