ISP only hands out IPv4 Issue

JonathanLee

@JonathanLee

Testing this...

prefer-ip4:yes
prefer-ip6:no

I can't enter it into custom options I manually added it to /var/unbound/unbound.conf

I wish my ISP had IPv6 ready for me.

Screenshot 2023-06-22 at 10.10.22 AM.png

If I resave the DNS settings it auto deletes this custom option I can't add it into the GUI it says syntax error

JonathanLee

@JonathanLee

Screenshot 2023-06-22 at 10.14.40 AM.png

JonathanLee

@JonathanLee did not work :( deleted my config change

JonathanLee

@RobbieTT said in ISP only hands out IPv4 Issue:

serve A records

If you find anything please yet me know

JonathanLee

I found the custom entry solution the syntax must include server: first similar to the logs options

Ref:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/dns-queries.html

for log-queries you have to add server: first it enables the custom options its like a keyword.

Screenshot 2023-06-22 at 10.35.17 AM.png

After it holds the settings

Screenshot 2023-06-22 at 10.38.24 AM.png

RobbieTT

@JonathanLee I'd presume that the config file is read at launch and then becomes read-only when running.

️

JonathanLee

@RobbieTT I got it I had to use the custom area, I needed to add server: first to let me add anymore lines after. Just like when you enable logging

server:
log-queries: yes

Same needs server: first

so for me
server:
prefer-ip6: no
prefer-ip4: yes

Ref:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/dns-queries.html

https://nlnetlabs.nl/documentation/unbound/unbound.conf/

JonathanLee

I have also set dns resolver type to "type transport"

        typetransparent
             If there is a match from local data, the query  is  answered.
             If  the  query  is for a different name, or for the same name
             but for a different type, the  query  is  resolved  normally.
             So,  similar  to transparent but types that are not listed in
             local data are resolved normally, so if an A record is in the
             local  data  that  does  not  cause  a  nodata reply for AAAA
             queries.

Ref:
https://nlnetlabs.nl/documentation/unbound/unbound.conf/

JonathanLee

@JonathanLee

Seems to work now!!!!!

" dns64-ignore-aaaa: <domain name>
List domain for which the AAAA records are ignored and the A record is used by DNS64 processing instead. Can be entered multiple times, list a new domain for which it applies, one per line. Applies also to names underneath the name given."

Screenshot 2023-06-22 at 3.32.00 PM.png
(researching AAAA block)

ref:
https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html

smolka_J

So far I have found the following to work best on my boxes to remove IPv6 as much as possible resulting in better stability of Unbound no longer crashing or hanging unresponsive at random or when forced performing IPv6 nslookups:

Unbound Custom options to remove all local and external domain AAAA responses in replies given to clients:

server:
do-ip4: yes
do-ip6: no
prefer-ip4: yes
prefer-ip6: no
private-address: 10.0.0.0/8
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: ::ffff:0:0/96
private-address: fd00::/8
private-address: fe80::/10
private-address: ::/0
private-address: ::
local-zone: localhost.home.arpa transparent
local-data: "localhost.home.arpa A 127.0.0.1"
local-zone: localhost transparent
local-data: "localhost A 127.0.0.1"
local-zone: ip6.arpa redirect
local-data: "ip6.arpa A 0.0.0.0"
local-zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa redirect
local-data: "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa A 0.0.0.0"
local-zone: "::/0" static
dns64-ignore-aaaa: *.*
do-not-query-address: ::
do-not-query-address: ::1
do-not-query-address: ::/0

Shellcmd's added to Shellcmd package to load at boot to unload any auto created/started inet6 interfaces, add or relabel for any other interface names that show when running command prompt/console command ifconfig

ifconfig lo0 inet6 ifdisabled
ifconfig igb0 inet6 ifdisabled
ifconfig igb1 inet6 ifdisabled
ifconfig ix0 inet6 ifdisabled
ifconfig lo0 inet6 fe80::1%lo0 delete
ifconfig lo0 inet6 ::1 delete

These last two are system files, these adjustments here aren't saved in config.xml files so if until there is a patch or tick box added, they would need re-applied each system upgrade but do maintain general reboots -
edit /etc/inc/system.incsearch for 'localhost' around line 331 and comment out - ::1 IPv6 section of lines with /* at beginning, a * for each next line and */ at the end:

/*
* $hosts[] = array(
* 'ipaddr' => '::1',
* 'fqdn' => 'localhost.' . $syscfg['domain'],
* 'name' => 'localhost',
* 'domain' => $syscfg['domain']
* );
*/

edit /etc/hosts.allow comment out line adding a #:

#ALL : [::1] : allow