DNS request timed out
-
So my ISP (mediacom) recently started working with IPv6! Yay, ok so IPv6 is enabled, I go into interfaces and LAN, I choose IPv6 configuration type of track interface. Under track IPv6 interface I choose IPv6 interface: WAN. OK, so now all my computers are receiving v6 addresses! I can get to IPv6 websites. All seems well.
I have an active directory domain which was left at defaults for IPv6. My domain controllers and servers are now getting IPv6 addresses and they can get to v6 websites. However this causes an issue.
When I do an nslookup to google or to a domain server from a windows 10 client or domain server i get
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 2604:2d80:X:X:X:X:X:XDNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-outIf i do an nslookup from any domain controller I get
Server: localhost
Address: ::1Non-authoritative answer:
Name: google.com
Addresses: 2607:f8b0:4009:808::200e
216.58.216.206I am very new to IPv6 and dont totally understand it. Where do I start? What information do you guys need? Do i need to set static IPv6 addresses? All my domain servers have static IPv4 addresses.
pfsense is 10.0.0.1
ipconfig /all for DC1:
Windows IP ConfigurationHost Name . . . . . . . . . . . . : DC01
Primary Dns Suffix . . . . . . . : home.lan
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home.lanEthernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : 00-22-64-61-74-50
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2604:2d80:4007:X::X(Preferred)
Lease Obtained. . . . . . . . . . : Tuesday, March 22, 2016 8:05:57 PM
Lease Expires . . . . . . . . . . : Tuesday, March 22, 2016 10:05:57 PM
IPv6 Address. . . . . . . . . . . : 2604:2d80:4007:c6b6:35a2:3248:2eab:a82b(P
referred)
Link-local IPv6 Address . . . . . : fe80::35a2:3248:2eab:a82b%12(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.32(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::1:1%12
10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 301998692
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-18-0B-C3-00-22-64-61-74-50DNS Servers . . . . . . . . . . . : ::1
10.0.0.31
10.0.0.32
NetBIOS over Tcpip. . . . . . . . : Enabledipconfig /all for domain server
Host Name . . . . . . . . . . . . : MediaServer
Primary Dns Suffix . . . . . . . : home.lan
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home.lanEthernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
Physical Address. . . . . . . . . : 00-15-5D-00-0A-12
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2604:2d80:4007:c6b6:X:X:X:X(P
referred)
Link-local IPv6 Address . . . . . : fe80::8529:c9f1:3a68:89cc%12(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.17(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::1:1%12
10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 301995357
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-09-4B-E6-00-15-5D-00-0A-12DNS Servers . . . . . . . . . . . : 2604:2d80:4007:81ed:X:X:X:X
10.0.0.32
10.0.0.31
NetBIOS over Tcpip. . . . . . . . : Enabledipconfig /all for windows 10 client:
Wireless LAN adapter Wi-Fi:Connection-specific DNS Suffix . : home.lan
Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6235
Physical Address. . . . . . . . . : C4-D9-87-02-21-32
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2604:2d80:4007:81ed::X(Preferred)
Lease Obtained. . . . . . . . . . : Sunday, March 20, 2016 3:40:49 PM
Lease Expires . . . . . . . . . . : Saturday, April 29, 2152 3:07:54 AM
IPv6 Address. . . . . . . . . . . : 2604:2d80:4007:c6b6::X(Preferred)
Lease Obtained. . . . . . . . . . : Tuesday, March 22, 2016 8:32:58 PM
Lease Expires . . . . . . . . . . : Tuesday, March 22, 2016 10:32:58 PM
IPv6 Address. . . . . . . . . . . : 2604:2d80:4007:c6b6:896d:e945:13b4:ad87(Preferred)
Temporary IPv6 Address. . . . . . : 2604:2d80:4007:c6b6:X:X:X:X(Preferred)
Temporary IPv6 Address. . . . . . : 2604:2d80:4007:c6b6:X:X:X:X(Deprecated)
Temporary IPv6 Address. . . . . . : 2604:2d80:4007:c6b6:X:X:X:X(Deprecated)
Link-local IPv6 Address . . . . . : fe80::896d:e945:13b4:ad87%4(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.54(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, March 22, 2016 6:06:19 PM
Lease Expires . . . . . . . . . . : Tuesday, March 22, 2016 10:06:19 PM
Default Gateway . . . . . . . . . : fe80::1:1%4
10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 46455175
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-31-CA-9D-9C-B6-54-A5-56-9C
DNS Servers . . . . . . . . . . . : 2604:2d80:4007:c6b6:X:X:X:X
10.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled -
Just as in IPv4, your clients need to be communicating with the domain controller's DNS server.
Imagine what happens if you run your domain controller on a dynamic IP.
This is exactly what is happening on IPv6 in the environment you describe.You would need to get a static IPv6 subnet assigned to you, and while the WAN side of pfSense could have a dynamic IPv6 address assigned, the static IPv6 subnet must be routed there. Then you can give out a static IPv6 address of the domain controller to the clients as their DNS server.
For now, though, it would be better that you don't assign any IPv6 address as DNS server and allow the clients to continue to make their requests by IPv4 to the domain controller which in turn will make requests to the Internet. If you get back an AAAA record, the client will happily use IPv6 to access the website.
Specifically that means that the radvd doesn't give out the DNS address, problem is that I don't think you can turn that off in a track interface scenario! -
I don't think I have to use track interface, that's just what I read on how to do it. Is there another way?
I found a site that randomly generates IPV6 addresses and then I gave my domain controllers manual v6 addresses. I made one up for pfsense as well and set the ipv6 to static on the lan interface. I then enabled the dhcpv6 server. For some reason i can now nslookup ipv6 websites but I fail the ipv6 test sites. kame.net for example doesnt give me the dancing kame.
-
I don't think I have to use track interface, that's just what I read on how to do it. Is there another way?
Unless your ISP has assigned you a static IPv6 subnet, you have to use track interface to learn what subnet you will be using.
It basically sets up a hidden, non-configurable IPv6 DHCP server on the LAN side with the parameters learned from the ISP, consequently the learned DNS servers aren't your domain controller and will cause unpredictable results.I found a site that randomly generates IPV6 addresses and then I gave my domain controllers manual v6 addresses. I made one up for pfsense as well and set the ipv6 to static on the lan interface. I then enabled the dhcpv6 server. For some reason i can now nslookup ipv6 websites but I fail the ipv6 test sites. kame.net for example doesnt give me the dancing kame.
You can't use randomly generated IPv6 addresses (FD00::/8 prefixes) on the Internet. That'd be like expecting 10.10.10.10 to be world routable.
Check out http://www.tutorialspoint.com/ipv6/ or any similar site to get up to speed on everything IPv6. -
I guess If i do use the randomly generated addresses, is there a way to setup pfsense to essentially NAT them and make it work like it does for IPv4?
-
I don't think I have to use track interface, that's just what I read on how to do it. Is there another way?
Unless your ISP has assigned you a static IPv6 subnet, you have to use track interface to learn what subnet you will be using.
It basically sets up a hidden, non-configurable IPv6 DHCP server on the LAN side with the parameters learned from the ISP, consequently the learned DNS servers aren't your domain controller and will cause unpredictable results.Just a note that using track interface in 2.2.6 makes DHCPv6 server and Router Advertisements (RA) non-configurable… however, in 2.3 (beta now, release soon!), you will be able to adjust DHCPv6 server and RA settings when using Track Interface. This includes Static DHCP, so the DC could be given a "static" IPv6 address (as long as the ISP doesn't delegate a different prefix). But the static DHCP address should adjust if the prefix changes.
-
So basically i should wait for the update to be released, then use track interface and attempt this again. In the meantime I should just turn off IPv6 like it was before. Not a big deal to me I was just curious how to make this all work. Correct?
-
There is no logical reason not to hand out static prefixes to each client, as there are enough IPv6 prefixes to satisfy everyone's needs, but many ISPs, sadly, are still stuck in IPv4 mentality.
Pressure your ISP for static IPv6. -
I'm not sure if they are giving out static or dynamic v6 addresses. My original problem wasnt that v6 addresses were changing on my domain controllers and causing dns issues. I'm just trying to get it to work the first time. I'm used to IPv4 and memorizing private IPs.
