DHCP6 makes DNS Resolver/Forwarder constantly restart [Solved]

Ginn

The issue disappear if I set Interfaces/WAN/IPv6 Configuration Type to StaticIPv6 instead of DHCP6.

I use the default configuration for DHCP6, so there are maybe something to configure on it to make it work properly.

johnpoz

well good luck getting dhcp with prefix delegation and tracking for your ipv6 behind a nat router.. Which I highly doubt supports prefix delegation to downstream routers.

Does your new isp even support IPv6?

Easiest solution is to just set IPv6 to none if your isp doesn't support it.. You can always setup a HE tunnel if they do not, or your forced to live behind their nat device.

Ginn

The ISP support IPv6 (Orange France).

The ISP router (Orange Livebox 5) provides a IPv6 address and a IPv6 prefix (With a CIDR like xxxx:xxxx:xxxx:xxxx::/56).
I don't know exactly how this is configured, their device is very basic and does not provides any option.

johnpoz

well a /56 if not delegated is junk... You can not actually assign that to an interface.. a /56 would be delegated to a router, which could then assign subs of that in /64s to its lan side interfaces...

So their devices shows a /56 on its wan? What does it show on its lan.. Does pfsense get an IP at on its wan?

I would suggest you contact your isp on how to put a router behind and delegate say a /60 from their /56 to pfsense, so it can use /64s out of that for its lan.

JKnott

@Ginn said in DHCP6 makes DNS Resolver/Forwarder constantly restart:

(That changed with the ISP, the previous was setup is "Bridge" mode, the new does not have this mode).

Are you sure? On some modems, bridge mode is well hidden. On the local phone company's ADSL modem, it's called PPPoE bypass. If they really don't support that, then providing anything more than a /64 is pretty much useless.

Ginn

@johnpoz said in DHCP6 makes DNS Resolver/Forwarder constantly restart:

So their devices shows a /56 on its wan? What does it show on its lan.. Does pfsense get an IP at on its wan?

Here are all information I have on WAN,LAN and IPv6:



The IPv6 Address on the Network/IPv6 page is the same as the WAN IPv6 address from the System information/Internet page.

pfSense also get the same IPv6 address when its WAN configuration was set to DHCP6 (The one I set as static IP, but looking your explanation, this look useless).

@JKnott said in DHCP6 makes DNS Resolver/Forwarder constantly restart:

Are you sure? On some modems, bridge mode is well hidden. On the local phone company's ADSL modem, it's called PPPoE bypass. If they really don't support that, then providing anything more than a /64 is pretty much useless.

Yes, based on information from some forums specialized on this ISP, this seem to be a well known issue with this ISP's devices...

The only workaround that allow this device, and that does not help in this case (Because it does not allow routing) is to use the following "DMZ" option:

The only solution I found is to totally remove the ISP device, replacing it with an ONT, and configuring pfSense to work with the ISP (that look a little tricky based on forum comments, but feasible). Since I does not have an ONT now, this will wait.

JKnott

@Ginn said in DHCP6 makes DNS Resolver/Forwarder constantly restart:

Yes, based on information from some forums specialized on this ISP, this seem to be a well known issue with this ISP's devices...

Do they have another device available? Can you buy your own?

Ginn

They does not provide any other device.

JKnott

@Ginn

Will they allow you to buy your own from elsewhere and use that? Some ISPs will and some won't. My own ISP, the local cable TV company won't, but a 3rd party ISP, connected via the same cable, allows customers to buy their own modem.

Ginn

Not sure if they will or won't. It is hard to find information about this.
I found some examples of peoples using pfSense directly behind the external ONT provided by the ISP. But that was with older versions of the device with an external ONT, It is included in the device for the new version.

Not sure asking for the old version is a good option since it will likely reduce the bandwidth.

I will need to ask to the support if I want more information on this.