DNS Resolver with Forwarding Mode

  • I know the first reaction to the title is, don't do that. I want to agree but need some help with an idea or a confirmation that I have to do it this way.
    I have bypassed (with great help) my ATT gateway. IPv4 will resolve with no issues because you can ping from the WAN connection to an DNS4 server. You cannot however ping from the IPv6 WAN to a DNS6 because I assume it is filtered. My router is now acting like it is the provided gateway. You also cannot set a monitor gateway upstream for multi-wan because it will always think its down. So, if I leave the resolver to do its job DNS6 requests I assume failover to the DNS4 NS and ask for the AAAA record which is then resolved. So, the resolver alone "works".

    I have, because I use pfBlockerng, made sure I used the resolver to block AD's. What I have done for the time being, because it works well, is checked the forward option on the resolver page. I added DNS4 and DNS6 Google DNS addresses in General settings.

    My question is this. Would you leave the resolver to failover to DNS4 or use forwarding like I have for DNS6? I think this really comes down to the test sites for DNS6 saying all is well or failing some tests. Resolver alone will fail the DNS6 + IP4 and DNS6 + IP6. With forwarding these tests pass. Is this important to pass the tests or more important to strictly use the resolver for everything?

  • A little update. I can ping from my WAN connection now but still have no direct link to a DNS6 name server. I'm not sure what option I might be missing or if its even an option at all but I am sticking with the resolver. At some point I might figure this out but until then failover to DNS4 is working fine. Any ideas are welcome.

Log in to reply