IPv6 / track interface / pass DNS server to client
-
@jpgpi250 I don't think that a NAT Rule will help you, it is probably similar to what Mozilla did with cloudflare, it is not using the DNS-Ports, although I don't know for sure.
2.5 is not released and I don't think it has IPv6 NAT.
-
@Bob-Dig The mozilla DOH feature can be easily disabled with a single dnsmasq (pihole = dnsmasq + extra features) setting: server=/use-application-dns.net/
If pfsense has no intention to support IPv6 NAT, the business case to move to OPNsense just became more solid.
-
@Bob-Dig said in IPv6 / track interface / pass DNS server to client:
@JKnott As you know, I am no expert or even close. But I saw it myself (technically not, but someone explained to me via teamspeak, what he saw and I believe him) with the german consumer-router fritzbox, that with every IPv6 change the firewall rules changed automatically and I guess that almost all consumer router with a IPv6 firewall will do it like that. pfSense can't do that right now, although it could theoretically, because unbound knows the new IP-address/prefix (at least a nslookup on pfSense gives a correct result), but the alias-tables don't get updated correctly. And I think with real host agnostic there would be even more possible.
Today I changed my WAN-IPs (v4&v6) and pfSense was able to update the firewall-aliases of my hosts by itself, bravo.
-
@Bob-Dig said in IPv6 / track interface / pass DNS server to client:
rewall-aliases of my hosts by itself, bravo.
What? What? Really? No joke?
