DNS Resolver not working for Link-Local addresses

son1c · May 28, 2022, 9:31 AM

Hi,

I use Pfsense 22.01 Home Edition and the DNS Resolver over the link-local address which doesn't work.
The IPv4 addresses and the global-unicast address work fine.

The Network Interfaces setting in the DNS Resolver tab is set to all and there are no firewall rules set who will block the requests.

Cu
son1c

JKnott · May 28, 2022, 8:06 PM

@son1c

Given you don't normally use link local addresses for carrying app data etc. why do you want them in DNS?

johnpoz · May 28, 2022, 8:33 PM

@son1c said in DNS Resolver not working for Link-Local addresses:

there are no firewall rules set who will block the requests.

Did you change source from say lan net to any? By default the IPv6 lan net any rule for internet would not allow link-local..

Also I do not believe the automatic access list for unbound would include link-local..

I also not sure why anyone would want to do this - but it does work.. So I enabled a IPv6 any rule for source vs just lan net.

So I can ping pfsense link-local address.

But you can see got back refused for dns query.

I then edited the access list to allow for link local address..

And now I can query the linklocal address

But just at a loss to actual use case for this to be honest.. But it works if you allow for it.

But default lan net IPv6 would not include linklocal network, nor would the default access lists in unbound.. I have always used my own access lists, but if lan net doesn't include the link local space, I doubt the auto access lists would..

son1c · May 29, 2022, 12:04 PM

Thank you for your help!

I use a DNS Filter, so my goal was to forward the DNS querys to the pfsense.
This should be no problem but my internet connection is over DSL, so every time the modem reconnects I get new ipv6 prefixes from my provider. That's why I need a static IP address to forward.

johnpoz · May 29, 2022, 2:42 PM

@son1c why would you not just forward to your IPv4 address - does that change as well?

JKnott · May 29, 2022, 2:46 PM

@son1c said in DNS Resolver not working for Link-Local addresses:

This should be no problem but my internet connection is over DSL, so every time the modem reconnects I get new ipv6 prefixes from my provider. That's why I need a static IP address to forward.

You can use Unique Local Addresses. I use them here, even though my prefix doesn't change.

son1c · May 29, 2022, 2:42 PM

@johnpoz no, i just want try a ipv6 only setup

johnpoz · May 29, 2022, 2:45 PM

@son1c said in DNS Resolver not working for Link-Local addresses:

no, i just want try a ipv6 only setup

Well good luck with that - you understand your not going to be able to get to MOST of the internet ;)

son1c · May 29, 2022, 2:46 PM

@jknott I see, i need to take a closer look to the virtual IP settings