How does one override ISP DNS with an Assisted RA
-
Like others, I've recently discovered that Vz FiOS (central Mass.) now sends RAs. That lead me to attempt to configure IPv6 and I think I have it working in Assisted RA mode. I get IPs and IPv6 tests pass.
But I'm having an issue with DNS. No matter where or how I specify the DNS -- in General or as in the screen snippet below, in the DHCP6 settings -- I always get the Vz DNS (2600:4040...).
This means that local hostnames registered in the firewall cannot be resolved even though Settings, General is set to "Use local DNS".
BTW, if I don't specify the three DNS servers from Google/CloudFlare in the DHCP6 settings they don't appear at all on a client interface -- even though the doc says in multiple places that they should.
Does anyone have a suggestion for where to look at what I may have misconfigured?
I'm an IPv6 newbie, so apologies if this is a dumb question.
-
@yobyot
Verizon doesn't actually specify IPv6 DNS servers, I'm pretty sure. At least not yet.Are you sure that's not the IPv6 address of the LAN interface on your pfSense device?
By default, pfSense will advertise itself as a DNS server to your network if you're using DNS Resolver or DNS Forwarder. So just as 192.168.2.1 is your pfSense device's IPv4 address, I'm betting that next IPv6 address is your pfSense LAN interface's address.
-
Also, enable Provide DNS configuration via radvd on the RA page. There are 2 ways IPv6 can be provided. One is RDNSS, which is what that setting enables and via DHCPv6. You can use stateless mode for that. However, that won't work with Android devices.
-
@mikev7896 Thanks!
Yup, that was it.
I kept thinking that the 2600:4040:558d:9300...address was Vz's DNS server. But it's actually the IPv6 address of the firewall.
So, I took out the other DNS addresses shown in the screenshot, added them to General settings and made sure to tell pfSense to use the firewall for DNS. Works like a charm.
This is all so new. I guess I have to wrap my head around seeing public IPv6 addresses on my private LAN. It's a gut, visceral IPv4 reaction to wonder what the heck is going on when you see that.
But with no address space depletion in site, it's gonna be the new normal one day.
-
Thanks. The setting you recommend was set. I don't recall setting it. Maybe in CE 2.6.0 it's a default?
More things to learn...RDNSS, etc. Sigh.