Add IPv6 to PfSense, DNS problems IPv4

Operations · Feb 6, 2023, 7:12 PM

I have added IPv6 (ISP : KPN for the dutch people here :) ) to my PfSense.
IPv6 (WAN) : DHCPv6
IPv4 (LAN): : Track Interface

DHCPv6 is off.
RA = Unmanaged
I am using Cloudflare DNS IPv6 servers

I am pretty new to IPv6 so maybe this isn't a big problem for you guys/Girls.

My IPv4 DNS is handled by my DC 2019 with DNS role. The DNS uses a forwarder to my Adguard.

This is working fine for years now. Since i switched ISP i have got IPv6.

My problem is when i enable my IPv6, my local IPv4 Resolving doesn't work anymore. I cannot ping anything at FQDN anymore.

I am not sure what to do. Should i add static IPv6 address to my DC01 and add all the clients by hand? Since AD is not handling DHCP they will not appear automatically right?

Or how should fix this?

Ipv6-test.com gives me a 20/20.

JKnott · Feb 7, 2023, 2:16 AM

@operations

Your IPv4 DNS server should still be there. What address are you using for DNS lookup?

Operations · Feb 7, 2023, 5:38 AM

@jknott said in Add IPv6 to PfSense, DNS problems IPv4:

@operations

Your IPv4 DNS server should still be there. What address are you using for DNS lookup?

Not a 100% sure what you mean, but my domain controllers have got a 192.168.100.0/24 address. I can reach both of them via ping on IP address. But when i ping DC01 i get 192.168.100.* back. When i ping DC02 i get a IPv6 address back.

My DC01 is primary but DC02 has got the same roles.

Vollans · Feb 7, 2023, 5:49 AM

@operations When you use IPv6, IPv6 takes precedence over IPv4. If somewhere can be reached using IPv6, that will be used. IPv4 becomes fallback/legacy effectively. I suspect that is the reason for your findings on your network.

Operations · Feb 7, 2023, 5:56 AM

@vollans said in Add IPv6 to PfSense, DNS problems IPv4:

@operations When you use IPv6, IPv6 takes precedence over IPv4. If somewhere can be reached using IPv6, that will be used. IPv4 becomes fallback/legacy effectively. I suspect that is the reason for your findings on your network.

Yes i get that, but why do all my client get a IPv6 (from my ISP subnet) except my DC01? Even my DC02 gets a IPv6.

Could that be because DC01 is my primary IPv4 DNS server?

thebear · Feb 7, 2023, 9:50 AM

@operations that’s more a windows issue than pfSense related. Is IPv6 enables on the NIC did you reboot the DC?

What is wirehark showing when you capture the traffic?[link text](link url)

JKnott · Feb 7, 2023, 1:36 PM

@operations said in Add IPv6 to PfSense, DNS problems IPv4:

Yes i get that, but why do all my client get a IPv6 (from my ISP subnet) except my DC01? Even my DC02 gets a IPv6.

As mentioned above, if IPv6 is available, it will be preferred. If the clients are getting IPv6 addresses, it's because it's being provided to them. That's how it's supposed to work. As for DNS, it doesn't matter if IPv4 or IPv6 is used. The exact same info is carried either way. You say you can't get DNS when it was there before you had IPv6. It didn't go away. This means you're likely trying to use a different DNS server address. Is it the clients that can't get DNS? If so, look at the addresses being provided to them. PfSense can provide a DNS server address in IPv4 DHCP and also IPv6 router advertisements. Both will use the default address, unless you provide another address.

Operations · Feb 7, 2023, 2:00 PM

@jknott said in Add IPv6 to PfSense, DNS problems IPv4:

@operations said in Add IPv6 to PfSense, DNS problems IPv4:

Yes i get that, but why do all my client get a IPv6 (from my ISP subnet) except my DC01? Even my DC02 gets a IPv6.

As mentioned above, if IPv6 is available, it will be preferred. If the clients are getting IPv6 addresses, it's because it's being provided to them.

Yes but my is everything getting an IPv6 address except my DC01? My DC02 (same roles, only not primary domain controller) all in same LAN. My DC01 just isnt getting ab IPv6 address. I was/am wondering if there is a logical explaination for this that i am not aware of.

JKnott · Feb 7, 2023, 5:21 PM

@operations

I can't help you there, as I know nothing about your domain controllers.

Operations · Feb 7, 2023, 5:54 PM

@jknott said in Add IPv6 to PfSense, DNS problems IPv4:

@operations

I can't help you there, as I know nothing about your domain controllers.

What do you need to know to determine if there is a logical reason why my DC01 is not getting an IPv6 address?

IPv6 is enabled and on DHCP.

JKnott · Feb 7, 2023, 6:21 PM

@operations said in Add IPv6 to PfSense, DNS problems IPv4:

What do you need to know to determine if there is a logical reason why my DC01 is not getting an IPv6 address?

If everything else gets an IPv6 address and DC01 doesn't, then the problem is with DC01.

thebear · Feb 7, 2023, 6:36 PM

@operations it’s windows that’s the explanation. A

Operations · Feb 7, 2023, 7:22 PM

@jknott said in Add IPv6 to PfSense, DNS problems IPv4:

@operations said in Add IPv6 to PfSense, DNS problems IPv4:

What do you need to know to determine if there is a logical reason why my DC01 is not getting an IPv6 address?

If everything else gets an IPv6 address and DC01 doesn't, then the problem is with DC01.

I agree. How do we fix this? :)

Operations · Feb 7, 2023, 7:24 PM

@thebear said in Add IPv6 to PfSense, DNS problems IPv4:

@operations it’s windows that’s the explanation. A

You think you funny he
:)

thebear · Feb 7, 2023, 7:28 PM

@operations without joking, every client in your network receives IPv6 addresses right? Only 1 windows OS is failing, I think this is an OS issues. If you boot a fresh installed win 11/10 VM, in the same virtual network as DC01, does it work?

Operations · Feb 7, 2023, 7:32 PM

@thebear said in Add IPv6 to PfSense, DNS problems IPv4:

@operations without joking, every client in your network receives IPv6 addresses right? Only 1 windows OS is failing, I think this is an OS issues. If you boot a fresh installed win 11/10 VM, in the same virtual network as DC01, does it work?

Yes all got IPv6 and fresh server 2019 VM also gets IPv6.

My got tells me it has got something to do with the DC01 being primary domain controller (with DNS and DHCP role).

thebear · Feb 7, 2023, 7:33 PM

@operations then it might be time to get the microsoft experts in touch on a microsoft forum.

If you or they can proof its pfSense related, with a Wireshark capture please report back.

Operations · Feb 7, 2023, 7:43 PM

@thebear said in Add IPv6 to PfSense, DNS problems IPv4:

@operations then it might be time to get the microsoft experts in touch on a microsoft forum.

If you or they can proof its pfSense related, with a Wireshark capture please report back.

I am not sure how to troubleshoot this using WireShark. I could run it on DC01. Could you tell me what to do and what to look for?

Vollans · Feb 7, 2023, 7:46 PM

@operations I think he’s suggesting you’ve got a Windows problem. It’s not a pfSense problem, so it’s unlikely you’ll get exposure to a group of people with the knowledge you need here, especially for a niche issue like a domain controller

Operations · Feb 7, 2023, 7:49 PM

@vollans said in Add IPv6 to PfSense, DNS problems IPv4:

@operations I think he’s suggesting you’ve got a Windows problem. It’s not a pfSense problem, so it’s unlikely you’ll get exposure to a group of people with the knowledge you need here, especially for a niche issue like a domain controller

Yes i get he suggesting it is a Windows issue.
I didn't know a domain controller is a niche thing. Plus Wireshark troubleshooting is more a network thing. Which i would think is a thing people here would know. But i could be wrong:)