DNS ipv6
-
How to disable listening DNS on ipv6. I dont have ipv6and disabled all. But on main dashboard have listening ::1
-
@Antibiotic what version of pfsense are you running?
I have IPv6 enabled and not seeing that.
Do you have unbound set to listen on all?
-
@johnpoz Version is 24.03
-
@johnpoz Unbound on dedicated interfaces and strict mode
pfSense plus 24.11 on Topton mini PC
CPU: Intel N100
NIC: Intel i-226v 4 pcs
RAM : 16 GB DDR5
Disk: 128 GB NVMe
Brgds, Archi -
-
@Antibiotic I haven't played with 24.03 yet, its not really an issue.. More of an OCD thing I take it on your part?
-
@johnpoz What it mean OCD thing?
-
@Antibiotic the display of it bugs you ;)
Obsessive-compulsive disorder (OCD)
But there is no functional problem with it listing ::1 which is just loopback for IPv6.
-
@johnpoz BTW if using openvpn as client, do I need to listen DNS resolver on this network interface and outgoing interface? I didnt this but vpn is working and me in doubt now?
-
@Antibiotic Notice that ns1vpn interface - I am not listening on it, do you want to use it for dns?
-
@johnpoz I'm using pfblockerNG and in doubt how better, choose this vpn interface or it doesn't matter
-
@Antibiotic not sure why it would matter, unless you specific want to query it? Or use it for an outbound connection?
My outbound is just set to loopback, pfsense will use the correct interface via routing to get to where it needs to go to talk to a specific NS when its resolving.
-
@johnpoz LOL , i did not informed about this trick. I'm always set WAN or VPN for outgoing. Thank you for tip!
-
@johnpoz But if set DNS resolver network outgoing to localhost, will pfblockerNG working on all interfaces? because looks like , he is stop filtering dns request on interface with openvpn
-
@Antibiotic Not sure what you think pfblocker and your outgoing interface has to do with each other? And doesn't matter what interface you query unbound on, for pfblocker to work..
-
using
and I see :
which is fine for me.
Most traffic is IPv6 anyway these days ^^In the the past, I always had set this :
on the General setup page, as I had the option there were two localhosts : 127.0.0.1 and ::1, as I was using both protocols, and most, if not every process uses IPv6 first, and fall back to IPv4 if needed.
-
@Gertjan Idk, if set outgoing to localhost in my case internet working over openvpn client nic, but the nic going over WAN dont have internet
-
A VPN CLIENT interface is like a WAN.
The resolver doesn't / shouldn't (you pick) need to listen to a WAN interface.
IMHO, by default, the resolver, when it starts, picks among the WAN interfaces available what it seems to be best.@Antibiotic said in DNS ipv6:
but the nic going over WAN dont have internet
In that case, how does the VPN CLIENT connect ? I bet it goes out over your WAN ^^ so you WAN has "Internet" access.
-
@Gertjan Yea its logically, will check. BTW could be you know netmap root directory location on pfSense?
-
@Antibiotic said in DNS ipv6:
BTW could be you know netmap root directory location on pfSense?
What is that ?
