Clients do not use DNSv6 server from RDNSS Router Advertisement

Jung-Fernmelder

Dear Negate-Forum,

I've set up the Router Advertisements and it seems to work properly except the DNSv6 server. It's advertised - I've checked that with Wireshark:

But the clients (Windows 10 23H2 and Windws 11 23H2) don't apply the DNSv6 server.
How can I fix this? The clients should apply and use the DNSv6 server. I had no Debian clients here to test it under Debian.
Further information:
pfSense version: 2.7.2-RELEASE community edition
ISP: Deutsche Giganetz
subscription: MyNetz 600 with Dual Stack
I'd appreciate any help. Thank you!

Best regards

Jung-Fernmelder

Jung-Fernmelder

Dear Netgate-Forum,

has anyone an idea how to solve this issue? Can I adjust the Router Advertisements? Or is it rather an issue with pfSense's Router Advertisements than with Windows networking utilities?
Thank you very much!

Best regards

Jung-Fernmelder

bschapendonk

@Jung-Fernmelder afaik Windows doesn't use RDNSS when in dual-stack mode.

This seems to be fixed in Windows 11 24H2, as in it's working fine for me (DHCPv6 server is disabled, RA in Unmanaged).

Before Windows 11 24H2 I had to run DHCPv6 and RA in Assisted, to get a DNS server via DHCPv6, also the clients got three IPv6 addresses (two via SLAAC and one via DHCPv6)

Jung-Fernmelder

@bschapendonk Yes. I was on a Windows 11 23H3 machine and turned off IPv4. After turning off IPv4 Windows started to use the via RDNSS advertised DNSv6 server immediately without visible issues. This seems to be Windows special behaviour #50,625,244,018.
Do you know whether Windows 11 24H4 will support DoT out of the box? There's no DoT support included in Windows 11 23H2; the command

netsh dns add global dot=yes

which should enable DoT replies with

C:\Windows\System32>netsh dns add global dot=yes
"dot" ist kein gültiges Argument für diesen Befehl.
Ungültige Syntax. Weitere Informationen finden Sie in der Hilfe des Befehls.

Syntax: add global [[doh=]ja|no|auto] [[ddr=]yes|no]

Parameter:

 Tag Wert
 doh - Die globale DNS-over-HTTPS-Einstellung. Die verfügbaren
 Optionen sind:
 Nein: verbietet die Verwendung von DoH durch den DNS-Client
 Ja: Ermöglicht die DoH-Verwendung basierend auf Schnittstelle, Server,
 oder anderen Konfigurationen
 Automatisch: Erzwingt, dass alle bekannten DoH-Server nur DoH
 ddr - die globale DDR-Einstellung verwenden. Die verfügbaren
 Optionen lauten:
 Nein: deaktiviert die Verwendung von DDR durch den DNS-Client
 Ja: aktiviert die DDR-Verwendung basierend auf Schnittstelle, Server,
 oder anderen Konfigurationen

Hinweise: Fügt eine globale DNS-Konfigurationsoption hinzu.

In English this is summarized

"dot" is no valid argument for this command.

Appendix 2024-09-10 12:11 CEST: It was Microsoft Windows 11 Pro 23H2 Build 22631.4037 with German region settings. General Availability Channel. Kept up to date by Windows Update.

bschapendonk

@Jung-Fernmelder I'm not using doh or dot, but it looks like the option is there in 24H2 (10.0.26100.1591).

Jung-Fernmelder

@bschapendonk I'll check this out when Windows 11 24H2 will be deployed to our devices through the General Availability Channel.