IPV6 - Some clients not showing an IPV6 DNS Server

ngr2001

Xfinity / Comcast ISP - IPV6 is setup and working, all IPV6 test pass.

The issue:

I noticed that in the same flat network some Windows 11 clients show both the PF LAN NIC in IPV4 and IPV6 formats under DNS Servers when issuing the command "ipconfig /all", while a few other clients only show the IPV4 value for DNS despite those same clients receiving an IPV6 address and passing all other tests.

All systems are Windows 11, each one has the latest patches and updates, I've rebooted PF and the systems multiple times. The systems that work continue to work and the systems that never pull IPV6 DNS never do.

Does this make any sense ??

Working Client- DNS Servers show both V4 & V6

Broken Client: Missing IPV6 Under DNS Servers

Clean IPV6 Test:

bmeeks

@ngr2001 said in IPV6 - Some clients not showing an IPV6 DNS Server:

The systems that work continue to work and the systems that never pull IPV6 DNS never do.

Have you double-checked the clients that do NOT work to be sure they do not have a hard-coded DNS entry? It is possible in Windows to use DHCP for address assignment but still manually specify DNS server(s).

ngr2001

@bmeeks

Yes tripple checked, and even better one of the 2 clients with the issue is a very fresh clean install of windows 11 ent with all patches and drivers installed and no other apps. The issue also happens on both the wifi card and lan nic of this laptop too. This leads me to believe it's a windows bug. Searching Google there is some chatter of windows not being reliable in regards to RA populating dns values especially when ipv4 dhcp is also being leveraged in parallel. There is a suggestion by MS support to use dhcpv6 to issue clients dns values but I would really prefer to avoid that extra hassle. Being computers only do what you tell them there should be something here causing this.

Bob.Dig

@ngr2001 Looking at your screenshots, you have the problem like everyone else has with pfSense, that when the prefix changes, the old prefix isn't invalidated the proper way. That leads to have two prefixes in use, the old one and the new one. You can see that in your first screenshot, that you have "a lot of" different IPv6-addresses. So the old ones are still used but they don't work anymore. It might be that after some time, Windows is kicking the not working IPv6-DNS-Server out and only uses the IPv4-DNS-Server. At least that is what I think happens.
To be clear, that is not a Windows-problem but a pfSense one. Better don't use it with dynamic prefixes. If you have to, don't use DNS over IPv6 with it. Disable DHCPv6 and only use SLAAC without DNS. You still will have problems with IPv6 but you will not notice anymore because everything will work over IPv4.

ngr2001

@Bob-Dig

That's very Interesting, oddly though, the client with 0 issues is also the client with the extra stale ipv6 addresses.

I found some info on some MS forms that suggests Windows has an issue when the NIC is using both IPV4 DHCP and IPV6 RA at the same time. i.e. other have seen similar DNS weirdness. On the broken system I just tried disabling IVP4 TCP/IP and after rebooting that same box now receives an IPV6 DNS Server. If I then re-enable TCP/IPV4 on the nic, that same system wipes out the DNS servers and replaces with only an IPV4 value.

So this is really starting to feel like a pure MS bug, I don't see how the above could be influenced by PFSense.