Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Forwarder IPv6

    Scheduled Pinned Locked Moved
    IPv6
    4
    7
    6.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      UnderCover
      last edited by

      Does IPv6 in PFsense currently support DNS Forwarder service?

      1 Reply Last reply Reply Quote 0
      • B
        billm
        last edited by

        @UnderCover:

        Does IPv6 in PFsense currently support DNS Forwarder service?

        Appears to be working here - I'm not sure if it queried against he.net's v4 or v6 service, I have both setup in my resolver on that machine.

        $ dig AAAA www.he.net @2001:470:ffff::3

        ; <<>> DiG 9.6.0-APPLE-P2 <<>> AAAA www.he.net @2001:470:ffff::3
        ;; global options: +cmd
        ;; Got answer:
        ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54600
        ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

        ;; QUESTION SECTION:
        ;www.he.net. IN AAAA

        ;; ANSWER SECTION:
        www.he.net. 54736 IN CNAME he.net.
        he.net. 75516 IN AAAA 2001:470:0:76::2

        ;; Query time: 4372 msec

        pfSense core developer
        blog - http://www.ucsecurity.com/
        twitter - billmarquette

        1 Reply Last reply Reply Quote 0
        • I
          iFloris
          last edited by

          You can even have your machines query pfsense's dns forwarder on pfsense's lan (or whatever interface) v6 address, for even more ipv6-ness.

          Unfortunately, this doesn't work with unbound as of yet.

          one layer of information
          removed

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            @iFloris:

            Unfortunately, this doesn't work with unbound as of yet.

            What doesn't work on unbound?  I query unbound on ipv6 address of the lan interface just fine.

            ; <<>> DiG 9.7.3 <<>> @2001:470:snipped:b85::1 version.bind chaos txt
            ; (1 server found)
            ;; global options: +cmd
            ;; Got answer:
            ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45731
            ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

            ;; QUESTION SECTION:
            ;version.bind.                  CH      TXT

            ;; ANSWER SECTION:
            version.bind.          0      CH      TXT    "unbound 1.4.8"

            ;; Query time: 3 msec
            ;; SERVER: 2001:470:snipped:b85::1#53(2001:470:snipped:b85::1)
            ;; WHEN: Thu May 19 15:44:20 2011
            ;; MSG SIZE  rcvd: 56

            ; <<>> DiG 9.7.3 <<>> @2001:470:snipped:b85::1 www.pfsense.org
            ; (1 server found)
            ;; global options: +cmd
            ;; Got answer:
            ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55611
            ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0

            ;; QUESTION SECTION:
            ;www.pfsense.org.              IN      A

            ;; ANSWER SECTION:
            www.pfsense.org.        3600    IN      CNAME  pfsense.org.
            pfsense.org.            3600    IN      A      69.64.6.21

            ;; AUTHORITY SECTION:
            pfsense.org.            3600    IN      NS      ns17.domaincontrol.com.
            pfsense.org.            3600    IN      NS      ns18.domaincontrol.com.

            ;; Query time: 308 msec
            ;; SERVER: 2001:470:snipped:b85::1#53(2001:470:snipped:b85::1)
            ;; WHEN: Thu May 19 15:45:26 2011
            ;; MSG SIZE  rcvd: 118

            You have to make a few changes to the unbound config and just restart the service if you disable and reenable it seems to overwrite the config with defaults, etc.  It should be able to be enabled in the gui, but it does work.

            See this thread
            http://forum.pfsense.org/index.php?topic=34018.0

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.03 | Lab VMs 2.7.2, 24.03

            1 Reply Last reply Reply Quote 0
            • I
              iFloris
              last edited by

              @johnpoz:

              What doesn't work on unbound?  I query unbound on ipv6 address of the lan interface just fine.

              You have to make a few changes to the unbound config and just restart the service if you disable and reenable it seems to overwrite the config with defaults, etc.  It should be able to be enabled in the gui, but it does work.

              See this thread
              http://forum.pfsense.org/index.php?topic=34018.0

              Thanks johnpoz, I had not checked out unbound's v6 support in a while.
              What I keep running into is that unbound will not start (at all) after I have edited its .conf file.

              There seems to be a lot of complaining to the gist of "/var/tmp/unbound_cache' returned exit code '1' the output was '[1305890153] unbound[14846:0] error: bind: address already in use [1305890153] unbound[14846:0] fatal error: could not open ports'" going on in my system log.

              Having insufficient savviness to resolve this situation, I have reinstated dnsforwarder as resolver for my lan.

              The other interesting thing I find interesting about this snag is that unbound refuses to start even after reinstalling unbound's package.
              To me, that seems to indicate that my lack of savviness has caused a different, but related issue.

              one layer of information
              removed

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                What are you using to edit the conf with?  Possible your corrupting it??

                I have not had any issues making changes to it and then just restarting the service.

                But I just put my changes into the unbound.inc in /usr/local/pkg so that I don't have to worry about restarting it now and allowing my ipv6 network, and binding to the ipv6 address and the do ipv6 setting.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.03 | Lab VMs 2.7.2, 24.03

                1 Reply Last reply Reply Quote 0
                • I
                  iFloris
                  last edited by

                  At the moment I'm editing the conf with textmate but I have also edited the file with Kod. I'm mounting the filesystem with an implementation of fuse called ExpanDrive so that I can edit and backup the file as if it were a local disk.

                  The file doesn't seem to be corrupted, as I can read it back in after editing.
                  Also, it gets reset when saving settings in the webconfigurator, as you noted.
                  Perhaps there is something else going on, as I had a bunch of calcru went backwards error messages preceding a panic just now.

                  one layer of information
                  removed

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post