Can't access ISP's IPv6 DNS servers (pfblocker issue?)



  • HI all,

    Hope to get some pointers.

    Last thing I installed on my router is the pfblocker package. And right around that same time (though I can't tell for 100%, maybe coincidental) I stopped being able to access or ping the IPv6 DNS servers from my ISP (assigned via DHCPv6). My provider is Comcast, the servers are:

    2001:558:feed::2
    2001:558:feed::1

    The IPv4 DNS servers work fine and are accessible.

    I checked pfblocker rules, and all of them seem to be for IPv4 IP addresses. The DNS servers should be up, as I can ping them through external websites. So, something on my firewall is blocking the communication, but I can't see anything in the log of the firewall. However, in the system log I see many entries like this:

    dhcp6c[26581]: client6_send: transmit failed: Operation not permitted

    I'm also running squid and squidGuard (those shouldn't be a problem), snort (I checked the blocked list and DNS servers are not there), tried to disable pfblocker (didn't help), I'm also running BIND (but I had it running for a little while and everything was working OK with it, until recently).

    I tried to add a manual Firewall rule to allow traffic to the explicit DNS ip addresses, but that didn't help. I'm blocking bogon networks and private nets on the WAN side.

    Any ideas what could be blocking it? Is there a way to see full firewall logs and see what's blocking?

    Any help would be appreciated!

    Thanks a lot!
    Dmitri



  • Problem resolved. My IPv6 was released by my ISP, for some reason. Hence, I couldn't ping ANY IPv6 addresses, I just noticed the DNS issues first.

    After a restart of the cable modem, and pfsense box, everything is operating as expected.


Log in to reply