Dnsmask vs. unbound

  • This question pertains specifically to IPV6 dns.

    If I set pfSense to use dnsmask to provide the DNS function for IPV6 it correctly provides the LAN interface IPV6 address as DNSV6 server address. However, if I use unbound for DNS services, no IPV6 DNS server address is provided to the client. When using unbound, only the LAN side interface IPV4 address is provided to the client for use as DNS server… not good!

    Is this expected behavior? I'd prefer to use unbound, but it seems to lack integration with the dnsmask DHCP function.

    I can't hardcode the LAN side interface IPV6 address in the dnsmask DHCP DNS server settings since it changes each time I reboot pfSense!

    2.2-BETA (i386)
    built on Fri Nov 28 08:29:54 CST 2014

  • There was a spot there where it was only checking dnsmasq and not unbound, I just fixed that. Tomorrow's snapshot will work, or you can gitsync in the mean time.

  • Did gitsync to test it. Does not work at pfSense bootup!

    If I restart unbound after bootup is complete then clients start getting IPV6 DNS server addresses.

    Does unbound get auto-restarted when radvd gets a new IPV6 WAN interface address, then delegates LAN side IPV6 addresses?

  • I'm getting both RDNSS in radvd.conf and dhcp6.name-servers in dhcpdv6.conf, both for static and dynamic w/PD WANs. It can take a little time at boot before dhcp6 and radvd are started where you're using PD. On my test setup, about a handful of seconds after v4 is up. Catching it before that happens shows there is no radvd.conf nor dhcpdv6.conf at all until the PD is complete. It's hard to even catch that to see it it's so short.

    Unbound's status or being restarted has no relation to whether it's put in dhcpdv6.conf and radvd.conf, the only check there is whether Unbound is enabled (it can be completely dead and it still ends up in those conf files). Which is identical to what dnsmasq does. The only change I made was changing the "if dnsmasq is enabled" checks to "if dnsmasq or unbound is enabled". Restarting Unbound updates the radvd and dhcp6 configs the same way restarting dnsmasq does. If there is some kind of issue there, it's the same with unbound as it is with dnsmasq.

  • Yes, IPV6 completely broken on my box with this morning's update. Started new thread about it.

  • I don't see how it can help those using DNS Forwarder (dnsmasq) (@priller), but you might as well try making the fix I wrote about here:

    and then report what problems remain after rebooting.

Log in to reply