DNS Resolve for Localhost, IPv6?

arrmo · Aug 14, 2015, 3:51 AM

Hi,

I am having some issues on Windows 10, and it seems to point back to the DNS Forwarder (dnsmasq) on pfSense returning two IP addresses for "localhost" … ::1, and 127.0.0.1. I have IPv6 generically disabled on pfSense (Networking > Allow IPv6 is disabled), so a bit confused by this.

But in any case, is there a way to disable this (i.e. don't return IPv6 for DNS lookups that resolve at pfSense)?

Thanks!

VBS · Aug 14, 2015, 5:40 AM

[Networking > Allow IPv6]
"All IPv6 traffic will be blocked by the firewall unless this box is checked."
"NOTE: This does not disable any IPv6 features on the firewall, it only blocks traffic."
^ Did you read that?

What about:
[Networking > Prefer to use IPv4 even if IPv6 is available]
"By default, if a hostname resolves IPv6 and IPv4 addresses IPv6 will be used, if you check this option, IPv4 will be used instead of IPv6."

By the way "localhost" will always resolve to 127.0.0.1 and ::1 on the device doing the lookup.
It is the (non-routable) local loopback address that any and all devices use to refer to itself - often hardcoded into the hosts config and not asked for over DNS.
("Why would I need to ask someone else where I can find ME!")
Windows also prefers IPv6 by default and will use it if it can. Windows will always pick ::1 for localhost - even if you have IPv4-only DNS.

If you don't want a device to use ::1 to refer to itself, you'll most likely have to remove it from the hosts file.
I can't think of any reason you'd need to do this, though.

arrmo · Aug 14, 2015, 12:18 PM

Hi,

Thanks for the quick reply!

Yep, agreed on the note - I was grasping at straws a bit, as I already have the second setting enabled (Prefer to use IPv4 even if IPv6 is available) … no joy. No matter what I seem to do, if I do a nslookup (from Windows, to pFSense) => ::1 is returned first. The problem with that, is that it breaks some services running on my Windows machine.

Make sense?

Thanks again.

doktornotor · Aug 14, 2015, 10:26 PM

Sir. ::1 is hardcoded in Windows DNS client binary. Move on. Even with %WinDir%\System32\drivers\etc\hosts completely empty (which is the default), it will STILL point to localhost. pfSsense DNS server will NOT ever get queried for localhost. Localhost is localhost is localhost is a local machine. You are doing something highly retarded if resolving localhost to localhost causes you an issue.

arrmo · Aug 15, 2015, 2:16 AM

Hi,

Understood - and agreed! The problem is that ::1 has broken a service on my machine (NextPVR) … :(. I hacked the registry, and forced IPv4 preference over IPv6, and that allowed me to get the service working again. This didn't happen on Windows 8, just started with Windows 10.

But FYI, nslookup is definitely quering pfSense - it even says that in the response ... ;). Not saying the response is wrong, agree with you there.

Thanks!