ASUS Router and ipv6 not resolving local names

Expected Behaviour:

After configuring ipv6 in my new pi-hole using dietpi, in a raspberry pi 4, apple devices should be able to solve local name address (pi.hole, "hostname", etc.)

Actual Behaviour:

After identifying the ipv6 address of my raspberry (ip -a), I configured the DNS in my router IPv6 DNS setting (disabling the "Connect to DNS Server automatically" option and typing the IPv6 address in the "IPv6 DNS Server 1" field. I leave IPv6 in my router configuration as Native, and "Auto Configuration Setting" as "Stateless" and keep "Enable Router Advertisement" enabled. The IPv6 address I'm using looks is the link-local address, as looks like my router does not support ULA addresses. I'm able to test ipv6 connection using https://ipv6-test.com/.

After rebooting my raspberry and my router (in that order), I can see that my windows clients and apple devices had the ipv6 address pointing to my raspberry pi. However, this is not the link-local address, but the public address (starts with 2800), and I also can see the address of my router here (finishing in 1). At this moment, using an app in my apple devices I can ping different local devices. However, if I disconnect o renew the address of my iPad (or iPhone), I can see in the DNS settings that the public address pointing to the raspberry pi is no longer there, and I cannot ping any local devices. This does not happen in my windows devices after an ip address renewal (I can still ping local devices and I can see the entry of my raspberry pi in the dns entries (along with my ISP DNS).

I'm using ASUS standard firmware with an RT-AX86U, with the latest firmware. Any guidance on how to fix this issue is welcomed! Thanks!

Debug Token:

https://tricorder.pi-hole.net/ENYwJwiT/

Pi-hole must be the sole DNS server for your network.

A client may and will use any alternative DNS server at its own discretion, completely by-passing Pi-hole on occasions, and thus also eliminating resolution of local hostnames.

Your debug log shows that your router is correctly distributing only your Pi-hole host's IPv4 address as DNS server:

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Timeout: 10 seconds
   
   * Received 300 bytes from eth0:192.168.1.10
     Server IP address: 192.168.1.10
     DHCP options:
      dns-server: 192.168.1.10
      domain-name: "local"
      router: 192.168.1.1
      --- end of options ---
    
   DHCP packets received on interface lo: 0
   DHCP packets received on interface eth0: 1

So how do your Windows clients learn about your ISP DNS? Is that an IPv6 IP?

Also note that you should change your router's domain-name, as local is reserved for usage by the mDNS protocol as implemented e.g. by Apple's Bonjour.

@Bucking_Horn, yes, my pi-hole is the only DNS server right now, and actually if I disable IPv6 all local names are resolved (even in Apple devices). However, I would like to have IPv6 working fine at least as a home experiment (I'm just getting into IPv6)

Regarding the windows DNS, I'm talking about IPv6. IPv4 looks ok and works OK.

Finally, I noticed before the recommendation about .local and mDNS, but I was giving it a try. I already tried with some other domain, but the IPv6 DNS are behaving the same. My problem is only with apple devices. Thanks!

This contradicts your observation on Windows clients:

What's the IP of your ISP DNS server?

Also, please run the following command from a Windows client:

ipconfig /all

Please share the output, preferably as text.
We'd only be interested in the entries of the DNS server section.

This contradicts your observation on Windows clients:

For IPv4 I only have one DNS, however, I may have misinterpreted things at point. So, here they go the DNS entries for 2 windows clients (masking IPv6 entries):

Windows IP Configuration

   Host Name . . . . . . . . . . . . : THINKPAD-X1Yg3
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : ibm.com
                                       lotus.com
                                       s81c.com
                                       ibmmodules.com
                                       ibmuc.com

Ethernet adapter Ethernet Intel Card:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Ethernet Connection (4) I219-LM
   Physical Address. . . . . . . . . : 48-xx-xx-xx-xx-xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet Lenovo USB-C Dock:

   Connection-specific DNS Suffix  . : local
   Description . . . . . . . . . . . : Lenovo USB Ethernet
   Physical Address. . . . . . . . . : 48--xx-xx-xx-xx-xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2806:...:120(Preferred)
   Lease Obtained. . . . . . . . . . : Sunday, November 21, 2021 5:31:43 PM
   Lease Expires . . . . . . . . . . : Sunday, November 21, 2021 6:31:44 PM
   IPv6 Address. . . . . . . . . . . : 2806:...:95b8(Preferred)
   Temporary IPv6 Address. . . . . . : 2806:...:fad4(Preferred)
   IPv6 Address. . . . . . . . . . . : fd1d:...:95b8(Deprecated)
   IPv6 Address. . . . . . . . . . . : fd3d:....:95b8(Deprecated)
   IPv6 Address. . . . . . . . . . . : fdb1:...:95b8(Deprecated)
   Link-local IPv6 Address . . . . . : fe80:...:95b8%4(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.236(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, November 21, 2021 5:31:49 PM
   Lease Expires . . . . . . . . . . : Monday, November 22, 2021 5:31:50 PM
   Default Gateway . . . . . . . . . : fe80:...:49a0%4
                                       192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.10
   DHCPv6 IAID . . . . . . . . . . . : 289942243
   DHCPv6 Client DUID. . . . . . . . : ...
   DNS Servers . . . . . . . . . . . : 2806:...:9a95
                                       192.168.1.10
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Local Area Connection* 1:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #3
   Physical Address. . . . . . . . . : A0--xx-xx-xx-xx-xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 12:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #4
   Physical Address. . . . . . . . . : A2--xx-xx-xx-xx-xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : A0--xx-xx-xx-xx-xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : local
   Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 8265
   Physical Address. . . . . . . . . : A0--xx-xx-xx-xx-xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

I just noted that in this client, looks it is working ok. I have other one which looks like this:

   Servidores DNS. . . . . . . . . . . . . . : 2806:...:9a95
                                       192.168.1.10
                                       2806:...:1
                                       2806:...:9a95

So, when a did a ping I got something that make thing it was my ISP DNS (my mistake!, sorry)

ping -a 2806:...:9a95"
Pinging 2806-...-9a95.ipv6.infinitum.net.mx [2806:...:9a95] with 32 bytes of data

So, besides what you may tell me, looks like IPv4 and IPv6 DNS are correct, right?

This takes my to my original problem, with apple devices, when I reboot the pi-hole and my router, I can see something like this in the DNS entry:

DNS SERVERS:
192.168.1.10
fd1d:...:9a95
2806:..:1

Which is correct, and I can ping local devices. However, if I disconnect the device, then this is what I get:

DSN SERVERS
192.168.1.10
2806:...:1

And I can not contact local devices, I get a "failed to resolve IP address" in my ping app.

Hope this clarifies things a bit, and sorry for my misundertanding.

Thanks!

No.

While your debug log confirms that an IPv6 interface identifier ending in:9a95 would indeed mark your Pi-hole host, 2806:...:1 is very likely the public IPv6 of your router.

Any device that would use 2806:...:1 for DNS would thus by-pass Pi-hole completely.

You'd have to find a way to configure your router to advertise your Pi-hole host machine's IPv6 as DNS server and stop advertising its own.

You'd have to consult your router's documentation sources on further details for its IPv6 configuration options.

If your router doesn't support configuring IPv6 DNS, you could consider disabling IPv6 altogether.

If your router doesn't support that either, your clients will be able to bypass Pi-hole via IPv6.

I had to use custom firmware (Asuswrt-Merlin) for my ASUS router (RT-AC86U) to get it to advertise a custom IPv6 DNS address, see:

So I guess I will have to go to Merlin!... Looks like in IPv6 standard firmware has the same problem as in IPv4 (adds the router DNS to the pi-hole)...

This clarifies what I was seeing... now, any recommendation for Apple devices? What I'm seeing could be related to the router firmware?... I mean, after first connection the apple devices point to the pi-hole, if I disconnect and connect again I only have the router DNS...

I have Apple devices on my network and all show only the IPv4 and IPv6 (I use the link local address as it's static) addresses for my pi-hole device (RPi) in the DNS settings.

The behaviour you are seeing could be related to the router not honouring the custom DNS IP address (not sure why the option exists in the firmware when it's ignored) and broadcasting it's own IP as a DNS address.

Thanks! next weekend I will upgrade to merlin, and report back.

@NGr just went over the post you referenced, just one more question, from what I understand then even merlin firmware has the same behavior as the standard firmware, but it has the ability to override it with the jffs scripts, right?

There seem to be several versions of that script code floating around that external post (click)

This may be the most concise one:

#!/bin/sh
sed -i "s/dhcp-option=lan,option6:23,.*/dhcp-option=lan,option6:23,[YOUR PI-HOLE IPV6 ADDRESS]/" $1

This post contains scripts, or links to scripts, that are untested by the Pi-hole team. We encourage users to be creative, but we are unable to support any potential problems caused by running these scripts


With a bit of luck:
@gil80, could you help jfgarciamex to educate their ASUS router to stop distributing its own IPv6 server as DNS server?
It seems you were one of the SNB forum users that discussed a possible fix (in which case the script variant I've quoted would be yours)?

1 Like

That's correct, the setting in the GUI is ignored still and you have to use the script to override the setting in dnsmasq.

This is the sed command I use in my script.

Thank you guys... I think I now understand it... I will be testing all this over the weekend and report back...

Hi @jfgarciamex

I was able to get it working with the jffs script as per my post over at SNB forums. I'm not sure if I'm allowed to redirect to other forums, but I'm happy to DM it to you if you still need it.

At the end, I cancelled it all and moved back to using just IPv4 as there wasn't any real world benefit for my use case.

as long as you can SSH to your Asus router, you should be good with the following script:

#!/bin/sh
sed -i "s/dhcp-option=lan,option6:23,.*/dhcp-option=lan,option6:23,[YOUR PI-HOLE IPV6 ADDRESS]/" $1

put it in Put it in dnsmasq.postconf

further "how-to" can be found here: Custom config files · RMerl/asuswrt-merlin.ng Wiki · GitHub

1 Like

@gil80, NGr and Bucking_Horn, thanks so much for your guidance. I was able to solve the issue, and now, I can see only the pi-hole as DNS server for IPv4 and IPv6. So far the last 12 hours has been working fine! Regarding the apple devices, I'm also seeing the right behavior and able to resolve local names.

Solution was to install ASUS Merling firmware, with the post config script in dsnmasq.postconfig as referenced in previous posts.

1 Like