Blocking IPv6 queries not working


I am using following versions:
Pi-hole v5.1.2
Web Interface v5.1.1
FTL v5.2

I do not have an IPv6 from my ISP. There are devices trying to query IPv6 in my LAN they are actually forwarded and I want to block all IPv6 queries.

I have following entry in my Blacklist -> RegEx filter to do that

I expected to see all AAAA request to be blocked. However, even after restarting the whole OS that Pi-hole is running on, I still see queries are forwarded & cached.

My debug token is id7ttadutw

Any help is appreciated.

Thanks & Regards,

If you have no IPv6 connectivity then there's nothing that an AAAA record will resolve to that will allow a client to use IPv6.

The regex isn't going to do anything.

@DanSchaper, though my case is similar to the one in here: Option to block/not forward all AAAA queries

I might be wrong though.

What is your end goal, and why are you hoping for that goal. What is it that you are trying to achieve or avoid?

My goal is to get more bandwidth as possible. I didn't know that IPv6 packets are travelling in my network until I setup Pi-hole. Now, I do and would like to block them as that makes no sense in my setup where I do not have IPv6 at all.

I am a home user. My theoretical internet connection speed is low (compared to most) like 16Mbit download. Fact is I am not getting half of that speed on average. I have speeds less than 1Mbit at times.

IPv6 queries have ratio around 13% (~14000 forwarded IPv6 queries in ~107000 total) in two days of Pi-hole use. Even they do not resolve, they are eating some from the bandwidth. I am not sure how much.

There are a lot of IoT devices like Amazon Alexa, Smart TV and a like in the network that I cannot do anything to stop them sending IPv6 requests.

Moreover, linked thread was something that seemed to me already implemented in the system. Seems, my case is different after all.

If you totaled the bandwidth consumed in a year you might get to the equivalent of a twitter message.

I am not sure if my below calculation is correct. I read 72 bytes received at the bottom of following output. I don't know how much sent at all.

root@debian:~# dig AAAA

; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 51607
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 100e8fed47a05c5b (echoed)
; IN    AAAA

;; Query time: 67 msec
;; WHEN: Sun Nov 08 00:32:29 +03 2020
;; MSG SIZE  rcvd: 72

14000 * 72 = 1008000 bytes = 0.96MiB
That is about 0.48MiB/day and about 175MiB per year.

I really do not have a Twitter account and not using it. IMHO, above amount should be bigger than a twitter message.

My response was obviously hyperbole. My point was that the amount is so minuscule that optimizing at that level is a fools errand.

Going by your numbers, even at 1Mbps, you'd give yourself 4 seconds additional bandwidth a day.

Yes, I understand that. Though, amount is relative. Consider having a connection around 1-3MBits download speeds.

Anyway, documents I read leaves me to increase local dns cache ttl (yes, not a good solution at all) for at least having them kept in cache for the time being.

Also, I will try to collect all domains used for IPv6 in my system and put them on black list and test if anything is broken.

Thank you.

I am not sure my statistics are complete just in two days of use. Though, amount can really be small.

However, below graph makes one to search for it
That is ~30% portion

You're going to just cause a ton more work for yourself and lose any gains you may or may not eventually get.

Just to be complete on time calculation.

I believe your calculation was something like below:
7000 queries / day, 72 bytes / query
7000 * 72 = 504000 bytes = 4032000 bits which is roughly 4 seconds over a 1MBits link speed.

On the other hand, my dig output above displays 67 msec real life query time (over I do not know what speed it was as it is really fluctuating)
67 msec = 0.067 sec.
7000 * 0.067 = 469 sec = ~7.8 minutes / day

Which has no bearing on anything. Doesn't matter if it takes 3 seconds to get a response, your clients don't use it and have already moved on with the A record response.

Edit: even going by that incorrect value that's 8 minutes a day, 20 seconds an hour. If you're so dialed in that you can tell 20 seconds lost in an hour...

The regex you show won't do that. Regex works on domains only, not query type, in the current version of Pi-hole (5.2).

I though feature here: RegEx engine improvements - #31 by DL6ER is already included in FTL v5.2.

The regex is correct and should work, but the code is not included in FTL v5.2. It is scheduled for v5.3

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.