Hi all, I have a comcast gateway router so I can't disable its DHCP server as far as I know, because it has the "safety feature" described here Why won't Pi-hole work with DNS rebind protection enabled? so running the pi-hole DHCPv6 server will be duplicating servers as far as I know. I have the Gateway set to the static IP of the pi-hole for IPv4 and it is blocking IPv4 requests just fine. But Comcast is still listed as my IPV6 DNS server, I think because of the automatic switching back to it that the gateway does: Change dns server? | Xfinity Community Forum. They say that can be circumvented by using the gateway as a modem and using your own router. I don't own a standalone router. Is it possible to turn off DHCP on my Comcast gateway so that I can use the Pi-hole DHCP server for IPv6? I got this error described here No address range available for DHCPv6 request via eth0 when I unchecked "stateful" so it would try to autoconfig and then before I was also getting the dnsmasq warnings - Pi-hole documentation DNS masq warning about "Ignoring query from non-local network" with the DNS server enabled. Or maybe it was the other way around.
Right now if I run ipconfig on my laptop it shows my pi-hole is blocking ipv4 requests just fine and every DNS request is going to the pi-hole's address, but the IPv6 DNS server is still Comcast. On the web admin interface for pi-hole it shows it successfully blocking things like my smart TV from phoning home. But ads aren't really blocked at all. Do I just need to get my own router and put the xfinity gateway in bridge mode, or is there another way to go?
DHCP is strictly IPv4.
DHCPv6 is roughly equivalent for IPv6, but a separate protocol in its own right.
But most commonly, an IPv6 client won't use DHCPv6 to join your network.
Instead, it will use SLAAC/NDP to discover your network's settings and auto-configure itself accordingly.
Your router is advertising its own IPv6 address as DNS server, allowing your clients to by-pass Pi-hole.
You'd have to find a way to configure your router to advertise your Pi-hole host machine's IPv6 as DNS server or to stop advertising its own.
You'd have to consult your router's documentation sources on further details for its IPv6 configuration options.
If your router doesn't support configuring IPv6 DNS, you could consider disabling IPv6 altogether.
If your router doesn't support that either, your clients will always be able to bypass Pi-hole via IPv6.
Thanks for your response. I do believe that the only solution for me would be to purchase a standalone router, as Comcast gateways block the ability to use a DHCP server. With my own router I should be able to set it up fine.
Even if your new router would allow for it:
Shifting DHCP (which -as mentioned- is strictly an IPv4 protocol) from that router to Pi-hole may not address your issue. The router may still advertise its own IPv6 address as local DNS resolver.
You should search for IPv6 DNS management options for your existing router first.
If they are available and support the configurations suggested above, then you would be able to avoid the IPv6 by-pass of your Pi-hole.
If that doesn't work out, you should also scrutinise your aspired future router for its IPv6 DNS configuration support. From the reports we see, quite a few models would lack that support, leaving you no better off than now.
But please let me repeat that your issue isn't about DHCP
Those options could appear under different labels in your router, e.g. SLAAC/NDP/RA/RDNSS.
Also, cascading your routers is unlikely to resolve your issue, as your Comcast will continue to advertise its IPv6 for DNS regardless, until you stop it from doing so.
