How make my FritzBox and my pi-hole play nicely together with IPv6

Help Community Help
1

The issue I am facing:
I am trying to use the pi-hole as a DNS and DHCP server for both, IPv4 and IPv6. It seems to be working fine for IPv4, but not IPv6:

*** [ DIAGNOSING ]: Networking
[i] Default IPv4 gateway(s):
     192.168.178.1%eth0
   * Pinging first gateway 192.168.178.1...
[✓] Gateway responded.
[i] Default IPv6 gateway(s):
     lo%ra
     fe80::3ea6:2fff:fe9a:35b0%eth0
   * Pinging first gateway lo...
ping6: lo: Name or service not known
[✗] Gateway did not respond. (https://discourse.pi-hole.net/t/why-is-a-default-gateway-important-for-pi-hole/3546)

[...]

*** [ DIAGNOSING ]: Name resolution (IPv4) using a random blocked domain and a known ad-serving domain
[✓] fiwubeu.com is NOERROR on lo (127.0.0.1)
[✓] fiwubeu.com is NOERROR on eth0 (192.168.178.40)
[✓] doubleclick.com is 142.250.185.206 via a remote, public DNS server (8.8.8.8)

*** [ DIAGNOSING ]: Name resolution (IPv6) using a random blocked domain and a known ad-serving domain
[✓] www.cdn.getrenew.life is NOERROR on lo (::1)
[✓] www.cdn.getrenew.life is NOERROR on eth0 (fd81:ef44:2869:0:dea6:32ff:fefd:bf54)
[✓] www.cdn.getrenew.life is NOERROR on eth0 (2003:de:170e:2600:dea6:32ff:fefd:bf54)
[✓] www.cdn.getrenew.life is NOERROR on eth0 (fe80::dea6:32ff:fefd:bf54%eth0)
[✗] Failed to resolve doubleclick.com via a remote, public DNS server (2001:4860:4860::8888)

Also, I get

no address range available for DHCPv6 request via eth0

which I understand comes from having no upstream IPv6 connectivity? Which is strange, because I believe I should have upstream IPv6 connectivity (https://test-ipv6.com/ works fine if using the DNS resolver provided by my ISP).

I'm sure I misconfigured something here. Probably on my router, possibly also on the pi-hole.

Details about my system:

  • pi-hole is running on a RasPi with dietpi
    • Its upstream DNS servers are configured to be unbound (for everything) and OpenDNS only for IPv6 ("Custom DNS servers" are 127.0.0.1#5335, 2620:119:35::35, and 2620:119:53::53)
    • DHCP Server is enabled and "Enable additional IPv6 support (SLAAC + RA)" is checked.
  • My router is a FritzBox 7530
    • Both the preferred and the alternative DNSv4 servers are configured to my dietpi's IP(v4)
    • The preferred DNSv6 server is configured to my dietpi's IP(v6). At the moment to the global one, but I also tried the local link one, without it making any difference
    • Alternative DNSv6 server is empty ("::")
    • DHCP server is deactivated in the IPv4 settings
    • Settings in the IPv6 section are:
      • Router advertisement in LAN is active
      • assign ULAs is checked
      • "allow IPv6 prefixes made known by other IPv6 routers" is checked
      • "This FritzBox provides the standard internet access" is checked
      • Local DNSv6 Server to be advertised is set to my dietpi's IPv6 (again, the global one)
      • "Deactivate DHCPv6 server on the Fritzbox" is checked, together with "activate the 'M' and the 'O' flag in router advertisement messages"

What I have changed since installing Pi-hole:
Can't think of anything significant, except trying to set it up as DHCP server on top of DNS. I'll go with "nothing", expecting to regret it later :smiley:

I don't know how obvious it is to the network expert reader that I am not a network expert, but I'm guessing: pretty obvious. I have been a software developer for the past 17 years, and I am now trying to broaden my knowledge in the networking domain. I am hoping that there are obvious misconfigurations I made here. I also kind of hope that someone with the same Fritzbox reads this and can just give and explain to me the correct configuration :smiley:

Looking forward to learning, thanks in advance!

2

Pi-hole offers a DHCP server as a last resort measure, when a router would not support to configure DNS at all.

Enabling Pi-hole's DHCP server would then cover IPv4, handing out its own IPv4 as DNS server to DHCP clients, as most client OSs default to request an IPv4 via DHCP.

That's not the case for IPv6:
Most OSs would autonomously create their IPv6 addresses from the network information as advertised by a router, rather than requesting an IPv6 address through a DHCPv6 server.
In other words: Your router will remain responsible for advertising your network details.

Enabling Pi-hole's IPv6 support just would add RDNSS router advertisements for its own IPv6 to your network.
About the only time this would be useful is if an IPv6-capable router would not support propagating any IPv6 DNS server at all, or only supports to disable propagation of its pre-configured IPv6 DNS servers.

But Fritzbox routers do support a wealth of DNS configuration options, including DHCPv6 and NDP/RA/RDNSS (though I'd personally prefer to not propagate any IPv6 DNS server addresses at all, see e.g. Unresolved ipv6 adress in my top list - #4 by Bucking_Horn).

Is there a specific reason why you want to use Pi-hole's DHCP server?

1 Like
3

Firstly, thanks for all the information given "en passant" in your reply, I appreciate that!

Is there a specific reason why you want to use Pi-hole's DHCP server?

At first it was because all requests appeared to be coming from my router in the query logs, and I read that having the pi-hole be the DHCP server was a way to fix that. But then, while configuring, I realized that I have huge knowledge gaps concerning DHCP, DNS, and networking in general. So my developer attitude of "If it can work in general, I can make it work, I just don't know enough yet" kicked in and now I want to use it as an opportunity for learning.

For the time being, I just disabled IPv6 in my network completely (which also prevents me from leaking my IPv6 when behind a VPN, I believe), and I'm completely fine with that solution, everything works in general.

What's bugging me is just personal pride I guess. :sweat_smile: I couldn't make it work after, like, 8 hours of fiddling, and I want to know what I did wrong.