IPv6 AAAA DNS Issue

Packeteer · June 26, 2017, 12:48pm

Hi, first time post from a complete PiHole newbie... Installed yesterday on an old Pi but finding ads still getting through. I have a an IP4/IPv6 home network on which the bulk of my web traffic leaves to my ISP [BT] on IPv6.

Expected Behaviour:**

I was expecting all DNS requests to known adware domains whether IPv4 or v6 [so both A & AAAA requests] would be intercepted & blocked.

Actual Behaviour:

I see that AAAA requests made from an IPv4 source are reported in the Query Log as 'OK (forwarded)' rather than 'Pi-holed (blacklist)' . The same adware domain is shown as piholed with IPv4.

Debug Token:

2068f8fsgx

I have taken a Wireshark of a Windows PC nslookup to googleads.g.doubleclick.net. Upstream DNS is set in Pihole to Google (both IPv4 & IPv6).
What I see is (in packet sequence order):

PC IPv4 -> Pihole IPv4 DNS A query
Pihole IPv4 -> PC IPv4 DNS response [IP given for the above googleads being the IPv4 of the pihole, so ad would be blocked)
PC IPv4 -> Pihole IPv4 DNS AAAA query
Pihole IPv6 -> Google IPv6 DNS AAAA query
Pihole IPv4 -> Google IPv4 DNS AAAA query
Google IPv6 -> Pihole IPv6 AAAA query response
Google IPv4 -> Pihole IPv4 AAAA query response
Pihole IPv4 -> PC IPv4 AAAA query response

So clearly the AAAA queries & responses are getting through...

I have created the following: setting analyze_AAAA=yes in /etc/pihole/pihole-FTL.conf but it seems to have no effect on what I am seeing.

Appreciate any assistance anyone can offer!
Thanks,
Chris

Mcat12 · June 26, 2017, 1:08pm

Does your device's IPv6 address match 2a00:1450:4009:80e::2002?

Packeteer · June 26, 2017, 1:21pm

No, that looks to be the IPv6 of the googleads page

C:\Users\Chris>nslookup googleads.g.doubleclick.net 192.168.1.2
Server: raspberrypi
Address: 192.168.1.2

Name: pagead46.l.doubleclick.net
Addresses: 2a00:1450:4009:80d::2002
192.168.1.2
Aliases: googleads.g.doubleclick.net

Mcat12 · June 26, 2017, 1:23pm

What is the output of head /etc/pihole/gravity.list and head /etc/pihole/black.list

Packeteer · June 26, 2017, 1:33pm

pi@raspberrypi:~ $ head /etc/pihole/gravity.list

192.168.1.2 0.0.0.0
2a00:23c4:49a4:8301:794d:5d06:1669:b46c/64 0.0.0.0
192.168.1.2 0000mps.webpreview.dsl.net
2a00:23c4:49a4:8301:794d:5d06:1669:b46c/64 0000mps.webpreview.dsl.net
192.168.1.2 0001.2waky.com
2a00:23c4:49a4:8301:794d:5d06:1669:b46c/64 0001.2waky.com
192.168.1.2 000143owaweboutlookappweb.myfreesites.net
2a00:23c4:49a4:8301:794d:5d06:1669:b46c/64 000143owaweboutlookappweb.myfreesites.net
192.168.1.2 000dom.revenuedirect.com

pi@raspberrypi:~ $ head /etc/pihole/black.list
pi@raspberrypi:~ $

[possibly there was googleads in the blacklist when I sent the debug]

Mcat12 · June 26, 2017, 1:45pm

Remove the /64 from your IPv6 address in /etc/pihole/setupVars.conf and run pihole -g. It looks like there may be a bug in how we generate gravity.list.

Mcat12 · June 26, 2017, 1:53pm

github.com/pi-hole/pi-hole

Fix gravity generation when IPv6 CIDR is present

pi-hole:development ← pi-hole:fix/ipv6-cidr

opened 01:52PM - 26 Jun 17 UTC

AzureMarker

+2 -2

**By submitting this pull request, I confirm the following (please check boxes, …eg [X]) _Failure to fill the template will close your PR_:** ***Please submit all pull requests against the `development` branch. Failure to do so will delay or deny your request*** - [x] I have read and understood the [contributors guide](https://github.com/pi-hole/pi-hole/blob/master/CONTRIBUTING.md). - [x] I have checked that [another pull request](https://github.com/pi-hole/pi-hole/pulls) for this purpose does not exist. - [x] I have considered, and confirmed that this submission will be valuable to others. - [x] I accept that this submission may not be used, and the pull request closed at the will of the maintainer. - [x] I give this submission freely, and claim no ownership to its content. **How familiar are you with the codebase?:** 10 --- Fixes Discourse issue: https://discourse.pi-hole.net/t/ipv6-aaaa-dns-issue/3830 Since IPv6 CIDR is not needed anyways, we can also look into removing it in the installer. _This template was created based on the work of [`udemy-dl`](https://github.com/nishad/udemy-dl/blob/master/LICENSE)._

Packeteer · June 26, 2017, 1:53pm

Yes! That seems to have done the trick, the nslookup now returns only IPv4 & IPv6 of the pihole.

Thanks for your help, will resume testing.

Chris

Happy · June 26, 2017, 3:22pm

Can I run pihole -up to fix the problem?

Mcat12 · June 26, 2017, 3:25pm

The fix has not been released yet. You will need to follow my previous instructions.

Happy · June 27, 2017, 3:00am

But I have /128, do I need to remove that? My public IP starts from 2406

Mcat12 · June 27, 2017, 3:23am

Yes, any suffix of the form /*. Sorry if that wasn't clear.

PromoFaux · April 30, 2018, 12:03pm

A post was split to a new topic: FTLDNS AAAA Queries not blocked