IPv6 blocking not working - radvd RDNSS announcements wrong?

stefan · July 12, 2018, 4:57pm

I read some topics here about Pi-hole not blocking IPv6 resolution of blocked domains - because the router advertises himself (or provider DNS servers in my case) and every client in the network uses those to resolve and not the Pi-hole one.

Sadly in my router (Technicolor from cablesurf) there's no option to turn off / configure those DNS servers - I feel like I'm not the admin of my own network...

So I thought: I additionally can announce my (Pi-hole) RDNS with higher priority, and then the clients use this DNS first.
So I deployed radvd (1:2.15-2) with this config on the Pi-hole:

interface eth0
{
    AdvSendAdvert on;
    AdvOtherConfigFlag on;
    AdvDefaultPreference high;

    RDNSS [IPv6 of Pi-hole]
    {
    };
};

With radvddump I can see both router announcements on my network:

#
# radvd configuration generated by radvdump 2.15
# based on Router Advertisement from fe80::c42:fba:d254:4207
# received by interface eth0
#

interface eth0
{
		  AdvSendAdvert on;
		  # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
		  AdvManagedFlag off;
		  AdvOtherConfigFlag on;
		  AdvReachableTime 0;
		  AdvRetransTimer 0;
		  AdvCurHopLimit 64;
		  AdvDefaultLifetime 1800;
		  AdvHomeAgentFlag off;
		  AdvDefaultPreference high;
		  AdvSourceLLAddress on;

		  RDNSS [IPv6 of Pi-hole]
		  {
					 AdvRDNSSLifetime 600;
		  }; # End of RDNSS definition

}; # End of interface definition
#
# radvd configuration generated by radvdump 2.15
# based on Router Advertisement from fe80::725a:9eff:fe3d:4bb1
# received by interface eth0
#

interface eth0
{
		  AdvSendAdvert on;
		  # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
		  AdvManagedFlag on;
		  AdvOtherConfigFlag on;
		  AdvReachableTime 0;
		  AdvRetransTimer 0;
		  AdvCurHopLimit 64;
		  AdvDefaultLifetime 1800;
		  AdvHomeAgentFlag off;
		  AdvDefaultPreference medium;
		  AdvSourceLLAddress on;

		  prefix 2001:4c50:[redacted]/64
		  {
					 AdvValidLifetime 27000;
					 AdvPreferredLifetime 25200;
					 AdvOnLink on;
					 AdvAutonomous on;
					 AdvRouterAddr off;
		  }; # End of prefix definition


		  route 2001:4c50:[redacted]/56
		  {
					 AdvRoutePreference medium;
					 AdvRouteLifetime 27000;
		  }; # End of route definition


		  RDNSS 2001:4c50:6:4000::12 2001:4c50:6:4000::16
		  {
					 AdvRDNSSLifetime 60;
		  }; # End of RDNSS definition


		  DNSSL cm.cablesurf.de
		  {
					 AdvDNSSLLifetime 60;
		  }; # End of DNSSL definition

}; # End of interface definition

But even after disabling and re-enabling my network interface, this DNS server doesn't show up in my Windows 10 machines:

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : local
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Default Gateway . . . . . . . . . : fe80::[redacted]
                                       192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.5
   DNS Servers . . . . . . . . . . . : 2001:4c50:6:4000::12
                                       2001:4c50:6:4000::16
                                       192.168.0.5
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       cm.cablesurf.de

Is this way not possible or did I do something wrong?

stefan · July 12, 2018, 5:29pm

Hmm found this article telling that with DHCPv6 Windows doesn't take the RA RDNSS values. I don't know what my router does exactly...

Mcat12 · July 15, 2018, 5:02pm

If there's no way to get the higher priority to stick, then you will have to manually set the Pi-hole as the IPv6 DNS server.

system · August 5, 2018, 5:02pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.