IPv6 Client Hostnames and Conditional Forwarding to UniFi

iTim314 · February 10, 2024, 10:31pm

The issue I am facing:
Conditional forwarding is only resolving hostnames for IPv4 clients. I have tried a myriad of solutions found on these forums and Reddit to no avail. From what I understand, Pi-hole IS capable of resolving IPv6 clients using conditional forwarding, but I have yet to find clear documentation or an example of how to configure this. A lot of topics on these forums close with a dead end without a clear solution.

From what I gather, UniFi Network may not be able to respond to IPv6 PTR queries, but I'm curious if anyone has had success with this setup.

Details about my system:
Pi-hole is running in a Docker container using the macvlan driver. It has the local addresses:

10.20.1.5
2600:1234:abcd::5

Upstream DNS is configured to Cloudflare using the GUI checkboxes.

Pi-hole is NOT being used as a DHCP server; my UniFi Dream Machine Pro is my DHCP server.

Conditional forwarding is enabled with the options:

Local network: 10.20.0.0/16
DHCP server: 10.20.1.1
Local domain: my.home

What I have changed since installing Pi-hole:

I've added /etc/dnsmasq.d/90-custom.conf with the following attempts (between each comment), but the result is always the same, that IPv4 clients display a nice, neat hostname, and IPv6 clients only show their IPv6 address.

# New Attempt:
rev-server=2600:1234:abcd::/64,2600:1234:abcd::1
server=/my.home/2600:1234:abcd::1

# New Attempt:
rev-server=2600:1234:abcd::/64,10.20.1.1
server=/my.home/10.20.1.1

# New Attempt:
rev-server=2600:1234:abcd::/64,fe80::9876:b9ff:fe1b:c827
server=/my.home/fe80::9876:b9ff:fe1b:c827

# New Attempt:
server=/0.8.e.f.ip6.arpa/10.20.1.1

# New Attempt:
server=/0.0.6.2.ip6.arpa/10.20.1.1

I've also tried setting my upstream DNS to my DHCP server/router at address 10.20.1.1, and checking AND unchecking the options Never forward non-FQDN A and AAAA queries and/or Never forward reverse lookups for private IP ranges in multiple combinations.

I can see where Pi-hole is querying my DHCP server for the PTR record of f.a.2.0.0.0.0.6.0.0.0.0.0.0.0.0.0.0.0.a.b.c.d.4.3.2.1.1.0.0.6.2.ip6.arpa but the reply is NXDOMAIN, leading me to suspect this may be a UniFi problem.

Bucking_Horn · February 10, 2024, 11:06pm

That's a GUA range IPv6.

There is no need and no use in trying to reverse lookup IPv6 GUA addresses via your router:
As those are public addresses, those will be handled by public authoritative DNS servers (likely those of your ISP), so any recursive public resolver will be able to resolve them.

Of course, given those are public IPs, the names returned will be generic, often reflecting the IPv6 as well as the ISP.

iTim314 · February 11, 2024, 7:09am

I'm not sure I follow. I can certainly see a need to reverse lookup IPv6 GUA addresses. Every device on my network has a GUA IPv6 address.

Bucking_Horn · February 11, 2024, 9:01am

Of course, but as explained, your router isn't authoritative for GUAs - your ISP is.

Please share the output of:

nslookup <some IPv6 GUA> 8.8.8.8

where you substitute <some IPv6 GUA> with an active IPv6 from your network.

iTim314 · February 11, 2024, 5:32pm

Sure. Obviously I've obfuscated the real IPv6 addresses below.

Windows:

>nslookup 2600:1700:face:face::abcd:2af 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

*** one.one.one.one can't find 2600:1700:face:face::abcd:2af: Non-existent domain

macOS:

% dig 2600:1700:face:face::abcd:2af @1.1.1.1

; <<>> DiG 9.10.6 <<>> 2600:1700:face:face::abcd:2af @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 957
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;2600:1700:face:face::abcd:2af.	IN	A

;; AUTHORITY SECTION:
.			86400	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2024021100 1800 900 604800 86400

;; Query time: 30 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun Feb 11 11:28:38 CST 2024
;; MSG SIZE  rcvd: 132

iTim314 · February 11, 2024, 5:42pm

I'll add to my post above that I also tried asking 68.94.156.1, my ISP's DNS.

Bucking_Horn · February 11, 2024, 5:58pm

NXDOMAIN would indicate that your ISP may not have created generic PTR records for its IPv6 address space.

From a cursory search, it would seem AT&T may not do so indeed, see e.g. https://forums.att.com/conversations/att-fiber-account/ipv6-reverse-dns/5df02462bad5f2f60682672b.
You may want to seek clarification from your ISP.

In the meantime, if you can, I'd suggest to operate with LLAs instead, which either your router may know about, or you could create Custom DNS records in Pi-hole for.

system · March 3, 2024, 5:59pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.