General Info
- Pi-hole OS: Raspbian v5.15.84-v8
- Hardware: Raspberry Pi 3
- Pi-hole version is v5.15.1 (Latest: v5.15.1)
- AdminLTE version is v5.18.2 (Latest: v5.18.2)
- FTL version is v5.20.1 (Latest: v5.20.1)
- fddd::12 is the IPv6 of the Pi-hole which is running FTL
- fddd::1 is the IPv6 of another server which is running dnsmasq
Expected Behaviour:
Running dig -6 @fddd:12 google.com aaaa
should return an IPv6 answer section, like for example:
; <<>> DiG 9.16.33 <<>> -6 @fddd::12 google.com aaaa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10677
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com. IN AAAA
;; ANSWER SECTION:
google.com. 258 IN AAAA 2607:f8b0:4009:81b::200e
;; Query time: 30 msec
;; SERVER: fddd::12#53(fddd::12)
;; WHEN: Mon Jan 23 08:23:45 EST 2023
;; MSG SIZE rcvd: 67
Actual Behaviour:
Running dig -6 @fddd:12 google.com aaaa
returns a "no servers reached error":
user@Host ~ % dig -6 @fddd::12 google.com aaaa
; <<>> DiG 9.16.33 <<>> -6 @fddd::12 google.com aaaa
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Additional Info:
I know that I can reach the pi-hole because I can ping it and ssh info it using IPv6:
Ping Test
user@Host ~ % ping -6 fddd::12 -c 2
PING fddd::12(fddd::12) 56 data bytes
64 bytes from fddd::12: icmp_seq=1 ttl=64 time=26.9 ms
64 bytes from fddd::12: icmp_seq=2 ttl=64 time=28.8 ms
--- fddd::12 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 26.906/27.868/28.830/0.962 ms
SSH Test:
user@Host ~ % ssh user@fddd::12
Linux raspberrypi 5.15.84-v8+ #1613 SMP PREEMPT Thu Jan 5 12:03:08 GMT 2023 aarch64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Jan 23 13:34:13 2023 from 192.168.3.11
Wi-Fi is currently blocked by rfkill.
Use raspi-config to set the country before use.
user@raspberrypi:~ $
I also know that I can succesfully query another dns server using only IPv6:
Alternate Server Test:
user@Host ~ % dig -6 @fddd::1 google.com aaaa
; <<>> DiG 9.16.33 <<>> -6 @fddd::1 google.com aaaa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30005
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com. IN AAAA
;; ANSWER SECTION:
google.com. 132 IN AAAA 2607:f8b0:4009:814::200e
;; Query time: 40 msec
;; SERVER: fddd::1#53(fddd::1)
;; WHEN: Mon Jan 23 08:40:51 EST 2023
;; MSG SIZE rcvd: 67
I can also see that running dig locally on the Pi-hole gives results:
Local Test
user@raspberrypi:~ $ dig -6 @::1 google.com aaaa
; <<>> DiG 9.16.33-Debian <<>> -6 @::1 google.com aaaa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55471
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN AAAA
;; ANSWER SECTION:
google.com. 300 IN AAAA 2607:f8b0:4009:81a::200e
;; Query time: 43 msec
;; SERVER: ::1#53(::1)
;; WHEN: Mon Jan 23 13:50:59 GMT 2023
;; MSG SIZE rcvd: 67
I can see that FTL is listening on port 53 for all foreign addresses and all local addresses:
Netstat Result
user@raspberrypi:~ $ sudo netstat -tulpn | grep :53
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 686/pihole-FTL
tcp6 0 0 :::53 :::* LISTEN 686/pihole-FTL
udp 0 0 0.0.0.0:5353 0.0.0.0:* 380/avahi-daemon: r
udp 0 0 0.0.0.0:53 0.0.0.0:* 686/pihole-FTL
udp6 0 0 :::5353 :::* 380/avahi-daemon: r
udp6 0 0 :::53 :::* 686/pihole-FTL
I'm sure that it isn't a firewall issue for two reasons:
- I've set both devices into the same firewall zone and allowed unconditional forwardings between all devices in that same zone
- I can nmap to see that the port is open:
Nmap Test
user@Host ~ % nmap -6 -p 53 fddd::12
Starting Nmap 7.92 ( https://nmap.org ) at 2023-01-23 08:59 EST
Nmap scan report for pi.hole (fddd::12)
Host is up (0.0072s latency).
PORT STATE SERVICE
53/tcp open domain
Nmap done: 1 IP address (1 host up) scanned in 6.57 seconds
Debug Token:
https://tricorder.pi-hole.net/GCzncuOy/
Request
Can anyone help me with figuring out what is going wrong? This is a vanilla Pi-hole install and I've tested everything I could think of, as shown by the tests given above. I'm hoping it's just a config setting that I'm over looking or am unaware of.