IPv6 is not blocked


#1

Hi

I have a Linksys WRT3200 router. This router is “calling home” very often. I blocked that domain.
The IPv4 gets blocked and the IPv6 not. I can’t add the IPv6 one to the blacklist.


Any idea?


#2

Did you configure Pi-hole to use IPv6?

We can check with a pihole -d and post the token for the logs.

Thanks!


#3

Hi
Token: 24ki0tcpmr
I don’t think I made a IPv6 config.


#4

Looks like you have IPv6 clients on the network and they are resolving the IPv6 AAAA records. Try doing a pihole -r Reconfigure and select both IPv4 and IPv6 blocking. Your Pi-hole does have an IPv6 address but it’s not configured to block IPv6 traffic.


#5

I reconfigured my Pi-hole to block IPv6. But still the same behavior. Any other idea?


#6

Can you get the output from cat /etc/pihole/gravity.list | head -n 10 and we’ll see if the blocker has IPv6 set up. We’re looking for both the IPv4 and IPv6 address to be listed for each domain if you don’t want to post up the addresses.


#7
pi@raspberrypi:~ $ cat /etc/pihole/gravity.list | head -n 10
192.168.0.3 !@@||1stwrites.com
192.168.0.3 !@@||adscale.de^$object-subrequest,domain=myspass.de
192.168.0.3 !@@||adscendmedia.com
192.168.0.3 !@@||adverts.cdn.tvcatchup.com
192.168.0.3 !@@||anywriters.com
192.168.0.3 !@@||flashtalking.com^$object-subrequest,domain=myspass.de
192.168.0.3 !@@||movad.net^$object-subrequest,domain=myspass.de
192.168.0.3 !@@||nuggad.net^$object-subrequest,domain=myspass.de
192.168.0.3 !@@||wired.com^$script
192.168.0.3 !@@||writeracademy.com

#8

Alright, two things on this, the first is that that list still doesn’t have the IPv6 address for blocking, but more importantly it has added domains that can’t be parsed by dnsmasq.

The first can be solved, but a pihole -d with the token would let us see the configs a bit better.

The second, I’ll point you to How do I add additional block lists to Pi-hole? for instructions on how to add other lists and parse them for the Pi-hole.

But post the token from the debug process and we’ll see about solving the IPv6 issue.


#9

Token: 9u8qwvsxgn

I will investigate the parsing problem further. Thanks.


#10

Thanks, it still looks like the IPv6 wasn’t copied over during the ‘reconfigure’ process, /etc/pihole/setupVars.conf is showing a blank entry for where the IPv6 address should be. You can either edit that file by hand, adding in the IPv6 address for your Pi-hole and then run pihole -g to reparse and add the address, or try running the reconfigure again, and make sure that it give you the option for IPv6 blocking, and that its starred, and that it shows an IPv6 address in the next screen to confirm that it’s doing full blocking on both protocols.


#11

I reconfigured the Pi-hole again. Please found following the pictures from re-configuring:


I have no idea what’s the IPv6 address of my Pi-Hole :frowning:


#12

On the Pi-hole device, can you run

ping 8.8.8.8 

and

ping6 2001:4860:4860::8888

And we’ll check the results. The installer isn’t automatically figuring out what your IPv6 address is.


#13
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=9.67 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=58 time=30.5 ms

connect: Network is unreachable


#14

That would explain why the installer is failing to detect the address. I see you have what’s called a Unique Local Address for the IPv6 address, but that should still be found.

On a client machine, are you able to get a score on http://ipv6-test.com/ ?


#15

For sure, I haven’t a public IPv6 yet.


#16

Okay, then you have a device on the network that is trying to get IPv6 DNS records, called AAAA records, but doesn’t know that it will never reach the address. For now those hits in the panel can safely be disregarded, but I’ll ask @DL6ER if he has any thoughts on how to resolve showing those, or if it’s at all possible.


#17

From the target address, I would think it may be the router that is doing the queries. Is it a Belkin router?

Edit: I see it’s a Linksys, so it probably is the source of the lookups…


#18

Yes it’s a Linksys router, my target was to stop the router from “calling home”.
In this case, it means that this queries not going to belkin?


#19

I seem to have the same kind of issue. My Laptop (W10, Intel 8260) is still showing ads and it doesn’t go through the Pi-Hole DNS server. I don’t have a IPv6 WAN address. My Router is a Netgear R7800 running LEDE.


#20

This thread is a bit old, but please check if this solves your issue: