IPv6 setup with issues when testing IPv6 connectivity

gil80 · March 8, 2021, 10:59am

I setup IPv6 on my router and in Pihole, but I don't seem to understand why I'm getting failed tests and a warning in Pihole debug.

What does this warning mean and how can I resolve it?
ping6: Warning: source address might be selected on device other than eth0.

Router

Pihole:

pi@raspberrypi:~ $ ip -o addr

1: lo    inet 127.0.0.1/8 scope host lo\       valid_lft forever preferred_lft forever
1: lo    inet6 ::1/128 scope host \       valid_lft forever preferred_lft forever
2: eth0    inet 192.168.1.2/24 brd 192.168.1.255 scope global noprefixroute eth0\       valid_lft forever preferred_lft forever
2: eth0    inet6 2403:5800:7300:cb00:6de6:be72:631c:ccdc/64 scope global dynamic mngtmpaddr noprefixroute \       valid_lft 600sec preferred_lft 600sec
2: eth0    inet6 fe80::c5ab:3326:1085:e247/64 scope link \       valid_lft forever preferred_lft forever
4: wg0    inet 10.6.0.1/24 scope global wg0\       valid_lft forever preferred_lft forever

Results:

Debug Token:

https://tricorder.pi-hole.net/z95f8b21fa

Coro · March 8, 2021, 11:32am

Are you sure your Internet service provider (ISP) offers native IPv6 for you at all? Not all ISPs do.

gil80 · March 8, 2021, 11:37am

Yes, I do.
I contacted them to tell them to enable it for my account.
Once enabled and router is also enabled, the router pulls IPv6 address set on Native.

Coro · March 8, 2021, 11:41am

Okay, I was asking because the test page you used did not show an address. And this is entirely unrelated to DNS so Pi-hole will have no influence on it. Are you sure the device on which you ran the test is IPv6-enabled? Does it have a 2403:... address?

gil80 · March 8, 2021, 12:58pm

yes, it's enabled for my laptop PC. This is where I ran it from.

gil80 · March 8, 2021, 1:38pm

In addition, using nslookup seems flakey. Sometimes it works, sometimes it doesn't:

Coro · March 8, 2021, 2:05pm

Ah, but it says it always uses 2403:5800:7300:cb00::1 which is (by a high chance) your router. Not the Pi-hole. So the issue seems to be happening in the router. Do you see all these requests (with being blocked only sometimes) in the Pi-hole Query Log?

Bucking_Horn · March 8, 2021, 2:08pm

Judging by that server IPv6 address from your nslookups, it would seem your router is advertising itself as DNS server for IPv6, and the fact that you are seeing flurry.com blocked at some times and resolved at others would imply you've configured your router's upstream DNS to use Pi-hole and some alternative DNS server(s).

gil80 · March 8, 2021, 10:53pm

I didn't check, but I'll do it and let you know.

gil80 · March 8, 2021, 11:20pm

See my screenshot above. The router is not advertising itself, however, it got me thinking that maybe I should populate the empty fields with the same value.
That value you see in the 1st field was taken when I did 'ip -o addr' on the pihole.

Bucking_Horn · March 8, 2021, 11:43pm

Your screenshot shows that your client's nslookup is using your router's IPv6 address for DNS.
If your router wouldn't be advertising it, you could have configured it manually on that client. Assuming you would have told us about the latter, I consider the former more likely.

As far as your router's settings are concerned, you'd have to consult your router's documentation for their exact meaning.

gil80 · March 9, 2021, 7:07am

I was referring to my screenshot at the beginning.

This is how I set it up now:

PS C:\Users\gil.levy> nslookup flurry.com
Server:  pihole
Address:  192.168.1.2

Name:    flurry.com
Addresses:  ::
          0.0.0.0

PS C:\Users\gil.levy> nslookup doubleclick.com
Server:  pihole
Address:  192.168.1.2

Name:    doubleclick.com
Addresses:  ::
          0.0.0.0

Now it seems to use IPv4, so I'll keep monitoring that.

I did find that when I use nslookup flurry.com on pihole, it shows:

pi@raspberrypi:~ $ nslookup flurry.com
Server:         1.1.1.2
Address:        1.1.1.2#53

Non-authoritative answer:
Name:   flurry.com
Address: 98.136.103.23
Name:   flurry.com
Address: 212.82.100.150
Name:   flurry.com
Address: 74.6.136.150

So I looked at:

pi@raspberrypi:~ $ cat /etc/resolv.conf
# Generated by resolvconf
domain Workgroup
nameserver 1.1.1.2
nameserver 1.0.0.2
nameserver 2403:5800:7300:cb00::1

my questions are:
Does nameserver need to point to pihole's IP (192.168.1.2)? I tried to set it to Pi's IP but after a reboot it reverted back to 1.1.1.2, etc.

Once IPv6 is enabled, seems nameserver is using router's IPv6 address instead of 2403:5800:7300:cb00:6de6:be72:631c:ccdc

Is this expected?

Coro · March 9, 2021, 8:32am

Doesn't need to, but can.

If it is configured like you have, the Raspberry Pi will not use the Pi-hole. This has no other consequences for Pi-hole.

gil80 · March 9, 2021, 9:11am

Thank you.
So lastly, I just want to verify I'm set up correctly.

For /etc/dhcpcd.conf is it set ok? does it need IPv6 as well?

#fallback static_eth0
interface eth0
        static ip_address=192.168.1.2/24
        static routers=192.168.1.1
        static domain_name_servers=1.1.1.2 1.0.0.2

and for /etc/sysctl.conf enable the following:

net.ipv6.conf.all.forwarding=1

Coro · March 9, 2021, 9:29am

No. Typically, you cannot set static IPv6 settings because the prefix will likely be changing every now and then. This would have a great potential of breaking things in totally unexpected ways.

For what? You may need to set this for a VPN which should also route IPv6 but I'd let this disabled as long as you don't have a particular problem you want to solve by intentionally enabling it.

Bucking_Horn · March 9, 2021, 12:41pm

I am aware of that.
It prompted my advice to consult your router's documentation for your settings. Sorry for not making this more obvious.

Yes, it is what any IPv6 capable router should do by default.

However, your router should also offer options to stop it from advertising itself as DNS server for IPv6 via SLAAC/NDP as well as offering itself via Stateful OR Stateless DHCPv6, which is what you should do using Pi-hole.
Not all routers do support that, though - and if they don't, then Pi-hole will be by-passed as long as IPv6 is enabled.

Again, from your router screenshots, one cannot know how those settings relate to Stateful DHCPv6 or Stateless DHCPv6 or SLAAC, or what the enable/disable radio button in that section does, or whether there would be additional options in some other places.
You'd have to consult your router's configuration or support channels to find out.

system · March 30, 2021, 12:42pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.