New mesh-network and fresh install issue's cliënt's seem to bypass pihole ipv6 problem

Help
1

Expected behaviour:

Recently I upgraded my Linksys Velop mesh-network to TP-Link X60. I also installed a fresh install of pihole on my raspberry pi, hoping everything would have worked like before!

After installation I noticed some different behaviours I will state below. I see myself as a person who likes to thinker with stuff but my technical skills are limited compared to what I see written here by other users. Hopefully someone can enlighten me to what might cause that adblocking via pihole seems to be a bit of a hit and miss.

Actual Behaviour and what I tested

  • Compared to the Linksys Velop and pihole combination, where I would only see pi.hole and localhost listed in the cliëntlist, with the new TP-link router and nodes I see a list of what seems to be all the cliënt's in my network. I consider this a good thing :);
  • I tested to see if a cliënt is using the pihole by nslookup pi.hole this results in
Server:  2001:b88:1002::10 
Address: 2001:b88:1002::10#53 

server can't find pi.hole: NXDOMAIN

(this could be due to ipv4 vs ipv6 see my thoughts below);

  • I noticed that all my Apple cliënt's were using the setting Private Wi-Fi address again, could be because the new network uses WPA2/WPA3 personal and it defaulted back to Private Wi-Fi address; Changing this off again didn't change a thing;
  • I tested Test Ad Block - Toolz with safari add-on blockers (I use for remote work) switched off and nothing seems to be blocked by the pihole.

My thoughts and questions:

  • I noted that all my cliënt's have an ipv4 ip but also an ipv6 ip, might that cause that ipv6 traffic is bypassing the pihole because I haven't added the pihole's ipv6 address to my router settings as DNS secondary?;
  • Would turning off ipv6 DHCP setting be a good way of testing this or am I breaking things that way?

Debug Token:

https://tricorder.pi-hole.net/nKwNgh7W/

2

Very likely, that is the IPv6 of your router.
In that case, it would be advertising its own IPv6 address as DNS server, allowing your clients to by-pass Pi-hole.

You'd have to find a way to configure your router to advertise your Pi-hole host machine's IPv6 as DNS server or to stop advertising its own.

You'd have to consult your router's documentation sources on further details for its IPv6 configuration options.

If your router doesn't support configuring IPv6 DNS, you could consider disabling IPv6 altogether.

If your router doesn't support that either, your clients will always be able to bypass Pi-hole via IPv6.

3

Thanks @Bucking_Horn I kind of felt I would get a reply like that, so as you were typing this I turned the whole ipv6 off and it seems to do the trick! So thanks for verifying that! Makes me feel like I am still a bit in touch with technology ;). My issue is resolved!

For the future I hope TP-Link will alter its source for pi-hole use with their products to include ipv6: How to use Pi-Hole DNS Server on TP-Link routers

I did find a tab called Internet Connection, where I could change DNS for both ipv4 and ipv6 (also the tab where I disabled ipv6), but this seems to be ISP specific. I will ask TP-Link.

edit:
Found a thread on the TP-link community forum:

2021-03-23
Hi, you could disable the IPV6 now to use the pihole.
As for the IPV6 DHCP settings, there is no plan to add this feature yet.
I would report it to the senior engineers for further consideration;

4

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.