Pihole flooding network with RA's

gr33n · February 12, 2019, 4:26pm

Hi,

since last update i noticed on my smokepings that i have higer pings and a litle packetloose.
1st i thought itsmy internet but it seems its the new pihole update flooding my network with ras.

ive also lost the ipv6 gateway from time to time.

when i do

tcpdump -vvvv -ttt -i eth0 icmp6 and 'ip6[40] = 134' on a linux client i get 100 of packets per second constantly.

 00:00:00.001975 IP6 (class 0xc0, flowlabel 0xebe11, hlim 255, next-header ICMPv6 (58) payload length: 112) rpi2 > ip6-allnodes: [icmp6 sum ok] ICMP6, router advertisement, length 112
        hop limit 64, Flags [other stateful], pref medium, router lifetime 0s, reachable time 0s, retrans time 0s
          prefix info option (3), length 32 (4): 2a02:XXXX::/64, Flags [onlink, auto], valid time 3600s, pref. time 3600s
            0x0000:  40c0 0000 0e10 0000 0e10 0000 0000 2a02
            0x0010:  0908 2522 d8e0 0000 0000 0000 0000
          mtu option (5), length 8 (1):  1500
            0x0000:  0000 0000 05dc
          source link-address option (1), length 8 (1): b8:27:xx:xx:xx:xx
            0x0000:  b827 ebaf 7c56
          dnssl option (31), length 24 (3):  lifetime 3600s, domain(s): home.lan.
            0x0000:  0000 0000 0e10 0468 6f6d 6503 6c61 6e00
            0x0010:  0000 0000 0000
          rdnss option (25), length 24 (3):  lifetime 3600s, addr: rpi2
            0x0000:  0000 0000 0e10 fe80 0000 0000 0000 ba27
            0x0010:  ebff feaf 7c56

the pihole.logs shows

dnsmasq-dhcp[20577]: RTR-ADVERT(eth0) 2a02:XXX:XXX

329 in 1 second

any1 can confirm this ?

ive stopped it now by disabling

#dhcp-range=2a02:XXX::,ra-stateless,ra-names

disabling the option enable-ra didnt worked.

Changing the ra-param to like 60seconds also dont help it still spams

The defualt config from pi.hole works

#quiet-dhcp6
#enable-ra
dhcp-option=option6:dns-server,[::]
dhcp-range=::100,::1ff,constructor:eth0,ra-names,slaac,24h
ra-param=*,0,0

no flodding but mine floods the whole network

#dhcp-range=2a02:XXX:XXX:XXX::,ra-stateless,ra-names

gr33n · February 14, 2019, 11:24am

wow dev's not interested that there modified dnsmasq ddosing the network when ra-stateless is used since last update ?

Mcat12 · February 16, 2019, 2:06am

If the default config works, why modify it?

That config line was not generated by Pi-hole, and does not appear in any of our code or configs.

In any case, you would have the same problem with dnsmasq, because all of the relevant code is in dnsmasq and not Pi-hole. If you can replicate this problem, report it on the dnsmasq mailing list.

As explained above, this is not a Pi-hole issue. Please watch your tone. We provide free support out of our spare time. Please remember the rules: https://discourse.pi-hole.net/faq#civilized

DanSchaper · February 16, 2019, 2:21am

Vielleicht sollten Sie besser in unserer deutschsprachigen Kategorie bedient werden?

gr33n · February 16, 2019, 1:27pm

because i want stateless and not statefull
and i modified that line a long time ago and it worked for like 1 Year an a half

exaclty it was my config for dnsmasq which is an official one for a stateless configuration sending O and A Flag.
he is not even respecting the ra-params for a 60 seconds delay, he just start to spam like crazy the whole network with Ras as soon as stateless is used.

U've wrote on your blogs that u are not using the official dnsmasq anymore instead u use an own fork to better serve your needs for pihole.
my assumption was the problem is with one of the modifications u did with the last update.
And since im using pihole with a dnsmasq fork and not dnsmasq official i think you guys are the right persons to talk about this.

Sry to say but it is and sry about my tone but thats a rly critical issue breaking the network.
and i couldn understand that it was ignored for that long.

gr33n · February 16, 2019, 1:30pm

2-2115-2

here is an image of my smokeping which shows paketloss at the time i updated the pihole.
after turning ra-stateless off it went away.

gr33n · February 16, 2019, 1:31pm

woher weist du den das ich deutscher bin, hat mich mein denglish verraten ?

DanSchaper · February 16, 2019, 4:27pm

Es war eine fundierte Vermutung, aber es sieht so aus, als hätte ich die richtige Sprache.

jfb · February 16, 2019, 7:14pm

The modifications made to dnsmasq in Pi-Hole are described here (DNS resolver - Pi-hole documentation). Which version of Pi-Hole are you running ( pihole -v ). Version 4.2 contains dnsmasq 2.80, earlier versions had earlier versions of dnsmasq.

gr33n · February 21, 2019, 12:25pm

Just updated to the latest 4.2.2 .. problem persists with ra-stateless

DanSchaper · February 21, 2019, 12:32pm

And still unable to duplicate to begin troubleshooting.

DanSchaper · February 21, 2019, 12:34pm

Have you sniffed the segment to see if there is a client throwing solicitations?

system · March 14, 2019, 12:35pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.