Pihole flooding network with RA's


#1

Hi,

since last update i noticed on my smokepings that i have higer pings and a litle packetloose.
1st i thought itsmy internet but it seems its the new pihole update flooding my network with ras.

ive also lost the ipv6 gateway from time to time.

when i do

tcpdump -vvvv -ttt -i eth0 icmp6 and ‘ip6[40] = 134’ on a linux client i get 100 of packets per second constantly.

Blockquote
00:00:00.001975 IP6 (class 0xc0, flowlabel 0xebe11, hlim 255, next-header ICMPv6 (58) payload length: 112) rpi2 > ip6-allnodes: [icmp6 sum ok] ICMP6, router advertisement, length 112
hop limit 64, Flags [other stateful], pref medium, router lifetime 0s, reachable time 0s, retrans time 0s
prefix info option (3), length 32 (4): 2a02:XXXX::/64, Flags [onlink, auto], valid time 3600s, pref. time 3600s
0x0000: 40c0 0000 0e10 0000 0e10 0000 0000 2a02
0x0010: 0908 2522 d8e0 0000 0000 0000 0000
mtu option (5), length 8 (1): 1500
0x0000: 0000 0000 05dc
source link-address option (1), length 8 (1): b8:27:xx:xx:xx:xx
0x0000: b827 ebaf 7c56
dnssl option (31), length 24 (3): lifetime 3600s, domain(s): home.lan.
0x0000: 0000 0000 0e10 0468 6f6d 6503 6c61 6e00
0x0010: 0000 0000 0000
rdnss option (25), length 24 (3): lifetime 3600s, addr: rpi2
0x0000: 0000 0000 0e10 fe80 0000 0000 0000 ba27
0x0010: ebff feaf 7c56

the pihole.logs shows

Blockquote
dnsmasq-dhcp[20577]: RTR-ADVERT(eth0) 2a02:XXX:XXX

329 in 1 second

any1 can confirm this ?

ive stopped it now by disabling

#dhcp-range=2a02:XXX::,ra-stateless,ra-names

disabling the option enable-ra didnt worked.

Changing the ra-param to like 60seconds also dont help it still spams

The defualt config from pi.hole works

Blockquote
#quiet-dhcp6
#enable-ra
dhcp-option=option6:dns-server,[::]
dhcp-range=::100,::1ff,constructor:eth0,ra-names,slaac,24h
ra-param=*,0,0

no flodding but mine floods the whole network

Blockquote
#dhcp-range=2a02:XXX:XXX:XXX::,ra-stateless,ra-names


#2

wow dev’s not interested that there modified dnsmasq ddosing the network when ra-stateless is used since last update ?


#4

If the default config works, why modify it?

That config line was not generated by Pi-hole, and does not appear in any of our code or configs.

In any case, you would have the same problem with dnsmasq, because all of the relevant code is in dnsmasq and not Pi-hole. If you can replicate this problem, report it on the dnsmasq mailing list.

As explained above, this is not a Pi-hole issue. Please watch your tone. We provide free support out of our spare time. Please remember the rules: https://discourse.pi-hole.net/faq#civilized


#5

Vielleicht sollten Sie besser in unserer deutschsprachigen Kategorie bedient werden?


#6

because i want stateless and not statefull :wink:
and i modified that line a long time ago and it worked for like 1 Year an a half

exaclty it was my config for dnsmasq which is an official one for a stateless configuration sending O and A Flag.
he is not even respecting the ra-params for a 60 seconds delay, he just start to spam like crazy the whole network with Ras as soon as stateless is used.

U’ve wrote on your blogs that u are not using the official dnsmasq anymore instead u use an own fork to better serve your needs for pihole.
my assumption was the problem is with one of the modifications u did with the last update.
And since im using pihole with a dnsmasq fork and not dnsmasq official i think you guys are the right persons to talk about this.

Sry to say but it is and sry about my tone but thats a rly critical issue breaking the network.
and i couldn understand that it was ignored for that long.


#7

2-2115-2

here is an image of my smokeping which shows paketloss at the time i updated the pihole.
after turning ra-stateless off it went away.


#8

woher weist du den das ich deutscher bin, hat mich mein denglish verraten ? :wink:


#9

Es war eine fundierte Vermutung, aber es sieht so aus, als hätte ich die richtige Sprache.


#10

The modifications made to dnsmasq in Pi-Hole are described here (https://docs.pi-hole.net/ftldns/dns-resolver/). Which version of Pi-Hole are you running (pihole -v ). Version 4.2 contains dnsmasq 2.80, earlier versions had earlier versions of dnsmasq.