PiHole pushing other DNS' aside from its own

Austin5456 · February 11, 2022, 2:51am

Expected Behaviour:

PiHole should only be broadcasting its own DNS

Actual Behaviour:

It seems to be grabbing and handing out a DNS from elsewhere

Debug Token:

resolvconf -l

# resolv.conf from eth0.dhcp
# Generated by dhcpcd from eth0.dhcp
nameserver 192.168.1.128

# resolv.conf from eth0.ra
# Generated by dhcpcd from eth0.ra
nameserver 2001:1998:f00:2::1
nameserver 2001:1998:f00:1::1

Everything was working fine until a few months ago where I noticed some of my devices were receiving the 3 DNS' above, I ended up turning IPV6 off on my router but I'd like to re-enable it if possible
Where the heck does eth0.ra come from? I tried updating the file with resolvconf -u but it errored out so I tried sudo service dhcpcd restart but there was no change ( grasping a straws here ) figured it wouldn't work since its grabbing it from that .ra

I realize this isn't strictly a PiHole issue but any help is greatly appreciated

yubiuser · February 11, 2022, 6:13am

[✓] IPv4 address(es) bound to the eth0 interface:
    192.168.1.128/24

*** [ DIAGNOSING ]: Discovering active DHCP servers (takes 10 seconds)
   Scanning all your interfaces for DHCP servers
   Timeout: 10 seconds
   
   * Received 300 bytes from eth0:192.168.1.128
     Offered IP address: 192.168.1.47
     Server IP address: 192.168.1.128
     Relay-agent IP address: N/A
     BOOTP server: (empty)
     BOOTP file: (empty)
     DHCP options:
      Message type: DHCPOFFER (2)
      server-identifier: 192.168.1.128
      lease-time: 604800 ( 7d )
      renewal-time: 302400 ( 3d 12h )
      rebinding-time: 529200 ( 6d 3h )
      netmask: 255.255.255.0
      broadcast: 192.168.1.255
      dns-server: 192.168.1.128
      domain-name: "pi"
      router: 192.168.1.1
      --- end of options ---

    DHCP_ACTIVE=true
    DHCP_START=192.168.1.10
    DHCP_END=192.168.1.254
    DHCP_ROUTER=192.168.1.1
    DHCP_LEASETIME=168
    PIHOLE_DOMAIN=pi
    DHCP_IPv6=false
    DHCP_rapid_commit=false

Pi-hole is offering only itself (192.168.1.128) as DNS server via DHCP.

Austin5456 · February 11, 2022, 6:34am

Hmm if it's not that... then I can't seem to figure out why my devices are getting these extra 2 servers

*** [ DIAGNOSING ]: contents of /etc

-rw-r--r-- 1 root root 24 Jan  7 01:03 /etc/dnsmasq.conf
   conf-dir=/etc/dnsmasq.d

-rw-r--r-- 1 root root 123 Feb 11 01:25 /etc/resolv.conf
   search home
   nameserver 192.168.1.128
   nameserver 2001:1998:f00:2::1
   nameserver 2001:1998:f00:1::1

As soon as I enable IPv6 they queries start going there, the only statically assigned server in my conf file is 192.168.1.128... I'm not really sure where those are coming from ( I traced it back to whatever this is eth0.ra ) but couldn't find a way to discard it

Bucking_Horn · February 11, 2022, 7:01am

Those seem to be Charter/Spectrum DNS servers.

With IPv6, your router may well be advertising its own DNS server(s), often its own IPv6 address, and thus any device may by-pass Pi-hole via IPv6.

You'd have to find a way to configure your router to advertise your Pi-hole host machine's IPv6 as DNS server instead.

You'd have to consult your router's documentation sources on further details for its IPv6 configuration options.

If your router doesn't support configuring IPv6 DNS, you could consider disabling IPv6 altogether.

If your router doesn't support that either, your IPv6 capable clients will bypass Pi-hole via IPv6.

LilRedDog · February 11, 2022, 7:43am

Yep, I agree:

I have AT&T but the gateway is just set up to passthrough. I use OpenWRT on my TP-Link.

But, I was ,randomly, having DNS issues that were going to AT&T. No way to change the IPv6 on it.
Got a pi 2 zero, fresh installed and enabled IPv6 on it using Cloudflare as my DNS on both IPv4 and 6.

They are telling you to get a router and not use your gateway as a router.

And. Two firewalls are better than one.

Austin5456 · February 11, 2022, 3:10pm

Yeah that's what I was trying to fix, I naively thought that if I could remove those resolv and have them not be available to PiHole it just might work ( since the PI is the DHCP ). From what you're saying it sounds like the DHCPv6 is treated as it's own entity and dictates which DNS' to send out regardless of who is configured for the IPv4. My router does have a field to put in an alternate DNS but roughly 3 months ago decide to completely ignore those fields =/

Thanks for the response, it helped clear things up and solidify the fact that I need a new router if I want to use IPv6 with PiHole

Bucking_Horn · February 11, 2022, 6:21pm

Yes, DHCP is strictly IPv4.

With IPv6, clients may use Stateful or Stateless DHCPv6 or SLAAC/NDP to acquire network information like gateways and DNS servers along with their IPv6 addresses. The actual choice may be limited by a client's OS as well as its specific configuration (e.g. Android does not support DHCPv6 at all and uses SLAAC exclusively).

LilRedDog · February 11, 2022, 7:53pm

I think you half got it:

DHCP and DNS are different. IPv4 and IPv6 are different. IPv6 does not dictate which DNS to use; gateways, routers and pi-holes do, in that order. (Well, you can configure most individual devices manually, but I had issues with IPv6 configured manually)
If your gateway is also your router then your provider can do whatever it wants to whatever it can.

If you can figure out how to get the router to forward IPv6 DNS requests to the pi-hole's IPv6 address your network will use the DNS you chose in the pi-hole/settings/DNS; the router should be set to the pi-hole's IPv6 address.

This is how I did it but firmware varies:

Edit
lleachii had the solution in that thread.

system · March 4, 2022, 7:54pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.