The issue I am facing:
I have 2 Pi-Holes running in parallel as DNS servers only, NO DHCP. They both are config for IPv4 and IPv6.
IPv4:
Pi-hole-1 is at 192.168.1.21
Pi-hole-2 is at 192.168.1.22
IPv6:
Pi-hole-1 is at 2601:582:4a80:3250:dea6:32ff:fec3:d9b8
Pi-hole-2 is at 2601:582:4a80:3250:dea6:32ff:fec3:d9b8
I have my router pointing the DNS server to both IPv4 addresses and to 1 IPv6 address.
As you can see, the IPv6 addresses are the same. Is there a way to make them different? I'm guessing this is not playing great within my network. Unless someone knows something, and might be able to explain to me that this shouldn't be an issue.
What I'm trying to accomplish at the end of the day, it's do have a failover DNS server. One is primary and one a secondary.
Details about my system: (Both RPi are exactly the same hardware)
Raspberry Pi 4 Model B
OS: DietPi 6.33.3
Pi-hole 5.1.2
I haven’t considered it. I would like to use IPv4 and IPv6 if possible at all. Seems to be working fine. But not sure if there is problem happening in the background since both devices have the same IPv6 address.
What exactly do you mean? They are connected via Ethernet cable. They both have fix IPv4 address. They are not acting as DHCP server. They are purely DNS resolvers/ad-blockers.
I uploaded a screenshot of both RPi Pi-hole settings.
Raspberry Pi-1:
root@DietPi:~# ip -6 address show eth0 primary scope global
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2601:582:4a80:3250:dea6:32ff:fece:21b7/64 scope global dynamic mngtmpaddr
valid_lft 86376sec preferred_lft 86376sec
Raspberry Pi-2
root@DietPi:~# ip -6 address show eth0 primary scope global
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 2601:582:4a80:3250:dea6:32ff:fec3:d9b8/64 scope global dynamic mngtmpaddr
valid_lft 86280sec preferred_lft 86280sec
The commands have confirmed your RPis to have different public IPv6 addresses, which you could configure in your router.
With IPv6, you should consider a few things before deciding on an address (click for more)
You are currently using EUI64 IPv6 addresses for public traffic, which exposes your devices MAC address to the public in the interface identifier.
Using an RFC 7217 IPv6 address would hide your MAC while still having a stable IPv6 interface identifier. You may control this by editing your /etc/dhcpcd.conf to contain the following line:
slaac private
A stable IPv6 address is still tracable, so you may feel tempted to enable IPv6 Privacy Extensions (RFC 4941) on top of that as well.
However, when considering an IPv6 address for Pi-hole, you should probably avoid using a public address ( 2000::/3 range) altogether: Not only is Pi-hole not meant to be publically available, but with a public IPv6, both your IPv6 prefix and the interface identifier are subject to change (the former by your ISP, the latter by IPv6 Privacy Extensions and the likes), and Pi-hole requires a stable address.
Consider to Use IPv6 ULA addresses for Pi-hole (fd00::/8 range).
If that isn't an option, try using your Pi-hole's link-local IPv6 address ( fe80::/10 range).
You can list all currently assigned IPv6 addresses for your RPi's eth0 interface with the following command:
ip -6 address show eth0
Whichever address you decide for in the end, configure your router accordingly.
This all seem very interesting. I'm still new at networking and all, and all this is for my home network. I tend to go overboard sometimes, but it's a learning experience. Have learnt a lot lately. That being said, is your recommendation then, to maybe just turn off IPv6 and use IPv4 as someone mentioned before?
If you are new to networking in general, it may be prudent to find your ways with IPv4 only first, so switching off IPv6 at your router would spare you to deal with all off the head-aches that come with it.
If you are feeling familiar with the server-controlled way IPv4 manages addresses, you may then decide to enable IPv6 and learn about its client-controlled way of autonomously assigning addresses on device.
If your router allows, it would be helpful to work with link-local and ULA addresses first before allowing it to acquire and advertise a public IPv6 prefix.
That way, you'd have the chance to get to know IPv6 without running the risk of involuntarily exposing your machines to public access.
But it all depends upon your own attitude and willingness to deal with it.
You won't miss out on anything on the Internet if you switch off IPv6.