Use IPv6 for upstream DNS servers

Skittels · January 13, 2017, 6:06pm

Currently all requests use IPv4, it would be nice to use IPv6 for the DNS servers that support it and use IPv4 only as a fallback.

Mcat12 · January 13, 2017, 9:20pm

We currently support IPv6. Simply enable it during install or reconfigure your current install by running pihole -r.

Edit: Do you mean using the IPv6 address of the upstream DNS server?
Edit2: Ok, just read IPv6 upstream. Sounds like this is in the works.

Skittels · January 14, 2017, 5:34am

Yes, that is exactly what i meant.

I already know the thread, i even posted in it, i know that it works. I meant that IPv6 is used by Pi-hole as the standard protocol for DNS querys.

Mcat12 · January 14, 2017, 3:51pm

In the next release you'll be able to add custom IPv6 DNS servers via the web interface, among other things:

github.com/pi-hole/AdminLTE

Allow multiple upstream DNS servers (incl. IPv6)

pi-hole:devel ← pi-hole:tweak/IPv6UpstreamDNS

opened 12:49PM - 13 Jan 17 UTC

DL6ER

+122 -90

**By submitting this pull request, I confirm the following (please check boxes, …eg [X] - no spaces) _Failure to fill the template will close your PR_:** ***Please submit all pull requests against the `development` branch. Failure to do so will delay or deny your request*** - [X] I have read and understood the [contributors guide](https://github.com/pi-hole/pi-hole/blob/master/CONTRIBUTING.md). - [X] I have checked that [another pull request](https://github.com/pi-hole/pi-hole/pulls) for this purpose does not exist. - [X] I have considered, and confirmed that this submission will be valuable to others. - [X] I accept that this submission may not be used, and the pull request closed at the will of the maintainer. - [X] I give this submission freely, and claim no ownership to its content. **How familiar are you with the codebase?:** 10 --- - Allow multiple upstream DNS servers ![screenshot at 2017-01-13 17-50-19](https://cloud.githubusercontent.com/assets/16748619/21937801/ee5f5dfc-d9b8-11e6-8973-82f1c54a1dd7.png) - Allow IPv6 addresses in the exclude filter After reading the `dnsmasq` code a bit more I figured out that this will not drastically increase the used bandwidth (as I though initially). `dnsmasq` will send queries to any of the upstream servers that are enabled and tries to favor servers that are known to be up (favor = the fastest to respond). Only if this favorite server fails to answer, `dnsmasq` will reach out to the others. It will occasionally send a query to all of them to identify if the favored server is still the best choice. Core changes: https://github.com/pi-hole/pi-hole/pull/1135 _This template was created based on the work of [`udemy-dl`](https://github.com/nishad/udemy-dl/blob/master/LICENSE)._

Skittels · January 14, 2017, 4:06pm

Thanks, but i already know that pull request.

I'm not sure if you understood what i mean. I would like to see that Pi-hole uses IPv6 to query the DNS servers that support it as a standart.

Everything should start using IPv6 more since IPv4 won't last forever.

Mcat12 · January 14, 2017, 4:18pm

Yes, I understand what you are asking for, but many people still don't have IPv6 internet access (myself included), so by enabling it by default might not be the best idea, for now at least. Even if the user enables IPv6 during install, their network may only support IPv6 internally. This PR will allow you to set two custom IPv6 DNS servers, which should be enough since there is not much difference using IPv6 over IPv4 for connecting to a DNS server. I agree that IPv6 is the future, but we're in the present.

Skittels · January 14, 2017, 4:22pm

I'm aware of that (i too haven't one ). This feature request was more a idea that could be implemented sometime later.

However, thanks for your replys.

DL6ER · January 30, 2017, 3:56pm

I re-open this Feature Request, because I don't think that the requester has been satisfied with the ability to manually specify two upstream servers. We should think of including IPv6 upstream servers which can be enabled by a click on the settings page (currently, all check boxes lead to IPv4 servers).

I started collecting some IPv6 DNS servers here:

Skittels · January 30, 2017, 6:26pm

Thank you for reopening.

You're right, i'm not completely statisfied with the 2 custom DNS servers than can be set manually (altough it's still a great feature). Including IPv6 upstream servers would be great and would make a step forward to the "new" protocol. But i would still like to see that pihole uses IPv6 servers as a default if there is a IPv6 connection available.

A check could be implemented in the installer which checks if there is a IPv6 connection available and sets IPv6 servers as the default servers when there is.

This could be made with the ping6 command.

Example:

ping6 -c 1 google.de

If there is no Ipv6 connection available the output will be:

connect: Network is unreachable

The domain (google.de) could be changed to any other website that supports IPv6 and is always up.

DanSchaper · January 30, 2017, 6:34pm

We currently do detect IPv6 capabilities and test for an open route to (ironically) Google's IPv6 resolvers. This is to prevent ULA/LinkLocal IP's from being detected and suggested as potential endpoints for users to configure internally. It shouldn't be that much of a change conceptually to change the upstreams to v6. My concerns would be DNS64 situations and a few other things to test for optimal configuration. Currently you should be able to chose a custom upstream upon install and enter a valid routeable IPv6 address, but that is another block of code to check, as I believe there is sanity code that validates the IP entered, and from memory I think it only validates IPv4 addressing.

DL6ER · January 30, 2017, 10:06pm

3 posts were split to a new topic: Possible problem with IP validation in the installer

jacob.salmela · February 12, 2017, 3:11am

This has been implemented.

DL6ER · March 2, 2017, 12:56pm

Currently revisiting this topic and testing some new code

me@desktop ~ $ tail /var/log/pihole.log
Mar  2 13:52:30 dnsmasq[2227]: started, version 2.76 cachesize 10000
Mar  2 13:52:30 dnsmasq[2227]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
Mar  2 13:52:30 dnsmasq[2227]: warning: ignoring resolv-file flag because no-resolv is set
Mar  2 13:52:30 dnsmasq-dhcp[2227]: DHCP, IP range 192.168.0.100 -- 192.168.0.251, lease time 1d
Mar  2 13:52:30 dnsmasq[2227]: using nameserver 2001:1608:10:25::9249:d69b#53
Mar  2 13:52:30 dnsmasq[2227]: using nameserver 2001:1608:10:25::1c04:b12f#53
Mar  2 13:52:30 dnsmasq[2227]: using nameserver 2001:4860:4860::8844#53
Mar  2 13:52:30 dnsmasq[2227]: using nameserver 2001:4860:4860::8888#53
Mar  2 13:52:30 dnsmasq[2227]: read /etc/hosts - 6 addresses
Mar  2 13:52:30 dnsmasq[2227]: read /etc/pihole/local.list - 4 addresses
Mar  2 13:52:34 dnsmasq[2227]: read /etc/pihole/gravity.list - 206816 addresses
Mar  2 13:53:34 dnsmasq[2227]: query[A] checkip.dyndns.org from 127.0.0.1
Mar  2 13:53:34 dnsmasq[2227]: forwarded checkip.dyndns.org to 2001:1608:10:25::9249:d69b
Mar  2 13:53:34 dnsmasq[2227]: forwarded checkip.dyndns.org to 2001:1608:10:25::1c04:b12f
Mar  2 13:53:34 dnsmasq[2227]: forwarded checkip.dyndns.org to 2001:4860:4860::8844
Mar  2 13:53:34 dnsmasq[2227]: forwarded checkip.dyndns.org to 2001:4860:4860::8888
Mar  2 13:53:34 dnsmasq[2227]: reply checkip.dyndns.org is <CNAME>
Mar  2 13:53:34 dnsmasq[2227]: reply checkip.dyndns.com is 216.146.38.70
Mar  2 13:53:34 dnsmasq[2227]: reply checkip.dyndns.com is 216.146.43.70
Mar  2 13:53:34 dnsmasq[2227]: reply checkip.dyndns.com is 91.198.22.70

DL6ER · March 3, 2017, 1:47pm

It has been merged into development and will become available in Pi-hole v3.0