I've set pihole as the DHCP server, and I see the IPv4 address and associated hostname being shown in the web interface.
I would expect that these host names would also show in the Query Log and Dashboard summaries.
But the ipv6 reverse dns address is being shown rather than host name
Is there a way to have a host name that's associated with the ipv4 MAC address to be shown in the logs?
Are you sure your clients actually do the requests over IPv4? Hover over the shown host names in the table to see the IP addresses behind them.
My issue isn't so much about whether the clients are making the request over ipv4 or ipv6, but since pihole knows the ipv4 and ipv6 address it handed out via the DHCP server, the display logs and dashboard should resolve the address based on the MAC address of the device that made the query (either by v4 or v6).
Previously I was using my router's DHCP server, I thought that if I used the pihole's DHCP server the logs would be more meaningful than the reverse ipv6 DNS address
That is an invalid assumption.
First, DHCP is strictly IPv4. DHCPv6 is a different thing altogether (different protocol, different ports).
If you didn't enable IPv6 support via Pi-hole's UI, Pi-hole wouldn't react to a client's DHCPv6 requests at all. Even if IPv6 support is enabled, a client has a range of identifcation options to request a DHPCv6 lease, including but not limited to MAC address (actually, the same is true vor DHCP and IPv4 as well, if less common).
Second, in addition to Stateful DHPCv6 (which is similar to IPv4's DHCP) an IPv6 client may also join a network by SLAAC/NDP or Stateless DHCPv6 at its own discretion. Most modern OSs will prefer SLAAC, and there are also OSs that do not support Stateful DHCPv6 at all (e.g. Androids).
You are likely observing correct behaviour.
As far as can be assumed from your screenshots, you are seeing the correct generic public hostnames for your devices' public IPv6 addresses rather than reverse IPv6 addresses.
Your ISP is operating the authoritative DNS servers for your public IPv6 addresses (range 2000::/3), and may well use such an address itself to construct a generic name.
Thanks @Bucking_Horn - that was my fear.
So what I'm doing now to get useful logs with the hostname is to block ipv6 DNS traffic to the pihole which forces resolution via ipv4. And use the pihole to do the DHCP server.
This seems to work, but it's a pretty ugly hack.
DNS requests are created by clients, Pi-hole is just receiving them.
Accordingly, you'd have to control your client's behaviour (as you've achieved by blocking IPv6 requests).
You have several options to do so:
a) Configure your router to not advertise an IPv6 DNS server address at all.
It's important that it doesn't offer its own IPv6. Depending on your router, that may not be configurable.
b) configure a ULA address for Pi-hole.
This may or may not reduce the amount of queries posed via a public IPv6 address, depending on a client's IPv6 prefix policies
c) change a client's IPv6 prefix policies to prefer IPv6 ULA or IPv4 over public IPv6 in your local network. This isn't supported on every device (e.g. IoT).
d) configure your client to stop creating temporary IPv6 Privacy extension addresses and create a local DNS record for the public IPv6, overlaying your ISP's generic names.
As those addresses are meant to improve privacy by regularly changing your IP address (e.g once every two hours), I do not recommend doing so.
e) configure your router to make use of your Pi-hole machine's link-local IPv6 address (range fe80::/10).
This is only on an option as long as there are no L3 switching devices in your network, as link-local addresses are accessible by same link or same network segment devices only (which can be assumed if all devices are connected directly to your router).
@Bucking_Horn
Sadly, none of those are really viable nor scalable. I'm running a Ubiquity Unifi Dream Machine and the DHCP for IPv6 is handled solely by my ISP.
The hack I'm doing of blocking DNS requests on IPv6 and effectively forcing the clients to use IPv4 is actually giving me what I want.
I've got the Pihole's ethernet on the same VLAN that I need DHCP provision on, and I've got the DNS server on another VLAN where I have blocked IPv6 DNS requests. So even though the router+Pihole is handing out the IP v4 and v6 addresses for itself, the clients aren't able to reach it via the IPv6 address.
Hi @syd , UDM user here, too.
Bucking_Horn pointed me to your conversation here, I have pretty much the same issue.
There is not much we can do on an UDM, I guess.
But I don't think I am going to implement your hack, but thanks for pointing this out
@bondskin If you run VLANs on your UDM and if you're running pihole on a Pi4 - it works well. I have the DHCP listening on wifi and the DNS on Ethernet.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.
