Expected Behaviour:
The pi-hole acts as my whole-home DNS and is used for ad blocking and DNS for my local devices. I should be able to access devices on my network using either internal FQDN or short names.
- Operating System Raspberry PiOS 12 (Bookworm) and G3100 Firmware 3.6.0.6
- Hardware: Raspberry Pi 3B+ and Verizon FiOS G3100 router
Actual Behaviour:
The G3100 router adverises itself an the IPv6 DNS server completely bypassing the pi-hole.
Debug Token:
https://tricorder.pi-hole.net/QGGLWrLO/
So, the problem I am having is that the G3100 router advertises itself as an IPv6 DNS server, which makes my devices bypass the pi-hole and I lose all local name resolution. Sometimes it works, sometimes it doesn’t.
I’m using the DHCP server in the pi-hole and have the IPv6 options enabled.
I called Verizon tech support to see if I could get the router to stop advertising itself as a DNS server. And the tech really couldn’t be bothered to figure it out. They just had me turn IPv6 off completely. This obviously fixed the problem, but I’d like to know if there is a solution that allows me to use the Pi-Hole and leave IPv6 enabled on my router.
See page 126 of the manual regarding setting the IPv6 DNS servers manually.
Also, you need the router to advertise the IPv6 prefix, as well as option/flag O. Disable DHCPv6 in the router, and don't advertise option/flag M.
I’m looking at the manual, and page 126 or any section of the manual about IPv6 doesn’t mention how to set the IPv6 DNS server. The only place to set the IPv6 DNS server was on the IPv6 WAN interface.
I set the PiHole as the DNS server on the IPv6 WAN interface, and it did not make a difference. My devices were still not using the PiHole for DNS.
That is only possible if you can alter those IPv6 RA RDNSS settings (Recursive DNS Server) on the router .
Clients when connecting to the network send out an IPv6 RS (Router Solicitation) via multicast to invoke the router to reply with an IPv6 RA.
And all devices listening on the multicast address, like your router or Pi-hole, can reply with details like gateway, IPv6 prefix and DNS servers.
Pi-hole is not involved at all when the router replies with an IPv6 RA.
Those IPv6 RA's are also broadcasted periodically to inform clients of any changes.
So, sadly, turning IPv6 off at the router is my only option. I guess it’s not that big a deal, since IPv4 works just fine.
Someone I know got it to work by having his firewall redirect all DNS requests, to his Pi-Hole. Sadly, this router does not support that.
Or get your own router with advanced IPv6 settings.
I've had my own sitting between my ISP router and my LAN for decades now.
Either with the ISP router in bridge mode, or a double NAT.
I was using my own router until about a week ago, until Verizon forced me to switch to their router.
Sorry, see page 134. I was focused on the image on page 126.
I think your only option is to use the router for DHCPv6 and the Pihole for DHCPv4.
Follow the instructions in: DHCPv6 WAN with LAN IPv6 Stateless Settings
For IPv6 DNS Address 1 & 2 enter the Pihole's link-local (fe80) address.
Remember to disable the DHCP IPv6 option in your Pihole, and you can add
dhcp-range=::,ra-names in misc.dnsmasq_lines, to have the Pihole associate a devices IPv6 address with the IPv4 address, and host name, based on the MAC address.