I'm planning to use the DHCP server on my pihole for IPv4 because the FIOS router from Verizon is a pain with DHCP (don't get me started). I think I know how to switch it to the Pi-hole's IPV4 DHCP server, but I'm not sure about IPv6. Can anyone help me out?
My network at home is pretty simple. One router, one subnet, and so on. Verizon turned on IPv6 recently, so the WAN interface gets a /64 address block and the router uses stateless autoconfig to let the clients pick an address from that block on my lan.
On the Pi-hole DHCP page, there's an option for "Enable Ipv6 support SLAAC+RA" and I'm wondering what that does? Or will it mess up with what the verizon router is doing already? Should I turn that on on the pihole and turn something off on my router ipv6 related? With v4 I'd just turn off DHCP on router and turn it on on my pihole.
What happens if I turn on IPv6 support on my pihole's DHCP page when my router is already giving out addresses? The only options on the Verizon router for controlling what is done on the LAN side with IPv6 are to set addresses on the stateless or DHCPv6. There aren't any options to disable IPv6 on the LAN side. Has anybody with a Verizon router here set up a Pi-hole with IPv6 when the Verizon router is already doing IPv6?
If your clients are already using your Pi-hole's IPv4 address for DNS, there would be no need to offer an IPv6 DNS server address at all (as a DNS server will answer a client's A as well as AAAA requests regardless of the IP address the client has used for sending the DNS request).
Your router may do that nevertheless, so the critical part here is your router's IPv6 DNS configuration.
That would have Pi-hole advertise one of its Pi-hole IPv6 addresses as DNS server. This may be useful if your router advertises a public IPv6 prefix, but no IPv6 DNS server address.
It's crucial to understand that configuring Pi-hole to advertise itself as IPv6 DNS resolver won't stop your router from advertising itself or your ISP's DNS servers on top of that.
It would then be entirely at a client's discretion to pick from DNS servers advertised on your network (and more often than not, clients would prefer the router).
So the only way to make this work:
You'd have to find a way to configure your router to advertise your Pi-hole host machine's IPv6 as DNS server and/or to stop advertising its own.
You'd have to consult your router's documentation sources on further details for its IPv6 configuration options.
If your router doesn't support configuring IPv6 DNS, you could consider disabling IPv6 altogether.
If your router doesn't support that either, your IPv6 capable clients will always be able to bypass Pi-hole via IPv6 (unless a client can be manually configured to use Pi-hole as its only DNS).
Currently, the Verizon router is providing both IPv4 and IPv6 DNS servers, which are itself. The block assigned to clients by stateless autoconfig from the router comes from a publicly advertised block. For example, I can access ipv6.google.com, and if I allow an IPv6 pinhole, I can access something like SSH on a client on my network if I open port 22 on that pinhole.
When you mention having Pi-hole advertise one of its addresses as a DNS server, how would that be advertised? Would it be through the Pi-hole's IPv4 DHCP server once I turn off the Verizon router's IPv4 server? As far as a v6 only client, there is an option on the WAN side for obtaining an IPV6 address automatically or specifying one, I suppose once I enable v6 support for the pihole I could just manually specify the pi-hole's v6 address.
The bottom line question I guess, is that enabling IPv6 support on the pihole does NOT do anything for address assignment, right? I'm just trying to make sure that if I enable it, it's not going to interfere with what the router is already doing in terms of providing addresses for clients on my network.
As said, Pi-hole will only offer an IPv6 DNS server address.
It would do so either via router advertisements, or on a client's explicit Stateless DHCPv6 request.
But as explained in detail, the bigger challenge is your router's IPv6 DNS configuration:
If you can't stop your router from offering its own IPv6 address as DNS server, your IPv6-capable clients will by-pass Pi-hole.
Yea, that's what I had to do (turn off IPv6 completely), serious bummer cause I wanted to continue to have IPv6 internet. I guess I'll have to consider going back to my own router or waiting for Verizon to add more features to IPv6 configuration.
They simply DON'T LET YOU change what DNS server is handed out to clients. The best you can do on the V4 side is change the upstream DNS server address to your pihole, but then everything on your pihole looks like it's coming from the router so you can't see individual clients.
On the V6 side, there is an option for setting a custom DNS server on the WAN side, but nothing to tell the clients getting stateless router autoconfig what their DNS addresses are.