Comments (10)
I'd rather not use another pacakge/DNS server, but I'll look into this more as I haven't heard of it before.
from pi-hole.
Just to update this thread, I already mentioned in another thread some progress on this. dnsmasq works just fine as a resolver, no need to switch to unbound. (There may be performance improvements with another resolver package, but that's to be determined I guess.) Thanks to how DNS works the process isn't too difficult, it's a two step process. First get the IPv6 address of the PiHole, (ip -6 route get 2001:4860:4860::8888
should return the correct address in the same scheme as the current ip get
code for IPv4 counterpart.) and second, configure the host systems to use that address as the resolver. No other changes to the PiHole is needed, it can still return it's IPv4 A
record and possibly a NODATA-IPv6
instead of the AAAA
record.
from pi-hole.
Do we don't need dnsmasq
to listen over ::1
?
What about the people who are using DHCP options on their router? It seems this would not work for them.
from pi-hole.
The DHCP configuration is going to be the toughest part of the process I think. I'll do a quick write-up of how I did IPv6 with a Windows 10 box in a post (It might be kind of long, lots of code snippets since I'm running dig
to test the resolver). But the beauty of DNS resolution and IPv6 is that IPv4 servers just need to serve up the AAAA
records, so an IPv4 resolver is fully IPv6 compliant. Hopefully the write-up will explain a little better...
from pi-hole.
Okay, here we go...
Starting out with a fresh install of Raspbian Jessie (Lite Version) and a fresh install of PiHole via curl -L install.pi-hole.net | bash
. No other changes made to the Raspberry Pi or PiHole.
Client system is a Windows 10 box. By default my IPv6 is as follows (some bits are masked because I'm using the pubilc IPv6 addresses for both my Pi and my Windows 10 box.)
IPv6 Default Gateway: fe80::a021:b7ff:fe9b:4b24%9
IPv6 DNS Server: fe80::a021:b7ff:fe9b:4b24%9
First to test if ads are showing, I go to osxdaily.com
and get a ton of ads, so I know things are at a baseline.
On the Pi via SSH I run the following commands:
Find the route my Pi is using to get to the IPv6 world by getting the route to Google's IPv6 DNS server:
ip -6 route get 2001:4860:4860::8888
This returns a reply of:
2001:4860:4860::8888 via fe80::a021:b7ff::4b24 dev eth0 src 2605:e000:3c8e:ca00:6a0:1740::2543
What I'm looking for is the src
address, that's my IPv6 public routeable address, and the address I'm going to use to input into the Windows 10 box as the IP address for the IPv6 DNS resolver.
So I go to the Windows 10 box, and for IPv6 settings I change my DNS resolver to the public IP address I just got.
After the changes, my IPv6 is as follows:
IPv6 Default Gateway: fe80::a021:b7ff:fe9b:4b24%9
IPv6 DNS Server: 2605:e000:3c8e:ca00:6a0:1740::2543
(Again, some bits have been snipped for this display...)
Now, I bring up a command window in Win 10 and flush the DNS cache to make sure I'm not pulling old data:
ipconfig /flushdns
Now another visit to osxdaily.com
and notice the ads are pretty much all gone.
You can watch the /var/log/pihole.log
and see that A
records are being served via /etc/pihole/gravity.list
and AAAA
records are either served as NODATA-IPV6
or as the IPv4 address.
This was just with IPv6 change, I actually left the IPv4 resolver to the non-pihole DNS resolver address and ads were still blocked.
from pi-hole.
For the DHCP server settings, it depends on how you have the network set up.
If you are using the DHCP server as the DNS server and then setting the DHCP server to use PiHole as its resolver then I don't know if there would be any changes. If you want the DHCP server to give out an IPv6 resolver when it does DHCPv6 then you'd need to either set the DNS server manually if there is an option for IPv6 DNS servers, or you could set the DHCP additional options for option 23
to the IPv6 address.
Here's a link for a list of the options settings. https://www.incognito.com/tips-and-tutorials/dhcp-options-in-plain-english/
from pi-hole.
Hmmm, things seem to be a bit different that I expected. It looks like what my setup was doing was using my IPv6 resolver to grab A and AAAA records from my main DNS server that doesn't have any blocking, so when I changed the IPv6 resolver to the Pi-Hole box, then it started to pick up the blocked A records like it should. AAAA records are still getting through in some places, as seen below:
google.com
Server: UnKnown
Address: 2605:e000:3c8e::a1ab:dafd
Name: google.com
Addresses: 2607:f8b0:4007:809::200e
192.168.1.182
The A record is correct and blocked, but that AAAA comes through.
from pi-hole.
Alright, it looks like the way to solve the problem is to add to the gravity_hostFormat()
so that two entries are made for each domain. As a test I have:
function gravity_hostFormat() {
# Format domain list as "192.168.x.x domain.com"
echo "** Formatting domains into a HOSTS file..."
sed "s/^/$piholeIP /" $piholeDir/$eventHorizon > $piholeDir/$accretionDisc
sed "s/^/::1 /" $piholeDir/$eventHorizon >> $piholeDir/$accretionDisc
# Copy the file over as /etc/pihole/gravity.list so dnsmasq can use it
cp $piholeDir/$accretionDisc $adList
Which gives a result of
google.com
Server: UnKnown
Address: 2605:e000:3c8e::a1ab:dafd
Name: google.com
Addresses: ::1
192.168.1.182
from pi-hole.
@dschaper Interesting. I did something similar a while back, but did it all in one line with awk
. I had forgotten about it until now. I'm not sure which method would work best. But thinking back, I do remember that it did start blocking IPv6 ads...I think at the time, I just wasn't ready for that many changes and just decided to work with IPv4 and make it as stable as possible.
One thing that comes to mind is that we decided not to use the IPv4 loopback in the hosts files, which is essentially what the ::1
is in the IPv6 world. I wonder if we will run into some of the same issues as before...
from pi-hole.
The ::1 is just a temporary hack to test to see if AAAA records work, in production it would need to be the IPv6 address that is detected with the ip -6 route get 2001:4860:4860::8888
routine.
from pi-hole.
Related Issues (20)
- FTL database shouldn't be readable by unprivileged users HOT 6
- Raspberry Pi 5 having trouble binding interfaces when using NetworkManager HOT 1
- Update of pi-hole not possible on Linuxmint 6 (Debian) HOT 2
- pihole -v shows update available but pihole -up doesn't HOT 6
- Default list author fine with breaking functionality -- suggest finding alternative HOT 4
- Dashboard hanging HOT 1
- Consider NOT rate-limiting queries from the local router HOT 4
- Update (pihole -up) fails as installer (basic-install.sh) bypasses local DoH proxy HOT 3
- DHCP static reservation will not reset when changed. HOT 1
- v6: documentation on PUT /clients/ is not complete HOT 3
- Pihole stop working at all after reboot. Can't access internet by itself HOT 3
- pihole -up Banana Pi M1 not working HOT 2
- OS Detection saying supported OS is not Supported HOT 9
- "Restart DNS resolver" required every few days to make browsing work again! HOT 42
- crash on internet outage HOT 2
- fails to install in nobara linux(fedora 39) HOT 7
- wasabisys.com always gets N/A reply; perhaps due to absurd reply that canβt be handled? HOT 1
- Using "IP/admin" page for admin interface returns a blank/clear/white page. HOT 1
- Logfiles under /etc/pihole HOT 1
- Teleporter does not restore DHCP server enabled state
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pi-hole.