- marked as bug
"Intercept DNS port" does not work over IPv6
I'd say that this is a known issue , as this note can be found in the Advanced -> DHCP/DNS page:
Intercept DNS port - Any DNS requests/packets sent out to UDP/TCP port 53 are redirected to the internal DNS server. Currently only IPv4 DNS is intercepted.
After testing with dig using FT version 2018.3 I can confirm that the statement is true. Will try again after I'll update to the 2018.4 version.
If it was already fixed (not in the release notes from what I have read), please close this issue.
Otherwise, I'd say that this needs to be fixed - I suppose that is only a matter of adjusting the firewall rules?
I know, wishful thinking :)
Comments (9)
-
reporter -
reporter - edited description
-
I think there are many complexities to consider for DNS for IPv6 as per https://tools.ietf.org/html/rfc4472. (which may explain why it isn't done?)
-
reporter Well, I'm not technical enough to make heads or tail of that RFC (otherwise I would have opened a pull request instead of an issue) but I suppose it is possible to route IPv6 traffic in a similar manner as the IPv4 one. Otherwise, what would be the purpose of a firewall?
I know that there are differences between the two protocols, other than the obvious different address space.
And yes, a quick fix would be to disable IPv6.
-
(due to complexity, I suggest this should be an enhancement rather than a bug)
-
I also think it is an enhancement. It is not a bug :-) But i think it is not so easy with ipv6
-
reporter - marked as enhancement
By popular demand, this is now marked as an enhacement.
-
Account Deleted Disabling IPv6 is not a 'fix' -- it's a regression.
-
you could add some custom rules (Administration --> Scripts --> Firewall) to allow or drop the IPv6 DNS requests (no redirection, no NAT for IPv6 and tomato) But you may see also this thread: https://www.linksysinfo.org/index.php?threads/intercept-port-53.74394/#post-301327 Kids will get around it... BR
- Log in to comment