Fresh-tomato unconditionally adds `dhcp-option=option6:dns-server,[::]` to dnsmasq.conf
Issue #191
resolved
I'm using Tomato in conjunction with pi-hole. What I've been doing so far is adding:
dhcp-option=option:dns-server,192.168.0.13
dhcp-option=option6:dns-server
dhcp-option=br1,option:dns-server,192.168.0.1
dhcp-option=br1,option6:dns-server
to my Dnsmasq Custom Configuration. This sends DNS queries to the pihole by default, and to tomato for br1 (br1 is my guest vlan, and can't see the pihole), and doesn't use IPv6 for DNS at all (which is fine, because I can still resolve AAAA records over IPv4). This was working fine, but I just upgraded and it looks like about a year ago someone added this line:
dhcp-option=option6:dns-server,[::]
unconditionally to the dnsmasq.conf file. This makes dnsmasq ignore my dhcp-option=option6:dns-server, because now there's a duplicate dhcp-option=option6:dns-server. So now all my clients get 192.168.0.13 (the pihole) and the IPv6 address of FreshTomato. My Mac, at least, prefers the IPv6 address, so now no traffic is going to my pihole.
Comments (4)
-
-
reporter
to have a working (full) IPv6 config, the IPv6 client needs a DNS-Server
This is only true if you have no IPv4 connectivity. A client can look up IPv6 AAAA records over an IPv4 connection to the DNS server. I have blocked the IPv6 DNS server right now and I’m passing https://ipv6-test.com/ with flying colors.
But, it would be nice if I could specify the IPv6 server.
add option only if Announce IPv6 on LAN (SLAAC) OR Announce IPv6 on LAN (DHCP) is enabled
I have both of those checked. :P
I have found a bit of a workaround: if you disable “Use internal DNS”, then this line doesn’t get added to the DNSMasq config. You can set the router’s DNS server to be the IP of the PiHole server, and then this ends up being the IP that’s broadcast to DHCP clients. I assumed this meant that the DNS server on the router wouldn’t even run, but actually it’s still there and accessible, it just isn’t advertised, so you could still use conditional forwarding on the pihole to resolve internal hosts by forwarding them to the router, but you need to be careful not to set up a DNS loop. Also if you have multiple VLANs, you need to use “LAN Access” to make the PiHole visible to all the VLANs.
-
A client can look up IPv6 AAAA records over an IPv4 connection to the DNS server.
true, thats possible - but that is something you want
→ IPv6 can/should work completely independent of IPv4
I have both of those checked. :P
not a big deal. With my suggested change, you just add the desired tomato DNSMasq ipv6 config in the custom box. you already looked up the code
Example: if you want both, SLAAC and DHCPv6 (and no DNS via tomato), you will need to add the following for example to the custom box (uncheck at the GUI SLAAC and DHCPv6)
dnsmasq.conf (example)
... ... ... enable-ra <== change / adjust to your needs ra-param=br*, mtu:1492, 15, 600 <== change / adjust to your needs dhcp-range=::2, ::FFFF:FFFF, constructor:br*, ra-names, 64, 1800s <== change / adjust to your needs dhcp-option=option6:dns-server,[::] <== change / adjust to your needs dhcp-option=option6:31,[::] dhcp-option=option6:56,[::] ... ... ...You can adjust now your DNS-Server and/or other options
In general: We only offer a basic & easy IPv6 setup via the GUI - there are much much more possibilities. The GUI default options should cover the “normal” user.
→ With my suggested change you can adjust the DNS-Server again via the custom box
@pedro i would suggest to add my commit to have more control with the custom box. → issue resolved in my opinion
-
repo owner
- changed status to resolved
IPv6: rc: services.c - add check for SLAAC and/or DHCPv6 before using global address and not link-local address for IPv6 DNS - fixes
#191adjust the following commit https://bitbucket.org/pedro311/freshtomato-arm/commits/20094cd65b072bef6a9458aa1368d7a7d61017e4
see issue https://bitbucket.org/pedro311/freshtomato-arm/issues/191/fresh-tomato-unconditionally-adds-dhcp
→ <<cset 928398e309b2>>
- Log in to comment
to have a working (full) IPv6 config, the IPv6 client needs a DNS-Server
https://bitbucket.org/pedro311/freshtomato-arm/commits/20094cd65b072bef6a9458aa1368d7a7d61017e4
→ use global address and not link-local address for DNS by default
You want that your Clients do not have an IPv6 DNS ? Disable IPv6
?
Edit:
Would it help on your side if we change
into
(add option only if Announce IPv6 on LAN (SLAAC) OR Announce IPv6 on LAN (DHCP) is enabled)
and you provide your ipv6 options completely by your self ?
Edit 2:
https://bitbucket.org/M_ars/freshtomato-arm/commits/f4cc75a54e13fad8cae77cd670b20bb9ce5d22bd
would be my suggestion/solution (for mips & arm)