[Dnsmasq-discuss] dnsmasq + brouted native ipv6

Deposite Pirate dpirate at metalpunks.info
Sun Oct 8 13:13:19 BST 2017


Hi, 

	I've been trying to solve some DNS problems with my IPv6 setup for a while. But I haven't been able to find a solution that would work with my specific setup on search engines so far. So I thought I might ask here. 

	My ISP offers some kind of native IPv6. You get a /64 prefix, but you have to use their set top box's IPv6 router advertising. I don't want to have to deal with some proxy_ndp scheme because AFAIK you have to configure this on each host which is a PITA. So the solution is to bridge IPv6 traffic on my lan router. This works fine as far as connectivity.

One of the problems I have is I use dnscrypt-proxy with dnsmasq on my router so the hosts on my lan will not use my ISP's DNS servers (I don't want them to be able to log my DNS queries). This works fine with IPv4. However with IPv6 my ISP's DNS server always end up being used by my hosts as they are advertised by the set top box.  

	Worse because of systemd-resolved doing round robin, soon enough the IPv6 DNS servers of my ISP end up being used for everything and my hosts intermittently completely bypass dnsmasq/dnscrypt-proxy and can't resolve local DNS. This could be disabled but it also involves configuring each host which defeats the purpose of autoconfiguration. 

	I've thought about filtering out the set top box's DNS advertising but I can't seem to find any info on how to do this. But should I succeed in doing this, can dnsmasq be configured to only take over DNS advertising? Or would I have to rewrite DNS packets coming from the set top box on-the-fly with the IPv6 address of the internal interface on which dnsmasq listens. This seems flaky as if for some reason the IPv6 address of the internal interface changes things won't work anymore. 

	Any help to sort this out would be greatly appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20171008/21ff1df4/attachment.html>


More information about the Dnsmasq-discuss mailing list