I've been trying to solve some DNS problems with my IPv6 setup for a 
while. But I haven't been able to find a solution that would work with my 
specific setup on search engines so far. So I thought I might ask here. 

        My ISP offers some kind of native IPv6. You get a /64 prefix, but you 
have to use their set top box's IPv6 router advertising. I don't want to have 
to deal with some proxy_ndp scheme because AFAIK you have to configure this on 
each host which is a PITA. So the solution is to bridge IPv6 traffic on my lan 
router. This works fine as far as connectivity.

One of the problems I have is I use dnscrypt-proxy with dnsmasq on my router so 
the hosts on my lan will not use my ISP's DNS servers (I don't want them to be 
able to log my DNS queries). This works fine with IPv4. However with IPv6 my 
ISP's DNS server always end up being used by my hosts as they are advertised by 
the set top box.  

        Worse because of systemd-resolved doing round robin, soon enough the 
IPv6 DNS servers of my ISP end up being used for everything and my hosts 
intermittently completely bypass dnsmasq/dnscrypt-proxy and can't resolve local 
DNS. This could be disabled but it also involves configuring each host which 
defeats the purpose of autoconfiguration. 

        I've thought about filtering out the set top box's DNS advertising but 
I can't seem to find any info on how to do this. But should I succeed in doing 
this, can dnsmasq be configured to only take over DNS advertising? Or would I 
have to rewrite DNS packets coming from the set top box on-the-fly with the 
IPv6 address of the internal interface on which dnsmasq listens. This seems 
flaky as if for some reason the IPv6 address of the internal interface changes 
things won't work anymore. 

        Any help to sort this out would be greatly appreciated.
Dnsmasq-discuss mailing list

Reply via email to