I've been trying to solve some DNS problems with my IPv6 setup for a
while. But I haven't been able to find a solution that would work with my
specific setup on search engines so far. So I thought I might ask here.
My ISP offers some kind of native IPv6. You get a /64 prefix, but you
have to use their set top box's IPv6 router advertising. I don't want to have
to deal with some proxy_ndp scheme because AFAIK you have to configure this on
each host which is a PITA. So the solution is to bridge IPv6 traffic on my lan
router. This works fine as far as connectivity.
One of the problems I have is I use dnscrypt-proxy with dnsmasq on my router so
the hosts on my lan will not use my ISP's DNS servers (I don't want them to be
able to log my DNS queries). This works fine with IPv4. However with IPv6 my
ISP's DNS server always end up being used by my hosts as they are advertised by
the set top box.
Worse because of systemd-resolved doing round robin, soon enough the
IPv6 DNS servers of my ISP end up being used for everything and my hosts
intermittently completely bypass dnsmasq/dnscrypt-proxy and can't resolve local
DNS. This could be disabled but it also involves configuring each host which
defeats the purpose of autoconfiguration.
I've thought about filtering out the set top box's DNS advertising but
I can't seem to find any info on how to do this. But should I succeed in doing
this, can dnsmasq be configured to only take over DNS advertising? Or would I
have to rewrite DNS packets coming from the set top box on-the-fly with the
IPv6 address of the internal interface on which dnsmasq listens. This seems
flaky as if for some reason the IPv6 address of the internal interface changes
things won't work anymore.
Any help to sort this out would be greatly appreciated.
Dnsmasq-discuss mailing list