TL;DR - I think pfSense should be blocking DHCP6 requests (or responding directly), but I am still getting my ISPs IPv6 address for DNS on machines behind the pfSense firewall. This causes lookup problems since their DNS server is not reliable. I suspect I have a bad config in my pfSense firewall (user error), and need guidance on how to resolve this.
Background: I have severe problems with IPv6. Most of the IPv6 requests time out, forcing anything that is IPv6 enabled to fall back to IPv4. There's nothing wrong with IPv4, but, the timeout is supremely annoying. NOTE: I understand there is a difference between pfSense and DHCP requests from a client machine. My IPv6 skills are not as strong as my IPv4 skills, so my solution has been to disable IPv6 on any machine that has a problem. But that's a bandaid, and not a good solution. Symptoms: I seem to be getting a DNS server of 2603:3001:3805:10f0:223:7dff:fe3b:73ac, which is my ISP's DNS Server (Comcast). I cannot figure out where this is coming from. It appears to be coming from Comcast, THROUGH pfSense. How is this DHCP request traversing pfSense to the WAN? I have a local Windows server, with an fe80:: address, which is a DNS server also. Not sure why this is not being set as DNS via DHCP6 (different issue). What I want: I need to stop the timeouts by controlling where the lookups go (which servers are getting served in the DHCP6 requests), which cause the network to bottleneck and request to take forever. Is there an IPv6 guide / tutorial that I have been unable to find with Google? I would like to be able to configure pfSense to ignore / block any upstream DNS servers when DHCP6 requests go out. Or, in the alternative, control where they go so I can point them at wither my Windows DNS or a bind9 server (or even the resolver in pfSense). Perhaps pfSense is forwarding the requests upstream instead of responding itself? -- Michael Munger, dCAP, MCPS, MCNPS, MBSS High Powered Help, Inc. Microsoft Certified Professional Microsoft Certified Small Business Specialist Digium Certified Asterisk Professional [email protected] <mailto:[email protected]> _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
