Playing with DNS & IPv6 at Home

Lesson learned today; if it ain’t broke, don’t fix it.

As part of attempting to take general ownership of my own data, I’ve been trying to lessen my reliance on Google. I’ve been playing around with a few alternative email sources (Tutanota and Proton Mail), which I’ll probably discuss at a later date. Anyways, my recent goal was to set up NextCloud, specifically NextCloud Pi since I have a fairly idle Raspberry Pi that only does Ad-blocking via DNS.

I’ve had my Pi-Hole set up for a few years, and it’s been rock solid. It’s been so long, actually that when I tried to run through the NextCloud Pi setup that I was on an old unsupported version of Raspbian.

So step one was getting a new image of Raspbian and flashing the SD card; this was fairly straightforward except for the part of needing to create a ssh file on the boot partition in order to SSH into a headless machine.

Reinstalling Pi-Hole was also equally as easy by using their one line command to install. On setup, I noticed that IPv6 ad-blocking was offered, so I thought, “Why not?” and turned it on and proceeded to turn IPv6 on my router as well, since my ISP (ATT) supports IPv6 natively.

Here’s where I run into my first problem. My router has fairly straightforward LAN settings to specify my DNS server, which is typically where the Pi-Hole’s IP address goes. After a few test runs, I still notice that ads are still coming through… Oops, IPv6 hosts are looking at the router’s IPv6 DNS address presented whch is different than the value I entered for my IPv4 DNS server. Actually, it’s just the default gateway (router) and my ISP’s DNS. Only devices that only run in IPv4 will get ads blocked; suprisingly most of my devices support IPv6, so my Pi-Hole was idle.

All my router’s IPv6 settings are in it’s own menu, and it has a field for 2 DNS server settings. I pull up my Pi’s IPv6 and enter it there, restart, and see what happens. Success! Well, sort of:

DNS Query Graph

That’s not good… Turns out the IPv6 DNS setting is for both for the WAN and the LAN, and it’s creating some sort of crazy loopbacks. DNS lookups are slowing down to a crawl.


387 Words

2019-10-28 00:50 +0000

66cac4b @ 2019-10-28