pfSense

There was a fix implemented for the same sort of thing happening with Dns zones here that seems to strip off any bad ones or ipv6

https://redmine.pfsense.org/issues/3015
https://redmine.pfsense.org/projects/pfsense/repository/revisions/9399370b367df7b73b84d605f4f44599c93b0bbe/diff/etc/inc/services.inc

Should be fixed by:
https://github.com/pfsense/pfsense/pull/970 - master branch
https://github.com/pfsense/pfsense/pull/971 - 2.1.1

And also, if you have DNS Forwarder disabled, no DNS servers specified on the DHCPv4 page, and no IPv4 DHCP servers on System->General Setup, then no name server line is written to the DHCPv4 conf file (dhcpd.conf).
That has to be the expected behavior - the system has no IPv4 DNS available to it, so it can't tell IPv4 clients any DNS server IP address(es).

Phillip Davis wrote:

And also, if you have DNS Forwarder disabled, no DNS servers specified on the DHCPv4 page, and no IPv4 DHCP servers on System->General Setup, then no name server line is written to the DHCPv4 conf file (dhcpd.conf).
That has to be the expected behavior - the system has no IPv4 DNS available to it, so it can't tell IPv4 clients any DNS server IP address(es).

You beat me to coding it :) Was just getting ready to work on this!

/etc/inc/vpn.inc
function vpn_pppoe_configure(&$pppoecfg)
function vpn_l2tp_configure()
search for 'dnsserver'
both those functions look like they only work on IPv4 anyway, but they can put IPv6 DNS server IP addresses from System->General Setup into their conf files. That might be a bug. But I don't use any of those sorts of links, so not sure if they will happily tunnel IPv6 inside their IPv4 VPN.
Bryan (or someone who knows), if it does need fixing, you might like to make similar fixes in these 2 functions to restrict it to just putting DNS servers with IPv4 addresses into the conf files.

Phillip Davis wrote:

/etc/inc/vpn.inc
function vpn_pppoe_configure(&$pppoecfg)
function vpn_l2tp_configure()
search for 'dnsserver'
both those functions look like they only work on IPv4 anyway, but they can put IPv6 DNS server IP addresses from System->General Setup into their conf files. That might be a bug. But I don't use any of those sorts of links, so not sure if they will happily tunnel IPv6 inside their IPv4 VPN.
Bryan (or someone who knows), if it does need fixing, you might like to make similar fixes in these 2 functions to restrict it to just putting DNS servers with IPv4 addresses into the conf files.

vpn_l2tp_configure()

The process seems to load up fine even with a ipv6 dns server in the mpd4 conf file. I looked at the mdp4 and mdp5 manuals and there is no mention of ipv6 in the IPCP layer until version 5. We are running version 4 currently at least.

So no it doesn't error out when there is an ipv6 dns in the general system setup but does the ipv6 dns entry work? I doubt it but I am not sure and can't test further right now.

Just to note it takes the first two servers only I think as it adds the router LAN and then the first dns server it seems.

Phillip Davis wrote:

/etc/inc/vpn.inc
function vpn_pppoe_configure(&$pppoecfg)
function vpn_l2tp_configure()
search for 'dnsserver'
both those functions look like they only work on IPv4 anyway, but they can put IPv6 DNS server IP addresses from System->General Setup into their conf files. That might be a bug. But I don't use any of those sorts of links, so not sure if they will happily tunnel IPv6 inside their IPv4 VPN.
Bryan (or someone who knows), if it does need fixing, you might like to make similar fixes in these 2 functions to restrict it to just putting DNS servers with IPv4 addresses into the conf files.

vpn_pppoe_configure()

Seems like the same thing based on mpd4 again. So doubt it knows what to do with it but doesn't appear to error out the process.

Applied in changeset 6a2016960b433f579b73f539ac5f64f5e956369e.

Applied in changeset 042436e8f2e1ffee2411894fbb61ad961d13bf4f.

Applied in changeset a63f8ba8f37edf07c9d40c9134f98c74e36a83d7.