Project

General

Profile

Actions

Bug #9654

open

After reboot, the DNS resolver must be restarted before it will advertise the ipv6 DNS address of the router.

Added by Rick Coats over 4 years ago. Updated over 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
DNS Resolver
Target version:
-
Start date:
07/28/2019
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.4-p3
Affected Architecture:

Description

When pfsense ipv6 is configured with DHCPv6 disabled and RA in "Unmanaged" mode, then after reboot, until the resolver is restarted the DNS does not know that the router has an ipv6 address.

In my configuration I have the DCHP Registration unchecked in the resolver, so I do not have unbound getting restarted due to DHCP events.

After reboot, with a working ipv6 setup, if you go to Diagnostics/DNS lookup and lookup pfsense.mydomain.com, it will only reply with ipv4 address of router.

Examining /var/unbound/host_entries.conf I see that the local-data: lines for the ipv6 for router are missing.

Looking at /var/etc/radvd.conf is missing a lot of information as if it hasn't been configured yet.

Packet capture of RA packets show that indeed, the DNS is not being advertised.

Manually restarting unbound service fixes all of this and it is good until next reboot.

Posted at:
https://forum.netgate.com/topic/145162/after-reboot-the-dns-resolver-must-be-restarted-before-it-will-advertise-the-ipv6-address-of-the-resolver

I am running 2.4.4-RELEASE-p3 (amd64)
Installed Packages (latest version):
acme
Avahi
nut
openvpn-client-export

Actions #1

Updated by Jim Pingle over 4 years ago

  • Category set to DNS Resolver
  • Priority changed from High to Normal
Actions #2

Updated by Rick Coats over 4 years ago

Further information: I have noted that during the period before first restart of the resolver, that the predefined aliases for the firewall, ie "LAN Address" do not include the ipv6 address of the firewall.

So if you have a rule to pass ipv6 source "any" to Dest "LAN Address" port 53, it will not fire until resolver service has been restarted after boot.

Actions #3

Updated by Viktor Gurov about 4 years ago

  • Status changed from New to Feedback

unable to reproduce:

pfSense 2.4.4-p3 and latest 2.5 (VM, qemu),
static IPv4 and IPv6 addresses on LAN interface,
DHCPv4 enabled, DHCPv6 disabled, RA - Unmanaged

no such issue, I can see IPv6 entries in host_entries.conf

Please give us more information about your configuration:
Interfaces configuration, type of appliance

Actions #4

Updated by Rick Coats about 4 years ago

You will have to set it up with ipv6 Track Interface. It doesn't show up with static.

Actions #5

Updated by Viktor Gurov about 4 years ago

  • Status changed from Feedback to New

looks like same track interface issue: https://redmine.pfsense.org/issues/8273

services try to run on track interface that still do not have IPv6 address

Actions

Also available in: Atom PDF