Built in DHCP Server is giving wrong DNS Server to requesting clients

[gomurr]

I have found an error. I have enabled the DHCP server and have ipv6 addresses assigned from fd00::2 to ff. My raspberry has

a private ip(v4) adress like 192.168.x.x and also a fd00 ipv6 adress and also a fe80 adress and also an public 2003:: adress with a given prefix from the internet router/gateway.

Till here the build in DHCP Server is working fine and giving ipv6 IPs ranged from fd00:2 to ff to asking clients. The DHCP Server also gives the its own DNS adresses to the requesting clients.

But now I limited the AdGuard DNS Server to listen only at 192.168.x.2 and fd00::2. Because I don't want it to listen for dns queries at the public reachable 2003:x.x... and the link local fe80 adresses. This is done in AdGuardHome.yaml like that:

'dns: ' - 192.168.178.2 ' - fd00:2 That works fine and in the webIf at the tab "Setup Guide" I see also, that adguard home's dns server is working now only with that ip adresses, like you see in my attached screenshot:

But now the problem is, that the DHCP Server is still giving the other adresses to the requesting clients. So the clients getting additionaly that public 2003:: and that fe80: adresses. I think that is wrong and the build in dhcp server should only give the 2 adresses the dns is limited to via config. Because of this, it happens that clients have now wrong DNS server adresses. What is causing dns timeouts at clients and a not working internet. How can I make that build in dhcp server to give only that 2 adresses to clients?

[gomurr]

Oh this is strange. I just did a test and I was setting up DNS Servers on my Windows PC manually (fd00::2 and the ipv4 address ) like here in that screenshot:

When I surf to an adult site for example, the query at AdGuard Home DNS Server is made from the public address ??

Shouldn't the windows client in this case come with fd00::6 ? Hmm, I'm kind of at a loss here.

[szhu25]

This probably happens because you don't need NAT for IPv6 (thanks to the large address pool), so your public IPv6 address will be used also as the internal reference one (preferred address).

"Unlike IPv4, your home router will not need to perform NAT on the IPv6 packets flowing in the outbound direction. The internal home LAN devices will use the global (i.e. public) IPv6 addresses that the service provider allocated to your home as the source addresses for the outbound connections." From https://blogs.infoblox.com/ipv6-coe/home-networking-with-ipv6/

However, you might still want to continue announcing the fd or fe80 address to your home devices, because the IPv6 range you received is generally dynamic and subject to change.

[ainar-g]

Thanks for the report. AGH currently sends all IP addresses of the interface on which the DHCP server is set to listen. We'll see if we can make that range more exclusive.

[neon-dev]

I have a similar case as in the original issue description: AdGuard Home seems to advertise the IPv4 DNS address twice and more importantly, the IPv6 DNS address is wrong: The one ending with 294c is the address of my cable router but I'm using AdGuard's DHCP and disabled the router's DHCP, so I have no idea how this IPv6 address can (still) be used on all my clients. The result is that some of the requests go through AdGuard and some are bypassed.

Edit: Not sure if my issue related to #4088, because there the IPv6 DNS server is correctly advertised, but I thought I'd better mention it just in case.

[ainar-g]

@neon-dev, sending the IPv4 twice is a feature, not a bug, since if we only send it once, some OSes (most notably, Android) will use their system's default (such as 8.8.8.8) as the secondary DNS server. See #1708.

The IPv6 DHCP server has a long way to go, unfortunately, and we're planning to address most of its issues in the v0.108 cycle. Until then, can you please add a comment about your situation to issue 4088? Thanks.

[neon-dev]

Done, thank you very much for the info 🙂