/var/etc/nameserver_v6* does not exist

[borisneubert]

radvd should only serve the LAN IP of the OPNsense box via RDNSS if "Enable Forwarding Mode" is turned on in "Unbound DNS: General" options and not the configured nameservers in "System: General"

"Directly send SOLICIT" on LAN interface is checked (on).

root@opnsense:~ # ll /var/etc
total 60
-rw-r--r--  1 root  wheel  2523 Sep  4 19:18 apinger.conf
-rw-------  1 root  wheel  5217 Sep  3 08:29 cert.pem
-rw-r--r--  1 root  wheel   132 Apr  2 19:18 dhclient_wan.conf
-rw-r-----  1 root  wheel   362 Sep  4 14:17 dhcp6c_wan.conf
-rwxr-xr-x  1 root  wheel    76 Sep  4 14:17 dhcp6c_wan_script.sh*
-rw-r--r--  1 root  wheel     0 Apr  2 21:48 dnsmasq-hosts
-rw-r--r--  1 root  wheel  2084 Sep  3 08:29 lighttpd-api-dispatcher.conf
-rw-r--r--  1 root  wheel  7419 Sep  3 08:29 lighty-webConfigurator.conf
-rw-r--r--  1 root  wheel   579 Sep  4 19:18 ntpd.conf
drwxr-x---  2 root  wheel   512 Sep  4 19:18 openvpn/
drwxr-x---  2 root  wheel   512 Apr  2 19:19 openvpn-csc/
-rw-r--r--  1 root  wheel   443 Sep  4 19:18 radvd.conf
-rwxr-xr-x  1 root  wheel   418 Sep  4 14:17 rtsold_igb0_script.sh*
-rw-r--r--  1 root  wheel  1495 Sep  3 08:29 syslog.conf

/var/etc/nameserver_v6* does not exist. radvd.conf exists with the following content:

# Automatically Generated, do not edit                                                         
# Generated config for dhcp6 delegation from wan on lan                                         
interface igb1 {                                                                               
        AdvSendAdvert on;                                                                       
        MinRtrAdvInterval 3;                                                                   
        MaxRtrAdvInterval 10;                                                                   
        AdvLinkMTU 1500;                                                                       
        AdvOtherConfigFlag on;                                                                 
                prefix <prefix>/64 {                                               
                AdvOnLink on;                                                                   
                AdvAutonomous on;                                                               
                AdvRouterAddr on;                                                               
        };                                                                                     
        RDNSS <opensenseip6> 2001:4860:4860::8888 2001:4860:4860::8844 { };                                                                                             
        DNSSL <LANdomainname> { };                                                       
};                               

igb1 is WAN interface. is the IPv6 prefix, is the IPv6 LAN address of the OPNsense box and the domain name for the hosts on the LAN. In addition the configured Google nameservers are listed but they should not.

[fichtner]

thanks, will take a closer look tomorrow! :)

[borisneubert]

Anything I can do to help with this issue?

[fichtner]

More hours in a given day would be good :)

But seriously, the code normally tries to follow this logic:

1. use the dns servers provided by the configuration of the service (we don't have that in case of radvd).
2. if unbound or dnsmasq are enabled use the interface's ip address
3. if manual name servers are set, use them

It looks like radvd igores this, merging 2 and 3 and possibly ignoring 1.

It's not as easy as disabling unbound in forward mode, people might still want to filter through unbound, as is the case with dnsmasq.

First I think we should unwind the adding of both 2 and 3, so it's a bit clearer. Do you agree?

[fichtner]

Digging a bit further: you have unbound set to forward mode? you have your dns set to not override the dns servers via PPP (system: general)?

[fichtner]

reading all of this again: I think this already fixes your issue?

First I think we should unwind the adding of both 2 and 3, so it's a bit clearer.

In that case only unbound gets added...

[fichtner]

Try this:

# opnsense-patch b5b92c1aa

Cheers, Franco

[borisneubert]

unbound is set to forward mode (DNS Query Forwarding: Enable Forwarding Mode is Checked), as before DNS set to not override the DNS servers via PPP (DNS server options: Allow DNS server list to be overridden by DHCP/PPP on WAN is NOT Checked), as before Patch b5b92c1aa is applied. OPNSense box rebooted /var/etc/nameserver_v6* still does not exist /var/etc/radvd.conf lists IPv6 address of OPNSense box only in RDNSS record: this is OK now devices configured by DHCPv6 use OPNSense box as DNS server only: this is OK now the issue is solved, many thanks!

[fichtner]

Hi Boris,

Great, thanks. I'll add this to 17.7.3 :)

Cheers, Franco