• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

DNS resolver

Started by porjo, May 10, 2015, 04:30:11 AM

Previous topic - Next topic

porjo

I've just configured IPv6 tunnel with an OpenWRT router. It's all working fine, however I noticed that my clients are using the HE end of my 6in4 tunnel as a DNS resolver. For example, on my laptop (running Linux):

$ cat /etc/resolv.conf
# Generated by NetworkManager
search lan lan.
nameserver 127.0.0.1
nameserver 8.8.8.8
nameserver 2001:470:1f05:467::1


That last nameserver IP corresponds with my 6in4 tunnel IP - my end is ::2 and the HE end is ::1. This is not causing me a problem (DNS lookups against that IP work!), but I was curious to know:

- why is my router sending that IP as a DNS resolver? (i.e. is this behaviour part of the IPv6 spec?)
- should I be using that IP to resolve DNS against? (the Henet doco doesn't mention this)
- can I override this with another IP, for example 2001:470:20::2 (the anycast caching nameserver listed in my tunnel setup details)?

For reference, my OpenWRT network config is:

config interface 'wan6'
option proto 6in4
option peeraddr  '72.52.104.74'
option ip6addr   '2001:470:1f04:467::2/64'
option ip6prefix '2001:470:1f05:467::/64'
option tunnelid  '12341234'
option username  'xxxxxxxx'
        option updatekey 'xxxxxxxxxxxxxx'


Thanks.

porjo

Turns out that the behaviour is caused by the odhcpd process which handles ipv6 router advertisements for OpenWRT. Modifying /etc/config/dhcp as follows allowed me to override the DNS resolver:

config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
list dns '2001:470:20::2'


(I added the last line)

snarked

QuoteThat last nameserver IP corresponds with my 6to4 tunnel ....
6in4, not 6to4.  6to4 IPv6 addresses are in the range 2002::/16.

porjo

Quote6in4, not 6to4.
Yes, quite right! Oops. I've updated my original post now.