Custom DNS in a SLAAC IPv6 environment

My ISP router provides a DS-Lite stack in which global addresses are advertised through IPv6/SLAAC. An IPv4 DHCP exists as well. Currently my OpenWRT box acts just as a pure WiFi-AP and Switch. I also use a Pihole as a DNS. Sadly my ISP router does not allow me to change my local DNS.
Is there any way to create advertise my own DNS as the default one in the network while still having my router as an IPv4 / IPv6 gateway without NAT? Can I let my OpenWRT box start advertising an IPv6 link-local network?

Any ideas and resources are appreciated :wink:

You can advertise dns
link-local addresses are configured locally without advertisements.
By default OpenWrt advertises the ULA addresses defined in network settings and any GUA available as delegated prefix on wan.

1 Like

Ah. Seems like I did not understand the difference between link local and unique local address.

So far it appears that my clients do not receive a ULA. I tried forming a valid ULA address space in the likes of fd00::/48

Oh well.

You can post here the output of uci export network; uci export dhcp; uci export firewall; ifstatus lan to have a look what might be wrong.

First I am trying to establish a ULA, then I guess assign a static lease to my Pihole, then let it be advertised as the default IPv6 DNS.

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd00:ea6c:c06f::/48'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        list dns '192.168.0.249'
        option broadcast '192.168.0.255'
        option ifname 'eth0.1 eth0.2'
        option ipaddr '192.168.0.2'
        option gateway '192.168.0.1'
        option mtu '1200'

config device 'lan_eth0_1_dev'
        option name 'eth0.1'
        option macaddr 'redacted'

config device 'wan_eth0_2_dev'
        option name 'eth0.2'
        option macaddr 'redacted'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '4 6t'

package dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option dhcpv6 'server'
        list domain 'local'
        option start '100'
        option leasetime '12h'
        option limit '150'
        option ra_management '1'
        option ndp 'relay'
        option ra 'relay'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

package firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option flow_offloading '1'
        option drop_invalid '1'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option network 'lan'
        option forward 'REJECT'

config include
        option path '/etc/firewall.user'

{
        "up": true,
        "pending": false,
        "available": true,
        "autostart": true,
        "dynamic": false,
        "uptime": 173772,
        "l3_device": "br-lan",
        "proto": "static",
        "device": "br-lan",
        "updated": [
                "addresses",
                "routes"
        ],
        "metric": 0,
        "dns_metric": 0,
        "delegation": true,
        "ipv4-address": [
                {
                        "address": "192.168.0.2",
                        "mask": 24
                }
        ],
        "ipv6-address": [

        ],
        "ipv6-prefix": [

        ],
        "ipv6-prefix-assignment": [

        ],
        "route": [
                {
                        "target": "0.0.0.0",
                        "mask": 0,
                        "nexthop": "192.168.0.1",
                        "source": "0.0.0.0/0"
                }
        ],
        "dns-server": [
                "192.168.0.249"
        ],
        "dns-search": [

        ],
        "neighbors": [

        ],
        "inactive": {
                "ipv4-address": [

                ],
                "ipv6-address": [

                ],
                "route": [

                ],
                "dns-server": [

                ],
                "dns-search": [

                ],
                "neighbors": [

                ]
        },
        "data": {

        }
}

A few remarks.

  1. Why is there mtu 1200 on the lan interface?
  2. option ip6assign is missing from the lan interface and as a result there is no ipv6 address assigned to the interface from the ULA or the delegated prefix.
  3. the option ifname eth0.1 eth0.2 should be only eth0.1, vlan 1 in the switch config should include port 4 untagged, and vlan 2 can be deleted.
  4. dhcp settings in lan are quite messed up. Change NDP-proxy to disabled and RA to Server.
3 Likes

thank you. i applied your suggestions
i added the MTU in an attempt to reduce choking via WiFi, especially when doing local file transfers.
dhcp is autogenerated :sweat_smile:
When I run uci commit /etc/config/network with option ip6assign in config interface 'lan' it keeps removing it.

I am not sure you achieve the desired result like this. You need more packets to transmit the same amount of data.

No way, the default is to be server for RAs and DHCP without NDP proxy.

The correct is to uci commit network, the option ip6assign needs an argument 60 is a good one.

Run the OpenWrt device as the router. It can handle DSLite just fine, and will be more secure and more customizable compared to anything else.