IPv6 clients gets "unwanted" google DNS

Hi all

I have an IPv6 connectivity with a 6rd tunnel. My dhcp advert option 6 with my openwrt router ip 192.168.182.1 because I run unbound and I want that all the DNS queries go through it

However my IPv6 clients get also the google DNS somewhere so the bypass unbound:

This is from windows:

   Server DNS . . . . . . . . . . . . .  : 2001:4860:4860::8888
                                           2001:4860:4860::8844
                                           192.168.182.1
                                           fdb7:fae9:33d3::1

Also icmp dump show that only 192.168.182.1 is sent:

    192.168.182.1.67 > 192.168.182.84.68: [bad udp cksum 0xeeec -> 0x005f!] BOOTP/DHCP, Reply, length 300, xid 0x99d25a42, Flags [none] (0x0000)
          Your-IP 192.168.182.84
          Server-IP 192.168.182.1
          Client-Ethernet-Address 8e:36:28:94:ec:1a
          Vendor-rfc1048 Extensions
            Magic Cookie 0x63825363
            DHCP-Message Option 53, length 1: Offer
            Server-ID Option 54, length 4: 192.168.182.1
            Lease-Time Option 51, length 4: 43200
            RN Option 58, length 4: 21600
            RB Option 59, length 4: 37800
            Subnet-Mask Option 1, length 4: 255.255.255.0
            BR Option 28, length 4: 192.168.182.255
            Default-Gateway Option 3, length 4: 192.168.182.1
            Domain-Name-Server Option 6, length 4: 192.168.182.1```
Inspecting unbound queries from android phone also show that it is not trasversed so I guess they have the same problem.

I have checked all the configuration I have and there is no mention of the google DNS anywhere except of course for the unbound upstream zone

Thanks for the help in troubleshooting it

Nevermind, I have rebooted openwrt and now clients get openwrt private IPv4 and IPv6 and it works
Probably something left behind during cleanup of my config and I needed to reboot something which I needed to do :wink:

Many clients fall back to google DNS, if they don't receive two valid IPv6 DNS servers as part of the DHCP(v6) lease (e.g. systemd-resolved).

Many IoT devices use Google, Quad9, and other public DNS providers to bypass your add blocking lists. You already paid 750 USD for your SmartTV, but "why not also monetize your viewing habits without being obvious and clear about it?" You can use firewall and routing tables to either block, black hole, or event funnel such requests into Unbound.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.