Set DNS server for IPv6

I have problems to annouce my IPv6 DNS server by DHCPv6 and have no idea why. My clients on "vpn" will get a dns server for IPv4 but not for IPv6. I am running OpenWrt 22.03.5 and this is my config of /etc/config/dhcp:

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'vpn'
        option interface 'vpn'
        option start '100'
        option limit '150'
        option leasetime '1h'
        option netmask '255.255.255.0'
        option dhcpv6 'server'
        option ra 'server'
        list dns 'fdaa:0:0:aab0::1'
        option ra_default '1'
        list dhcp_option '6,192.168.224.1'

Screenshot_20230915-0006251080×1920 176 KB

        list dns 'fdaa:0:0:aab0::1'

screen21343×969 86.3 KB

Both IPv4 and IPv6 local DNS are announced by default, so you don't need to explicitly announce them.

Announcing custom non-local DNS should also work, assuming the specified ULA is covered by the client prefix, otherwise make sure you provide the proper routing:
https://openwrt.org/docs/guide-user/network/ipv6/ipv6_extras#announcing_ipv6_default_route

You can confirm that it works by testing another client, such as OpenWrt:

> cat /tmp/resolv.conf.d/resolv.conf.auto 
# Interface wan
nameserver 192.168.1.1
search lan
# Interface wan6
nameserver fd37:a698:ee4e::1

Thanks for your reply.

Well, I do need to annouce custom DNS, because I want to use the DNS servers of the other side of a vpn tunnel. So far, IPv4 works and IPv6 not.

Well, I do the latter. Accessing that IPv6 DNS server does work as well as browsing IPv6 only websites. The DNS resolution is done by the IPv4 server in this case

If you can install tcpdump on the router, check for the router advertisements and DHCPv6 packets.

tcpdump -i vpn -v -n '(icmp6 and ip6[40] == 134) or (udp and port 547)'

Ok, done.

root@Ar150Van:~# tcpdump -i br-vpn -v -n '(icmp6 and ip6[40] == 134) or (udp and port 547)'
tcpdump: listening on br-vpn, link-type EN10MB (Ethernet), capture size 262144 bytes
01:19:57.615173 IP6 (flowlabel 0x65104, hlim 255, next-header ICMPv6 (58) payload length: 96) fe80::e695:6eff:fe41:805 > fe80::de0b:34ff:fefc:5d25: [icmp6 sum ok] ICMP6, router advertisement, length 96
        hop limit 64, Flags [other stateful], pref medium, router lifetime 1800s, reachable time 0ms, retrans timer 0ms
          source link-address option (1), length 8 (1): e4:95:6e:41:08:05
          mtu option (5), length 8 (1):  1500
          prefix info option (3), length 32 (4): fdaa:0:0:aab9::/64, Flags [onlink, auto], valid time infinity, pref. time infinity
          rdnss option (25), length 24 (3):  lifetime 1800s, addr: fdaa:0:0:aab0::1
          advertisement interval option (7), length 8 (1):  600000ms

Do you need the dump into a file? How could i provide/attach this file in this forum?
I can see the IP I want to annouce, so hey . But why isnt it accepted by android?

Try to isolate the issue by announcing a public IPv6 DNS, and also check from the client:

nslookup example.org 2001:4860:4860::8888
nslookup example.org fdaa:0:0:aab0::1

If that works, then your client probably just ignores ULA/LLA DNS due to own IPv6 implementation.

Oh, this is so sad. You are absolutely right.

Windows does accept that ULA IPv6 server, android does not. Although android can use it, if explicitly defined in a request. I did not cross check this enough.

The funny part is: even if I set a public IPv6 like 2620:fe::fe , it will not be accepted. On the other side, the router of my ISP annouces itself with an ULA beginning with "fd00::" and is accepted. There is someting fishy

I put my IPv6 dns servers in LAN > IPv6 settings > Announced DNS servers > fd88::1 and my Android device correctly shows the DNS server.

You are only announcing an ipv4 dns server.
Should you not also announce the ipv6 DNS server with option 6?

That does not work for me. I already posted the same way in my first post. I also showed a screenshot like this.
Two possible reasons:

1. Yoour screenshot is a bit different. I guess you are not using the latest stable version : openwrt 22.03.5
2. You probably dont use stock android. Instead you have another vendor which possibly modified the ipv6 implementation. I am using 1 Pixel 6a, 1 Pixel 4a and 1 ancient Nexus 5X. All behave the same and dont get the IPv6 DNS server, but my Windows PC does.

I think this is not supposed to work this way. In my frustration I also tried this but the result was an error: I got neigher an IPv4 nor an IPv6 on my android. I did not test it with windows then because this was worse then the original problem.

I cannot see straight anymore. It is getting odd. I briefly tested this with another openwrt router. Here it is working with my phones. I will test it again in the evening and make another tcpdump. Something has to be wrong with my setup in the other openwrt router from the first post. I have no idea if it is the dhcp, the wifi or the firewall...

If you read the note under the "Announced IPv6 DNS servers" it states that they will be announced via DHCPv6. But Android phones don't use DHCPv6, only SLAAC. Can you try with another client device supporting DHCPv6?

DHCPv6 DNS announcement works fine in OpenWrt with supported platforms like modern Linux distributions. Android's suport for DHCPv6 is a lOOOOng lasting issue and was marked as "won't fix" https://issuetracker.google.com/issues/36949085

But that's not a real issue IMHO because android just gets DNS info via RA just fine

Well, somehow it doesn't. Otherwise there was no this thread. But I don't see why it should be an issue in the first place. DNSv4 should be able to return AAAA records without any trouble and IPv6 network will works just fine.

I have an unbranded/stock Android 11 on a Nokia and the network settings shows IPv4+IPv6 addresses (LLA, ULA, GUA), as well as an IPv4 and an IPv6 resolver address. And both resolver address can be used/are used.

PS: I mentioned DNS via RA just in case someone is not aware of it.

I will flash LineageOS 18 (Android 11 based) and see if it works. Current one (12) doesn't list IPv6 DNS for me but IPv6 works anyway.

That's dnsmasq-specific syntax and works only for IPv4.

OpenWrt should also announce itself as IPv6 DNS with RA, but the client seems to ignore it for some reason.

This allows IPv4 and IPv6 stacks to not rely on each other, improving redundancy and fault tolerance as a result.

Sure, but if backup system is the only option you have...