dmvrtx

Configuring local IPv6 network with Pi-hole

Short version

Explanation

IPv6 was built on the idea that clients do not require centralised configuration distribution, like DHCP in IPv4. There is an option to use DHCPv6 for stateful addresses, but in my case it wasn’t necessary.

SLAAC stands for “Stateless address auto-configuration” and is a protocol that IPv6 clients use to get information about the network. It can be roughly described as the following steps:

  1. The client comes up with a link-local address, usually derived from their unique MAC.
  2. The client sends out a “neighbor solicitation” (NS) packet to verify that link-local address can be used. If it receives a “neighbor advertisement” (NA) response, it tries again with a new address.
  3. The client sends out a “router solicitation” (RS) packet to find information about the network.
  4. All the routers on the network respond with “router advertisement” (RA) providing bits of information about the network, including routes and DNS.
  5. The client generates its own global unique address using prefix received at step 4.
  6. The client does a duplicate address check for its global unique address, same as at step 2.
  7. The auto-configuration is done.

By enabling SLAAC and RA on the Pi-hole we tell it to send a “router advertisement” with DNS data pointing to itself whenever clients send “router solicitation” packets. Therefore client chooses Pi-hole as its DNS for their IPv6 connection.

Important part here is for clients to use the SLAAC flow. Netgear router, which I use, defaulted to DHCPv6 for the LAN and took over DNS configuration. At the same time it didn’t allow to specify a local IPv6 address for the DNS server. This resulted in the “split-brain” situation where IPv4 DNS searches went through the Pi-hole, while IPv6 ones went to the provider’s DNS servers. Fortunately, router allowed to disable DHCPv6 and use “Auto Config” for LAN which solved the problem.