-
-
Notifications
You must be signed in to change notification settings - Fork 195
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IPv6 hosts are not resolved to hostnames in Query Log #2124
Comments
Does a
return a host name for that IP? |
In the docker container, it does not. |
Ah okay. It looks like reverse DNS lookups are forwarded to the system resolver instead of upstream or Conditional Forwarding rules. I have a conditional forwarding rule Mapping fd2b:43d7:e9a:b2:c022:bd26:228f:3e04 to the host name and to the IPv4 address is only available in network table. |
FTL always forwards "to itself" regardless of the system resolver settings. Please try again with
|
It does not resolve this address. |
So what does it do instead? Could you quote the corresponding lines from |
Log shows nothing special about this request. |
The docker container has IP address 192.168.11.2, the upstream server 192.168.11.3.
|
Can you be more precise on this? We somehow need to identify why the conditional forwarding rules are not followed here.
Also here, the logs would be useful. It could be that FTL itself runs into timeouts on the conditional forwarding target and then never replies back to your |
Log shows nothing new when I do these queries:
|
Okay, so it seems inside your container FTL is not listening on port 53 although it should. Did you change
in Please run
|
I did not change
Some of these settings are set by the docker container. I mainly turned off ntp server. |
This is odd. So inside the container FTL is listening on port 53, as expected, yet |
Addes blank lines befoe each command after copy/paste here.
Both hosts are pingable, the IP address of the pihole container is 192.168.11.2:
192.168.11.3 is the upstream DNS server running Adguard DNS proxy. |
Maybe some details about my setup are helpful: I use a Raspi 4 as OpenWRT router. The router handles DHCP (v4/v6) and incoming DNS requests, it forwards requests to a pihole server (192.168.11.2) running as docker container on the router. I have a separate macvlan network (192.168.11.0/24) for this. Pihole should handle blocklists and forward upstream requests to a second container running Adguard DNS proxy (192.168.11.3). All this works fine so far. But if pihole needs to reverse-lookup local IP addresses, it should send these requests back to the OpenWRT dnsmasq at 192.168.11.1. This works for IPv4 using conditional forwarding and a rule like |
Huh, I just changed the conditional forwarding rule to From logs during pihole startup:
|
The only change this extra domain will introduce into your local (automatically generated)
i.e., specifying that lookups for TLD Could you please create a diff of the file |
I got the root cause for the DNS timeouts - it was a forwarding issue, Pihole sends the request back to the router, the router to pihole and so on. Timeouts occured on rate-limit, the whole thing crashed if I disable rate limiting. The problem is that I cannot tell pihole to send "internal" PTR requests back to the router without using conditional forwarding. But the original issue is still there: |
Why is your router using your Pi-hole for DNS in the first place? What is it this device is "looking up"? Does it really need DNS filtering or is it more like you want to be able to use the Pi-hole to monitor all DNS activity in your network - including the router's one? I still don't know why you haven't seen anything of this in your logs...
Yes, and this should actually be done. Please enable |
As written, there was a configuration bug on my side.
Logfile:
|
I am missing a few log lines here, I guess what you have been quoting is what is printed when you open the clients page. Can you check for more resolver debug lines with this IP address? We are specifically looking for something like
|
I cannot find a "is new" message in the latest logs but will flush and restart pihole tomorrow. Each hour:
And sometimes:
|
This is some form of a chicken-and-egg problem here. My working hypothesis is that your client gets the IP address "freshly" and then issues queries. Pi-hole sees the new host name, tries to resolve the host name and fails because it is not yet known in the network table. Then, asynchronously at some later point in time, FTL has a chance to determine the MAC address associated to this IPv6 address and can correlate the addresses in the network table. It is here forth known (so also when you looked), but it wasn't known at the single point in time when the query was new. Apple was one of the first companies whose devices randomized their IPv6 address frequently. In the very early days of this feature, it was really aggressive on this potentially creating hundreds of "new" devices per hour (!) even in a small home-scale network. Hence, we changed the default for trying to resolve IPv6 addresses to only once at the very beginning. You could try changing the refresh setting from You could also try the new branch
Int he |
I will try. But I think that reverse lookups for IPv6 addresses are not the main issue here. Network tables shows that pihole somewhere knows that - in my case - 192.168.179.169 and fd2b:43d7:e9a:b2:bcd9:887e:4e0b:edd are addresses from the same device. So what I would expect is that query log shows the device host name for the IPv4 address (it does) and the IPv6 address (it does not). On my network, OpenWRT/dnsmasq does not resolve the IPv6 addresses to the hostname, I do not exactly know, why. Maybe because OpenWRT uses dnsmasq for DHCPv4 and odhcpd for DHCPv6, but dnsmasq does not know about the IPv6 leases. Also, SLAAC breaks dns resolution. So using the network table to merge IPv4 and IPv6 together is a great approach. |
Are you using EDNS0 to use MAC address to assign hostnames to ipv6 addresses? In my case ive noticed that when i get a new ipv6 address I have to wait for the hourly PTR cycle which will then check against my piholes network device history and match MAC addresses and then assign the hostname to the address which will then be reflected in the query log. Also please take a look at my previous issue here and see if you think its similar to what you are experiencing? (#1978) |
Yes, that's the plan. |
Do you have EDNS0 enabled in OpenWRT? |
Sure and that works fine. The options have been introduced to OpenWRT some month ago and are also available in LuCI (openwrt/openwrt#15965 and openwrt/luci#7198). I use pihole as ustream DNS server. That's also to make sure that pihole is involved when clients use SLAAC or the default gateway as DNS server. |
Sounds like your setup should work fine then. I have same setup with OpenWRT and Pihole using EDNS0 and my ipv6 clients resolve with SLAAC. The only issue i had was how fast the ipv6 hostnames resolve in pihole, which is discussed in the issue i linked previously. |
Well, it still does not work as expected on my setup. IPv6 addresses are not resolved in pihole. For my computer, I can see one "Network table" entry, but I can see three types of entries in statistics and query log. One for the host name, one for the IPv4 address and one for the IPv6 address. Regardless if I use SLAAC or DHCPv6 or whatever. IPv6 addresses are not mapped to the network table. This makes logs, statistics and maybe blocking somewhat useless and unreliable. |
Did you try with the custom binary from the special branch I prepared? How do the related |
I can see several entries like this in Query Log:
The IPv6 host fd2b:43d7:e9a:b2:c022:bd26:228f:3e04 is known in network table:
So I would expect that the hostname is shown in query log, not the IPv6 address. I can see some more addresses that should be known in network table, but are not resolved. 99% are resolved, but 1% not.
Docker Tag nightly
Core vDev (development, 03932e8c)
FTL vDev (development, 8478079)
Web interface vDev (development, 96f9ee6a)
The text was updated successfully, but these errors were encountered: