[TriLUG] AT&T IPv6 + DNS + Pi-Hole(?)
Joseph S. Tate via TriLUG
trilug at trilug.org
Tue Jan 16 17:35:51 EST 2024
I have AT&T fiber at home, and IPv6 just works, but I'm trying to figure
out how to add Pi-Hole (running on Ubuntu 22.04 Raspberry Pi 4) to the mix
to block mobile ads mostly, but also because AT&T is pretty bad at running
DNS, and I want real hostnames on my local devices again. (I've disabled
the AT&T DNS/search suggestion hijacking in my account already).
I think I just want to disable DHCPv4 on the modem, and run it on my
Pi-Hole instead. I'm pretty confident that I can get the IPv4 stuff figured
out, but I'm having a hard time with the IPv6 setup because of the weird
prefix delegation that AT&T does. For the uninitiated, the modem gets a /60
PD on the WAN side and then re-delegates half of those /64s to requesters
on the LAN side, but you must both number the PD, and request a /64 (which
breaks some configuration validators).
My understanding is that to run my own DHCPv6 on the Pi-Hole/DNSMasq, I
have to request a PD according to the AT&T paradigm via the OS's networking
stack (systemd.networkctl in this case, not network manager), run DHCPv6
(via systemd or dnsmasq), then configure DHCPv6 to use the local address as
the advertised DNS server.
Does anyone have a recipe for how to request a prefix delegation from Linux
directly via SystemD? I've read the man pages carefully, but I am not
understanding how to do it. I have figured out how to request a fixed
address via the IPv6Token field, but I can't seem to request the PD. Then
where do I go? I get confused reading about setting up DHCPv6 in DNSMasq or
systemd.
Another question I have about DHCPv6 is how does it limit its scope? If I
have to continue to run DHCPv6 on the AT&T device, how do I get a v6
address from the Pi-Hole vs the AT&T device if the network is flat and the
PD comes from the modem? Do I have to set up a firewall between the Network
and the AT&T modem to block DHCPv6 so that it doesn't answer? Does it not
work if the DHCPv6 downstream is on the same network segment as the
upstream? Could I use VLANs and virtual bridges somehow to fake two
interfaces (I do have a managed switch)? Should I just look for a good
USB-3 network adapter that works with RaspberryPi?
Sincerely,
--
Joseph Tate
More information about the TriLUG
mailing list