Greetings. I’ve been ignoring a problem with my pfsense routers at work that I’d like to solve. Or at least understand.
Scenario:
I have 3 pfsense routers. One at home, and one at each garage I operate a auto repair business out of. All locations use Comcast internet. Both garages have ‘business internet’. (Pay more for less speed is what that means) With basic default installs of pfsense the home instance worked out of the box. Each shop locations computers could not resolve IP addresses when browsing to www.google.com, etc.
I could go into the DHCP server settings and declare 75.75.75.75 and 75.75.76.76 as DNS 1 and 2 servers, then computers can browse the internet. Things aren’t perfect though, captcha robot checks often don’t appear where they are supposed to, Amazon’s website breaks regularly, can’t download files from Google drive. Other symtpoms. When attempting to tweak things and see what works going to System->General Setup and unchecking DNS Server Override appears to have fixed some of the weird issues I was having on websites (only captcha robot check is easily repeatable). (Still cannot download files from Google drive, HTTP Error is what I always get. Can download same file from home on same user.)
The most obvious difference I see between my Business internet and my home internet is the business pfsenses list IPv6 addresses on the System Overview → DNS Servers on the dashboard. (At least until I unchecked DNS Server Override) where as my home instance only has the same two IPv4 DNS servers.
Any idea why pfsense doesn’t like how my business internet service is handling DNS?
I am not an IPv6 expert, but as far as I know, you either need to disable IPv6 completely, as @Tom suggests, or, if you want to use IPv6, you need to make sure it’s configured consistently, which means that in addition to the IPv4 addresses, you also need to add the IPv6 addresses of the DNS services you are using.
There are few YouTube videos out there explaining how to setup IPv6 with pfsense / opnsense. apalrd’s adventures have few examples.
While I’ve had IPv6 running internally on my pfsense it was more trouble than it’s worth so I only use IPv4 and IPv6 on the WAN and use IPv4 internally. The IPv6 works great with Wireguard which is what I use it for. Internal routing is still IPv4 and pfsense takes care of that part automatically.
Greetings Tom. You suggestion to disable IPv6 was helpful. I wasn’t entirely sure how to ‘properly’ do this in pfsense. I disabled the DHCPv6 server. That didn’t appear to help much. I tried turning off the IPv6 config type in the LAN interface, but it complained about the Router Advertisement Service. I couldn’t make sense of that, and eventually found out that on the WAN interface I could change the IPv6 config type to ‘None’.
This single change appears to have made all my troubles disappear on my local computers.
