Reply
New Member
Posts: 1
Registered: ‎07-26-2018

USG DNS Redirect with IPv4 and IPv6

Hi all,

I've recently switched ISPs and now have the capability to use IPv6. I've previously used this forum to redirect all rouge DNS queries back to a single Pihole (at 192.168.1.10), which has been working flawlessly for months now. However, now that I have IPv6, it appears that any IPv6 DNS queries from the Pihole are being routed back to the PiHole and sent back out as IPv4. From my existing rules (attached below), it seems to make sense since my source address uses !192.168.1.10 to ensure that only the PiHole can send out DNS queries, but I presume that the IPv6 assigned to my Pihole would also not match that rule.  

 

    "service": {
        "nat": {
            "rule": {
                 "1": {
                    "description": "Redirect DNS queries to pihole",
                    "destination": {
                        "port": "53",
                        "address": "!192.168.1.10"
                    },
                    "source": {
                        "address": "!192.168.1.10"
                    },
                    "inside-address": {
                        "address": "192.168.1.10",
                        "port": "53"
                    },
                    "inbound-interface": "eth0",
                    "protocol": "tcp_udp",
                    "type": "destination"
                },
                "5000": {
                    "description": "Translate reply back",
                    "destination": {
                        "address": "192.168.1.10",
                        "port": "53"
                    },
                    "outbound-interface": "eth0",
                    "protocol": "tcp_udp",
                    "type": "masquerade"
                }
            }
        }
    }

How can I add the IPv6 address of my Pihole to my existing DNS redirect rule? I've tried a number of things, none of which have resulted in a config that my USG was happy with. I've tried to create a group, but group members have to be all IPv4 or IPv6, not a mixture of both. Its really vexxing me!

Reply