[ previous ] [ next ] [ threads ]
 
 From:  Brian Lloyd <brian at lloyd dot com>
 To:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Fwd: [m0n0wall] IPv6 DNS server
 Date:  Fri, 14 Feb 2014 09:24:14 -0600
On Fri, Feb 14, 2014 at 3:14 AM, Jack <jack at jbyte dot org> wrote:

> Hello Brian,
>
> Do you have enabled DNS forwarder under Services > DNS forwarder?
> I would try to disable it, so monowall should assign the address of the
> DNS server instead of monowalls ip address.
>

Yes. I had to resort to that. But it was interesting that even though I had
entered both the IPv4 and IPv6 addresses of my other DNS server on the net
into m0n0wall, it was still serving up its own IPv6 address in DHCP. My gut
feel is that if the operator enters specific DNS server addresses that DHCP
should serve up those addresses and not be overridden. The fact that it
DOES serve up the operator-entered IPv4 address but not the
operator-entered IPv6 address suggests to me that this may be a bug.

This is probably a nit but I see DNS and DHCP as part of the network
infrastructure and probably handled by a different administrative group
within an IT organization. The other servers serve up application content.
I would prefer to keep DHCP and DNS inside the boxes run by the network
hackers.

You know, it would be nice if, when entering data for forward lookups in
the DNS forwarder in m0n0wall, it also constructed the zone for inverse
(in-addr) lookups. If m0n0wall had that I wouldn't have to run a DNS server
on another box. It would also be nice if the DNS forwarder served up AAAA
records. (Maybe it does -- I haven't tried it.)

I am starting to use IPv6 extensively to ensure full connectivity and
reachability of all my hosts. Is anyone else using IPv6 extensively with
m0n0wall? I have had to do that because I can't get any ISPs to route my
class-C netnum. (Yes, I still have my own class-C. I used to have a class-B
but decided I just didn't need that much routable address space anymore.) I
have been thinking of setting up a tunnel-box in a co-lo that would be
willing to route my class-C and then tunneling back to that with IPSEC.
Anyone know of any co-lo's that have sufficient pull with their ISPs to
pull off native routing for a class-C?

-- 
Brian Lloyd, WB6RQN/J79BPL
706 Flightline Drive
Spring Branch, TX 78070
brian at lloyd dot com
+1.916.877.5067