Question about pfsense and CloudFlare

[S-F]

I followed this guide to set up CloudFlarfe as my DNS server on my pfsense machine and my results are a bit off it would seem. Instead of the three servers that I specified in pfsense, the two CloudFlare servers and Google, I see what I believe is an IPv6 address listed first, then the two CloudFlare servers followed by Google. See attached:

Any thoughts?

 

[FNtastic]

Currently on the road. But, from a quick Google on my phone, that looks like the IPV6 DNS provided by Comcast. May want to turn off IPV6, or find the IPV6 DNS you want to use and update them. I'll see what I can do to help more when I get home, if you're still running into trouble.

 

[S-F]

Thanks for the tip! Yes it's true. I am a subject of the evil empire, Comcast. When you say "turn off IPv6" what do you mean specifically? How do I accomplish this in pfsense?

 

[FNtastic]

Thanks for the tip! Yes it's true. I am a subject of the evil empire, Comcast. When you say "turn off IPv6" what do you mean specifically? How do I accomplish this in pfsense?

Interfaces -> WAN -> IPv6 Configuration Type -> set to None, Save, Apply. Then do the same for LAN interface. That should take care of it. Flush your DNS cache on your machine if you're still getting undesired results. The command in Windows is

ipconfig /flushdns

 

[S-F]

Hmmm. Works for the WAN. For the LAN I get this error:


"The DHCP6 Server is active on this interface and it can be used only with a static IPv6 configuration. Please disable the DHCPv6 Server service on this interface first, then change the interface configuration."

 

[FNtastic]

Hmmm. Works for the WAN. For the LAN I get this error:


"The DHCP6 Server is active on this interface and it can be used only with a static IPv6 configuration. Please disable the DHCPv6 Server service on this interface first, then change the interface configuration."

Services -> DHCPv6 Server. See if you can disable it there.

 

[S-F]

Still not working. I still see the Comcast address. I did an ipconfig/release -> ipconfig/flushdns -> ipconfig/renew after disabling the DHCPv6 server. I'm thinking that this setting is only for the LAN. But what the Hell do I know?

EDIT: The DHCPv6 relay is disabled as well.


EDIT PART 2: For the Hell of it I decided to restart the machine. Now the Comcast address is gone. I assumed that flushdns would do it. Any ideas on which setting fixed this?

 

[FNtastic]

Still not working. I still see the Comcast address. I did an ipconfig/release -> ipconfig/flushdns -> ipconfig/renew after disabling the DHCPv6 server. I'm thinking that this setting is only for the LAN. But what the Hell do I know?

EDIT: The DHCPv6 relay is disabled as well.

Any other ideas?

The way to turn off IPV6 we've already done. Which is to turn it off in the WAN interface. You shouldn't need to do anything else. At this point, you might be troubleshooting Windows or pfsense. It's hard to say which one since what we've done should have disabled it. You might want to try rebooting the pfsense firewall and your Windows machine. You might also go into your DHCP status for the WAN and try to release the lease. Status -> interface -> release.
If you still run into trouble, download Wireshark. Release your IP on the Windows machine, begin packet capture as you enable your interface and it receives the DNS. That should help dig in to it deeper.

 

[Grebuloner]

Try these things:

1) On your Windows computer, network adapter properties, TCP/IPv4 (and again with TCP/IPv6), is it set to obtain DNS server address automatically? (If yes, see #2 for my ISP-avoiding DNS setup in pfsense). Or you can tell it to use specific DNS server addresses in that window. Go to the Advanced button to add more than two. ipconfig will list just those addresses.

2) PFSense > System > General Setup: This is my DNS configuration setting (the IPv6 DNSes are Cloudfare), multiple tests on the pfsense box and on systems themselves verify that it doesn't use the proprietary DNS my ISP assigns me. The Windows boxes are set to "Obtain DNS server address automatically" and list the PFsense IP as the DNS address in ipconfig.

I also have the DNS Resolver (Services > DNS Resolver) configured as such (the blued out box is a DMZ VLAN), all other settings basically left to default.

 

[FNtastic]

Yep. Like suggested in my first post, you always have the option to add the appropriate IPV6 DNS to pfsense.

Looks like Grebuloner has that information.

Although, very odd that you're still getting IPV6 DNS assigned after disabling it. Just depends on how much time you want to spend going down that path.