1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Setting up IPV6 with DNS-over-TLS

Discussion in 'Asuswrt-Merlin' started by gattaca, Jun 11, 2019.

  1. gattaca

    gattaca Regular Contributor

    Joined:
    Feb 18, 2012
    Messages:
    148
    Starting this thread to see if there's any interest in hashing this out. I've kept IPV4 set to OFF on my Asus setup forever. Opening this thread based on this -> https://www.snbforums.com/threads/cloud9-dns.56918/page-7#post-497299

    The biggest gotcha in even thinking about IPV6 is from this 2014 article -> https://major.io/2014/09/11/howto-time-warner-cable-ipv6/ (maybe there's newer) The other gotcha is I think each ISP can be slightly different.

    "IPv6 eliminates the need for network address translation (NAT). This means that by the time you finish this howto, each device in your network with have a publicly accessible internet address. Also, bear in mind that with almost all network devices, firewall rules and ACL’s that are configured with IPv4 will have no effect on IPv6. This means that you’ll end up with devices on your network with all of their ports exposed to the internet."

    I'm not really sure that's what we expect - no NAT, no router protection? Open for comments!
     
    heysoundude, Marin and Gar like this.
  2. ApexRon

    ApexRon Very Senior Member

    Joined:
    Jun 17, 2018
    Messages:
    500
    Location:
    Apex, NC
    That 2014 article is no longer accurate.

    I have Spectrum aka Time Warner as my ISP and have had IPv6 up and running for over a year on my 86U with IPv6 firewall enabled. I still use NAT because not all my devices support IPv6 and not all my destinations are IPv6 enabled.
     
    Makaveli likes this.
  3. Brenneke

    Brenneke Regular Contributor

    Joined:
    Jun 14, 2017
    Messages:
    65
    Location:
    Canada
    I am also interested in this also but first must enable IPv6 on my RT-AC68U connected to my Telus Actiontec 1200H.
    So far am stuck at whether to set Native, Passthrough or Static IPv6. following this instruction:
    https://www.asus.com/support/FAQ/113990
    I have had no success in getting assistance or information from Telus and am reluctant to experiment as my setup is working so well on latest Merlin stable.
    Can anyone please steer me in the right direction?

    Actiontec screenshots:
    upload_2019-6-11_10-55-17.png
    upload_2019-6-11_10-56-30.png
     
  4. ApexRon

    ApexRon Very Senior Member

    Joined:
    Jun 17, 2018
    Messages:
    500
    Location:
    Apex, NC
    @Brenneke
    Native.

    For DNS servers I would use 'Custom Servers' and then use whatever you want. ISP DNS servers are usually slower. I use Google: 2001:4860:4860::8888 and 2001:4860:4860::8844
     
  5. CriticJay

    CriticJay Regular Contributor

    Joined:
    May 30, 2018
    Messages:
    116
    Hey gattaca,

    What exactly is your question? IPv6 works perfectly fine with DNS-over-TLS, in case that's what you were wondering. Do you need assistance in configuring DoT on Asuswrt-Merlin?
     
    gattaca likes this.
  6. dave14305

    dave14305 Very Senior Member

    Joined:
    May 19, 2018
    Messages:
    1,023
    This is more about making the switch from IPv4 home networks to IPv6 home networks and the expected changes, driven by the recommendation to use Quad9 IPv6 server as the primary resolver. The tail is wagging the dog, but I admit I'm interested to know what to expect if I wanted to switchover to IPv6 at home.
     
  7. Swistheater

    Swistheater Very Senior Member

    Joined:
    Jul 8, 2017
    Messages:
    1,210
    Location:
    Florida
    My main concerns with going straight ipv6 is the fact that IPv6 functioning depends on ICMPv6 for error messages, path MTU discovery, multicast group management and Neighbour Discovery. IPv6 also relies upon multicast availability, which will impact on firewalls, intrusion detection and access control rules.
     
    dave14305 likes this.
  8. Marin

    Marin Very Senior Member

    Joined:
    Sep 15, 2015
    Messages:
    751
    L&LD likes this.
  9. Gar

    Gar Senior Member

    Joined:
    Aug 26, 2018
    Messages:
    398
    Location:
    US
    Can't view here either.
     
    L&LD likes this.
  10. gattaca

    gattaca Regular Contributor

    Joined:
    Feb 18, 2012
    Messages:
    148
    Correct. I was interested in trying to get QUAD9 working with IPV6 but I have always set IPV6 to OFF on my ASUS routers. I'm guessing by setting IPV6 to disabled, I cannot get the IPV6 working for DNS-over-TLS. My ISP (Spectrum) should support IPV6 but I've never tried using it. I also want to make sure I understand what might bite me if I enable IPV6.

    Correct, the interest comes from the DNS-over-TLS going on in the Network Security thread.
     
  11. CriticJay

    CriticJay Regular Contributor

    Joined:
    May 30, 2018
    Messages:
    116
    I'm basically running dual-stack (both IPv4 and IPv6) for a few months now without any issues.
     
    Makaveli likes this.
  12. Brenneke

    Brenneke Regular Contributor

    Joined:
    Jun 14, 2017
    Messages:
    65
    Location:
    Canada
    I made the changes and rebooted router but I do not have IPv6 connectivity: (https://test-ipv6.com/)
    When I connect directly through my ISP modem I do get IPv6.
    What am I missing?
    Thanks for your help!
     

    Attached Files:

  13. EmeraldDeer

    EmeraldDeer Very Senior Member

    Joined:
    Dec 22, 2017
    Messages:
    503
    Location:
    Massachusetts
    Does running the following fix it?
    Code:
    echo "1" > /proc/sys/net/ipv6/conf/eth0/accept_ra
    
     
  14. Gar

    Gar Senior Member

    Joined:
    Aug 26, 2018
    Messages:
    398
    Location:
    US
    Except for choosing my own DNS server (Quad 9) it's the same as mine. I use Cox Cable in Texas and it passes those tests.

    Do you have access to another router to test?
     
  15. Brenneke

    Brenneke Regular Contributor

    Joined:
    Jun 14, 2017
    Messages:
    65
    Location:
    Canada
    Unfortunately not.
     
  16. Brenneke

    Brenneke Regular Contributor

    Joined:
    Jun 14, 2017
    Messages:
    65
    Location:
    Canada
    I do not have another router to test.
     
  17. Swistheater

    Swistheater Very Senior Member

    Joined:
    Jul 8, 2017
    Messages:
    1,210
    Location:
    Florida
    Yea dual stack is that transition period where you would only see issues if you had slac enabled.
     
  18. Swistheater

    Swistheater Very Senior Member

    Joined:
    Jul 8, 2017
    Messages:
    1,210
    Location:
    Florida
    Screenshot_20190611-214242112.jpg It isnt an issue to run ipv6 the question you must ask yourself is does the router setup and your isp really support it to be runned by itself. It is easy to run ipv6. But even some providers dont truly fully support it to run by itself
     
  19. bbunge

    bbunge Very Senior Member

    Joined:
    Aug 11, 2014
    Messages:
    965
    Location:
    Pennsylvania USA
    I have recently been able to get IPV6 working on Comcast. First I had them replace the aged cable modem with one that supported IPV6. The modem was set up so I could use static IPV4 addresses on the four routers I have connected to the modem. Connecting a PC directly to the modem did get IPV6 address. My AC68U's were running John's fork which just would not get an IPV6 address. I upgraded each router to 384.10 (now 384.11_2) and the native IPV6 worked! I use Quad9 DNS resolvers for both IPV4 and IPV6 but have not enabled DoT on those routers yet. When I do I will alternate Quad9 IPV4 preset with IPV6 preset and repeat. I will likely modify dnsmasq and stubby to communicate on IPV4 and IPV6 loopback port 5453. For my home router I am waiting for my ISP to get native IPV6. Maybe this fall when I move and have FIOS I will get the native IPV6. But, I will not turn off IPV4!
     
  20. Brenneke

    Brenneke Regular Contributor

    Joined:
    Jun 14, 2017
    Messages:
    65
    Location:
    Canada
    I wondered if running VPN on my router was preventing IPv6 from functioning - seems this is so as Nord tells me they do not support IPv6 - so much for that!
     
    Last edited: Jun 11, 2019