feature request: add IPv6 to preferred DNS resolvers
The addition of IPv6 support to v2.2.0 in June was much welcomed.
One niggle is that Amplifi preferred DNS resolver config. still only permit IPv4 addresses. Could IPv6 preferred DNS resolvers be added to a future release?
Yogi P on a support chat today suggested this forum to post a feature enhancement. Request was previously noted on the Reddit /Amplifi forum post from June.
Use case, for me, is substituting OpenDNS resolvers for the ISP's. Attempting to add OpenDNS IPv6 resolver addresses (2620:0:ccc::2, 2620:0:ccd::2), instead of or in addition to their IPv4 addresses returns "Invalid address".
So my LAN hosts end up with the preferred OpenDNS IPv4 resolvers plus the ISP's IPv6 resolvers, which is suboptimal. My workaround since June has been to configure the Amplifi in bridge mode and use an external router (Mikrotik).
@a-j-klopp IPv4 resolvers should be able to answer IPv6 queries no?
Yes, but not the issue.
Want the Amplifi DNS prefs to allow IPv4 and IPv6 settings, so OpenDNS gets all queries, not just those over IPv4.
Sondre Eikanger Kvalø
+1 for separate IPV6 DNS setup option. Just switched to quad9.net and would like to have all my IPV6 DNS traffic covered as well
@german-martinez Is it the case that when IPv6 is enabled, the Amplifi router will use the specified IPv4 DNS servers, and not some assigned from upstream (ISP) DHCP?
I'm trying to verify that I can use IPv6 and my Pi-hole, even though I cannot set the IPv6 DNS address directly.
Edit: After testing, it looks like this is the case. I did an
nslookup -debug google.comand the AAAA record was returned by
192.168.1.3(my Pi-hole), and when I looked up a domain my Pi-hole blocks, the returned record was the address of the Pi-hole (that is, it was successfully blocked).
So I think it's correct to say that the Amplifi simply does not provide a DNSv6 address to its DHCP clients, so the provided DNSv4 address is used even when IPv6 is enabled, and so my Pi-hole works.
Edit #2: That only seemed to be the case on my Windows 10 machine. Soon as I did
dig +trace google.comon my MacBook, the results were being returned from a DNSv6 address owned by Comcast No IPv6 for I guess.
Dmitrijs IvanovsThis post is deleted!
@andrew-schwartzmeyer We are aware of IPv6 DNS issue. This is a little bit deeper problem than it seems. I hope we will address it in upcoming firmware releases.
@dmitrijs-ivanovs Thank you!
Any updates on this request? This is important for properly working Pi-Hole with IPv6 enabled
@dmitrijs-ivanovs Any updates on this? With Google now supporting DNS-over-TLS I'd like to be able to set a DNS IPv6.
+1 for this feature request...thanks Ubnt (I love the fact that we get any updates)!
@dmitrijs-ivanovs Would you please provide us with an update? Is there any chance this will be in the next firmware release? Thank you!
I have the same question, will this feature be added to the next update?
Another +1 on asking for an update. I'm using an Amplifi with a Pi-hole for DNS. However, I'm on a large North American ISP who provides excellent IPv6 ... and so much of my connectivity is happening over IPv6.
But since the Amplifi won't let me set the IPv6 DNS servers, it's passing along my ISPs DNS servers (over IPv6), and so I'm losing the benefit of using the Pi-hole.
For what it's worth, I just installed Pi-Hole with dnscrypt-proxy and was able to get it to serve DNS for all IPv6 (and therefore block IPv6 ads). Not only that, but "amplifi.lan" and other local hostnames show up in the Pi-Hole stats. Here's a very basic rundown that hopefully covers the major obstacles I ran into:
- First make sure you have IPv6 working on your Amplifi, period (this required enabling DHCPv6 and waiting several minutes for me)
- Install Ubuntu server 18.04 on an old PC
- Install pi-hole with options to block IPv6 ads (so that it gets an IPv6 address)
- Install dnscrypt-proxy from the PPA, not the stock v1.9.5 that comes with Ubuntu (i.e. sudo apt purge dnscrypt-proxy && sudo add-apt-repository ppa:shevchuk/dnscrypt-proxy && sudo apt update && sudo apt install dnscrypt-proxy)
- Set listen addresses of 127.0.2.1:5353 and [::1]:5353 in dnscrypt-proxy.toml
- sudo nano /etc/hosts on the server, and add a line after the first one reading "127.0.2.1 dnscryptproxynameserver" or whatever name you want to show up in the Pi-Hole stats
- Go to the DNS settings in the Pi-hole admin panel, and allow only DNS from 127.0.2.1#5353 and ::1#5353
- In the "advanced DNS settings" at the bottom, enter the Amplifi's local IP (192.168.x.1) and "lan" as the local domain name.
Then I went to the Amplifi and set the Pi-hole's local IP address as the only DNS server option, and selected "Bypass DNS cache" option on the web portal page.
Laurens Van Denberghe
Not just for PiHole, just in general to get more privacy. Some ISPs sell your DNS queries.
I wish there were some advanced features on Amplifi, being experienced with Unifi I expected more from this product, a $20 router in my local tech store has more features...