IPv6 has multiple configuration protocols and I'm not sure I have my head around them all either. Generally speaking, addressing is handled by a router because it's supposed to be handing out an address assigned by an upstream router, so IPs are assigned geographically making large router tables unnecessary. IPv6 doesn't have NAT so every PC gets a public IP and the firewall blocks traffic to/from the outside world. So in your case pfSense should be getting an IPv6 from Comcast, and requesting a subnet from Comcast to assign to PCs on your LAN.
So if your goal is to have a private IPv6 range on your LAN you should probably give up on that and just disable IPv6 on pfSense and you're done. That way PCs can use the Windows domain controller for DNS. Windows has DHCP for IPv6 but the short version is it won't work...as I vaguely recall, the spec is something like: because it's not a router, it can only assign a /128 address and mask, so no PC can talk to other PCs on the LAN. IPv6s would have to be entered on the PCs manually, or let them get IPv6 from pfSense...but then you're back to needing DNS to point to the Windows server. -- Steve Yates ITS, Inc. -----Original Message----- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Michael Munger Sent: Wednesday, September 20, 2017 11:48 AM To: list <list@lists.pfsense.org> Subject: [pfSense] IPv6? TL;DR - I think pfSense should be blocking DHCP6 requests (or responding directly), but I am still getting my ISPs IPv6 address for DNS on machines behind the pfSense firewall. This causes lookup problems since their DNS server is not reliable. I suspect I have a bad config in my pfSense firewall (user error), and need guidance on how to resolve this. Background: I have severe problems with IPv6. Most of the IPv6 requests time out, forcing anything that is IPv6 enabled to fall back to IPv4. There's nothing wrong with IPv4, but, the timeout is supremely annoying. NOTE: I understand there is a difference between pfSense and DHCP requests from a client machine. My IPv6 skills are not as strong as my IPv4 skills, so my solution has been to disable IPv6 on any machine that has a problem. But that's a bandaid, and not a good solution. Symptoms: I seem to be getting a DNS server of 2603:3001:3805:10f0:223:7dff:fe3b:73ac, which is my ISP's DNS Server (Comcast). I cannot figure out where this is coming from. It appears to be coming from Comcast, THROUGH pfSense. How is this DHCP request traversing pfSense to the WAN? I have a local Windows server, with an fe80:: address, which is a DNS server also. Not sure why this is not being set as DNS via DHCP6 (different issue). What I want: I need to stop the timeouts by controlling where the lookups go (which servers are getting served in the DHCP6 requests), which cause the network to bottleneck and request to take forever. Is there an IPv6 guide / tutorial that I have been unable to find with Google? I would like to be able to configure pfSense to ignore / block any upstream DNS servers when DHCP6 requests go out. Or, in the alternative, control where they go so I can point them at wither my Windows DNS or a bind9 server (or even the resolver in pfSense). Perhaps pfSense is forwarding the requests upstream instead of responding itself? -- Michael Munger, dCAP, MCPS, MCNPS, MBSS High Powered Help, Inc. Microsoft Certified Professional Microsoft Certified Small Business Specialist Digium Certified Asterisk Professional mich...@highpoweredhelp.com <mailto:mich...@highpoweredhelp.com> _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold