Pihole with IPv6 ULA on Unifi USG

I’m running a pair of Piholes on my network at home. Why two?  Why not? For the sake of a few quid it adds redundancy. It does mean I have to maintain the blacklists/whitelists on both separately (I haven’t setup an rsync) and it splits the stats in two but neither of these things are insurmountable. 

There’s also the question of why should I run IPv6 at home?  It’s been a labour of love to get it all working over the last few months but I just wanted to get it working because I knew that it should work. My ISP is giving me a PD so I simply want to use it! I could happily run on IPv4 on my home network for a long long time, hiding behind a NAT but where’s the fun in that? 🙂 

The issue I have with my broadband provider is that my IPv6 prefix delegation (PD) changes from time to time so I can’t reliably give out addresses from the PD as IPv6 DNS servers as the addresses change from time to time. The way to fix this is to use Unique Local Addresses (ULA) from the fd00::/8 range (the IETF has reserved fc00::/7 but for various reasons, the first /8 has been held back, leaving the fd00::/8).

I’ve got Ubiquiti UniFi kit at home with a USG firewall so I needed to work out how to give out allocations from my ISPs PD along with my ULA.  Here’s the config.gateway.json file:

  

{
"interfaces": {
"ethernet": {
"eth0": {
"pppoe": {
"0": {
"dhcpv6-pd": {
"prefix-only": "''",
"rapid-commit": "enable"
},
"ipv6": {
"enable": "''",
"dup-addr-detect-transmits": 1
}
}
}
},
"eth1": {
"address": [
"192.168.100.254/24",
"fd19:2168:100a:bcde::1/64"
],
"ipv6": {
"router-advert": {
"prefix": {
"fd19:2168:100a:bcde::/64": {
"autonomous-flag": "true",
"on-link-flag": "true",
"preferred-lifetime": "14400",
"valid-lifetime": "86400"
}
}
}
}
}
},
"pseudo-ethernet": {
"peth0": {
"address": ["192.168.200.254/24"],
"description": "Access to Modem",
"link": ["eth0"]
}
}
}
}

For some reason I had to declare the IPv4 address for the USG even though it’s defined in the Gui. It didn’t work if I just put the IPv6 address in.  Without this config the USG wouldn’t provision the IPv6 address. Odd.

The eth0 pppoe config assumes there’s a modem on the other side of the firewall connecting the network to a broadband network and has no bearing on the ULA config but it is helping getting the delegated prefix from the ISP. The pseudo-ethernet stanza gives me access to the modem which sits on the other side of the firewall.

Finally, I’ve set static IPv6 addresses on the Piholes and set those as custom name servers.

garan

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.