Business Community > Gateways > BUG: IPv6 clients bypass Omada DNS proxy and Omada LAN DNS function
< Gateways

BUG: IPv6 clients bypass Omada DNS proxy and Omada LAN DNS function

BUG: IPv6 clients bypass Omada DNS proxy and Omada LAN DNS function

BUG: IPv6 clients bypass Omada DNS proxy and Omada LAN DNS function
BUG: IPv6 clients bypass Omada DNS proxy and Omada LAN DNS function
Friday - last edited Friday
Tags: #DNS #DHCP Service #WAN Setup #Security
Model: ER7412-M2  
Hardware Version: V1
Firmware Version: 1.1.0

To recreate this issue, enable the DNS Proxy and LAN DNS on an Omada Gateway following the instructions here:

 

"How to configure DNS Proxy on the Omada Gateway"

https://support.omadanetworks.com/ae/document/13244/

 

"How to Configure LAN DNS on Omada Gateway"

https://www.tp-link.com/us/support/faq/4504/

 

At this point clients using DHCP should be given the IP addresses of the DNS Proxy and be able to resolve LAN DNS addresses.

 

However in out testing this only works for clients with no IPv6 support. Even with DNS Proxy enabled, the DHCP server continues to give IPv6 clients the external IPv6 DNS server addresses (as well as the IPv4 address for the DNS proxy).

 

We tried to fix this by overriding the IPv6 DNS to the IPv6 address of the Gateway, but we found the DNS Proxy doesn't respond on the Gateway's IPv6 address.

 

We tried to fix this by overriding the IPv6 DNS to the (mapped) IPv4 address of the Gateway, but that didn't work either.

 

This means any IPv6 clients bypass the proxy, so secure DoH/DoT cannot be used and also IPv6 client can't resolve LAN DNS domain names.

  0      
 
  0      
 
#1
Options
2 Reply
Re:BUG: IPv6 clients bypass Omada DNS proxy and Omada LAN DNS function
Yesterday

Hi   @whereisaaron 

 

Thanks for posting here.

Before we say it's a bug, please share the config pages mentioned with us.

Do you use Omada controller? If yes, please also let us know the type and firmware version number of the controller you are using. Thanks.

Wish you a happy life and smooth network usage!  >Omada US Enterprise Beta Program Launch< >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
  0  
  0  
#2
Options
Re:BUG: IPv6 clients bypass Omada DNS proxy and Omada LAN DNS function
6 minutes ago - last edited 5 minutes ago

@Vincent-TP 

 

> Before we say it's a bug, please share the config pages mentioned with us.

Do you use Omada controller? If yes, please also let us know the type and firmware version number of the controller you are using. Thanks.

 

Oh sure. Sorry for not including that detail. I am using an OC300 controller with latest firmware:

 

   1.33.10 Build 20260408 Rel.53393 (Stable)

 

The DNS Proxy and LAN DNS are configured as per the Omada documentation I linked in my original post and below:

 

"How to configure DNS Proxy on the Omada Gateway"

https://support.omadanetworks.com/ae/document/13244/

 

"How to Configure LAN DNS on Omada Gateway"

https://www.tp-link.com/us/support/faq/4504/

 

I am testing with DHCP clients running Windows 11 Pro (latest) with wired connection using Omada switches with latest firmware under the same controller (SG3210X-M2 & SG2210XMP-M2 all on 1.0.21 firmware). The gateway is an ER7412-M2 also on the latest firmware (1.1.0) . I am checking the assigned DNS servers on the clients with "ipconfig /all" and testing DNS lookup with "nslookup".

 

With DNS Proxy disabled, the Windows clients get the IPv4 and IPv6 DNS servers automatically configured by the ISP. With DNS Proxy enabled, the Windows clients get the Gateway IP address for IPv4 DNS, but the IPv6 DNS is still the IPv6 DNS servers automatically configured by the ISP.

 

Does that help recreate this result?

 

 

 

  0  
  0  
#3
Options

Information

Helpful: 0

Views: 46

Replies: 2

Tags

DNS DHCP Service WAN Setup
Security
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.