Business Community > Gateways > BUG: IPv6 clients bypass Omada DNS proxy and Omada LAN DNS function
< Gateways

BUG: IPv6 clients bypass Omada DNS proxy and Omada LAN DNS function

BUG: IPv6 clients bypass Omada DNS proxy and Omada LAN DNS function

BUG: IPv6 clients bypass Omada DNS proxy and Omada LAN DNS function
BUG: IPv6 clients bypass Omada DNS proxy and Omada LAN DNS function
a week ago - last edited a week ago
Tags: #DNS #DHCP Service #WAN Setup #Security
Model: ER7412-M2  
Hardware Version: V1
Firmware Version: 1.1.0

To recreate this issue, enable the DNS Proxy and LAN DNS on an Omada Gateway following the instructions here:

 

"How to configure DNS Proxy on the Omada Gateway"

https://support.omadanetworks.com/ae/document/13244/

 

"How to Configure LAN DNS on Omada Gateway"

https://www.tp-link.com/us/support/faq/4504/

 

At this point clients using DHCP should be given the IP addresses of the DNS Proxy and be able to resolve LAN DNS addresses.

 

However in out testing this only works for clients with no IPv6 support. Even with DNS Proxy enabled, the DHCP server continues to give IPv6 clients the external IPv6 DNS server addresses (as well as the IPv4 address for the DNS proxy).

 

We tried to fix this by overriding the IPv6 DNS to the IPv6 address of the Gateway, but we found the DNS Proxy doesn't respond on the Gateway's IPv6 address.

 

We tried to fix this by overriding the IPv6 DNS to the (mapped) IPv4 address of the Gateway, but that didn't work either.

 

This means any IPv6 clients bypass the proxy, so secure DoH/DoT cannot be used and also IPv6 client can't resolve LAN DNS domain names.

  0      
 
  0      
 
#1
Options
4 Reply
Re:BUG: IPv6 clients bypass Omada DNS proxy and Omada LAN DNS function
Tuesday

Hi   @whereisaaron 

 

Thanks for posting here.

Before we say it's a bug, please share the config pages mentioned with us.

Do you use Omada controller? If yes, please also let us know the type and firmware version number of the controller you are using. Thanks.

Wish you a happy life and smooth network usage!  >Omada US Enterprise Beta Program Launch< >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
  0  
  0  
#2
Options
Re:BUG: IPv6 clients bypass Omada DNS proxy and Omada LAN DNS function
Wednesday - last edited Wednesday

@Vincent-TP 

 

> Before we say it's a bug, please share the config pages mentioned with us.

Do you use Omada controller? If yes, please also let us know the type and firmware version number of the controller you are using. Thanks.

 

Oh sure. Sorry for not including that detail. I am using an OC300 controller with latest firmware:

 

   1.33.10 Build 20260408 Rel.53393 (Stable)

 

The DNS Proxy and LAN DNS are configured as per the Omada documentation I linked in my original post and below:

 

"How to configure DNS Proxy on the Omada Gateway"

https://support.omadanetworks.com/ae/document/13244/

 

"How to Configure LAN DNS on Omada Gateway"

https://www.tp-link.com/us/support/faq/4504/

 

I am testing with DHCP clients running Windows 11 Pro (latest) with wired connection using Omada switches with latest firmware under the same controller (SG3210X-M2 & SG2210XMP-M2 all on 1.0.21 firmware). The gateway is an ER7412-M2 also on the latest firmware (1.1.0) . I am checking the assigned DNS servers on the clients with "ipconfig /all" and testing DNS lookup with "nslookup".

 

With DNS Proxy disabled, the Windows clients get the IPv4 and IPv6 DNS servers automatically configured by the ISP. With DNS Proxy enabled, the Windows clients get the Gateway IP address for IPv4 DNS, but the IPv6 DNS is still the IPv6 DNS servers automatically configured by the ISP.

 

Does that help recreate this result?

 

 

 

  0  
  0  
#3
Options
Re:BUG: IPv6 clients bypass Omada DNS proxy and Omada LAN DNS function
Thursday

Hi  @whereisaaron 

 

Thank you for your reply. The two instructions only provided configuration steps. Could you share how you configured them? For example, was the proxy set to an IPv6 address?

 

Please share screenshots of the key information for these two configurations. To protect your privacy, feel free to blur or mask any sensitive information. Thank you!

whereisaaron wrote

@Vincent-TP 

 

> Before we say it's a bug, please share the config pages mentioned with us.

Do you use Omada controller? If yes, please also let us know the type and firmware version number of the controller you are using. Thanks.

 

Oh sure. Sorry for not including that detail. I am using an OC300 controller with latest firmware:

 

   1.33.10 Build 20260408 Rel.53393 (Stable)

 

The DNS Proxy and LAN DNS are configured as per the Omada documentation I linked in my original post and below:

 

"How to configure DNS Proxy on the Omada Gateway"

https://support.omadanetworks.com/ae/document/13244/

 

"How to Configure LAN DNS on Omada Gateway"

https://www.tp-link.com/us/support/faq/4504/

 

I am testing with DHCP clients running Windows 11 Pro (latest) with wired connection using Omada switches with latest firmware under the same controller (SG3210X-M2 & SG2210XMP-M2 all on 1.0.21 firmware). The gateway is an ER7412-M2 also on the latest firmware (1.1.0) . I am checking the assigned DNS servers on the clients with "ipconfig /all" and testing DNS lookup with "nslookup".

 

With DNS Proxy disabled, the Windows clients get the IPv4 and IPv6 DNS servers automatically configured by the ISP. With DNS Proxy enabled, the Windows clients get the Gateway IP address for IPv4 DNS, but the IPv6 DNS is still the IPv6 DNS servers automatically configured by the ISP.

 

Does that help recreate this result?

 

 

 

 

Wish you a happy life and smooth network usage!  >Omada US Enterprise Beta Program Launch< >Get the Latest Omada SDN Controller Releases Here< >Experience the Latest Omada EAP Firmware<
  0  
  0  
#4
Options
Re:BUG: IPv6 clients bypass Omada DNS proxy and Omada LAN DNS function
Thursday - last edited Thursday

Sure @Vincent-TP please find screen shots for all the screens mentioned in the instruction below you can click on.

 

The DNS Proxy does not have any option to specify IPv6 addresses. It is automatically the address of the Gateway.

 

The WAN settings let you manually specify IPv6 DNS servers, and I tried that, but I could find no IPv6 address for the DNS Proxy on the Gateway.

 

In the LAN setting you can configure the IPv4 address of the Gateway (where the proxy is) but there is no option to specify the IPv6 address of the Gateway. I assumed the Gateway would use a IPv6 SLAAC-generated address or an IPv6 link-local address - and I tested with both these addresses, but neither allowed access the DNS Proxy. I even trying IPv6 mapped address for IPv4 (::ffff:1.2.3.4).

 

Timezone

 

WAN (IPv4 & IPv6)

 

LAN Config (IPv4 and IPv6)

 

LAN DNS Entry:

 

DNS Proxy:

 

DNS Cache:

  0  
  0  
#5
Options

Information

Helpful: 0

Views: 130

Replies: 4

Tags

DNS DHCP Service WAN Setup
Security
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.