How to enable ipv6 DNS filtering
299 views
Skip to first unread message
Robert Leckie
Jun 17, 2015, 5:45:59 PM6/17/15
to nxfil...@googlegroups.com
I must be missing something because I see where it says nxfilter supports ipv6. My machine has a valid routeable ipv6 address but when I start the nxfilter process (via startup.sh) it never starts listening on port 53 on the ipv6 address. Is there something in the config.default or in the config->setup that I need to do to have it start listening on the ipv6 address?
thanks
Jinhee
Jun 17, 2015, 8:10:01 PM6/17/15
to nxfil...@googlegroups.com
NxFilter responds with IPv6 address but it doesn't listen on IPv6 address. This is because when you are talking to NxFilter with your IPv6 address it can't differentiate users as we use IPv4 address
for authentication. If we use IPv6 for authentication that would make things very complicated. However this doesn't means that you can't make it listening on IPv6. We have an option on its startup.bat
or startup.sh file.
But if you just talk to NxFilter on IPv4 then things are fine. You can send IPv6 queries through NxFilter still. And you can setup NxFilter's own IPv6 address as well. Actually if you are in dual stack
environment that might be the way. As of v2.7.6 it has IPv6 address setup on Config > Setup.
for authentication. If we use IPv6 for authentication that would make things very complicated. However this doesn't means that you can't make it listening on IPv6. We have an option on its startup.bat
or startup.sh file.
But if you just talk to NxFilter on IPv4 then things are fine. You can send IPv6 queries through NxFilter still. And you can setup NxFilter's own IPv6 address as well. Actually if you are in dual stack
environment that might be the way. As of v2.7.6 it has IPv6 address setup on Config > Setup.
Robert Leckie
Jun 17, 2015, 8:42:08 PM6/17/15
to nxfil...@googlegroups.com
In my particular application I am not concerned about authentication, but about the DNS filtering. We have to run ipv6 for various reasons and windows by default will talk to the ipv6 DNS servers before the ipv4 DNS servers. This means that it is very easy to bypass nxfilter DNS. I cannot seem to find documentation on the startup.sh for listening in ipv6 addresses as you mentioned.
Also in the config > setup I see where the ipv6 redirection IP is but I do not see any other settings. Is the redirection the only setting?
Thanks
Also in the config > setup I see where the ipv6 redirection IP is but I do not see any other settings. Is the redirection the only setting?
Thanks
Jinhee
Jun 17, 2015, 9:21:50 PM6/17/15
to nxfil...@googlegroups.com
Just setup NxFilter as your IPv6 DNS server. Your clients can't talk to it and then they will use IPv4 DNS server. In my case I also use IPv6 address but can't bypass it.
When you open startup.sh file then you will see something about IPv4 only you can remove it. But I wouldn't do that.
On Config > Setup we have IPv6 redirection IP as we need to respond with IPv6 address sometimes. But if you use Rob's NxFAdmin you may not have it if he didn't
update it yet.
When you open startup.sh file then you will see something about IPv4 only you can remove it. But I wouldn't do that.
On Config > Setup we have IPv6 redirection IP as we need to respond with IPv6 address sometimes. But if you use Rob's NxFAdmin you may not have it if he didn't
update it yet.
Jinhee
Jun 17, 2015, 9:25:55 PM6/17/15
to nxfil...@googlegroups.com
This is the option,
java -Djava.net.preferIPv4Stack=true
You will have a problem with block-page as well.
java -Djava.net.preferIPv4Stack=true
You will have a problem with block-page as well.
Reply all
Reply to author
Forward
0 new messages