1

ISP IPv6 DNS Still Populating on Clients (eero Secure & Local DNS Caching)?

I'm relatively new to this equipment and wanted to check if this is normal behavior. My ISP provides IPV6 via DHCPv6. I also have eero Secure and DNS local caching enabled.  My assumption is that secure and local dns caching would override the ISPs default DNS and use the local router as the resolver for the LAN. It seems to do that for IPv4; however, IPv6 still get the ISP assigned DNS resolver to the LAN clients? I'm afraid this may be leaking DNS requests to my ISP and not using eeros DNS servers. I have tried restarting several times and the this persists. Is this normal?

5 replies

null
    • eero_support
    • 2 yrs ago
    • Reported - view

    Hello,

    When eero Secure is enabled it uses it's own DNS and will disable automatic DNS as eero Secure uses DNS to provide blocks and protections. Can you describe how you are identifying that eero Secure DNS is not being applied to your IPv6 devices?

    Thank you,

    James

    eero Support

      • McPolygon
      • 2 yrs ago
      • Reported - view

      James Thanks for responding.

      My ISP is Comcast and I am using the supplied XB7 modem in bridge mode. I can see that the local LAN is getting the Eero's IPv4 local DNS server's IP which is correct; however, along with that an IPV6 DNS is also being broadcast on the LAN and its Comcast's (e.g. 2001:558:FEED::1) as shown in the image in the prior post. Comcast's IPV6 is being assigned to any IPv6 capable client along with the local IPv4 DNS cache on the LAN behind the Eero gateway. My fear is that since some clients prefer IPv6 over IPv4 when it comes to DNS resolution I may be leaking queries back to Comcast thereby bypassing the Secure features of the Eero along with ad blocking possibly failing by using the IPv6 DNS over Eero's. Here are some screenshots of my setup in the app. I removed some of the unique addresses on the images for privacy.

      • eero_support
      • 2 yrs ago
      • Reported - view

      McPolygon 

      Hello,

      Thank you again for sharing all of this information. I would like to take a closer look at your network on our end. Can you please email this information to support@eero.com and in the subject like please put "Community Follow-Up" so I can locate the ticket that is generated and continue to look into this for you.

      Thank you,

      James

      eero Support

    • McPolygon
    • 2 yrs ago
    • Reported - view

    This was has been solved! If you have eero secure enabled any outbound DNS traffic will be redirected towards the eero DNS server. This is exactly how is should be in this type of product and any DNS server you have assigned will be redirected to eero. 👍

      • kesen
      • 2 yrs ago
      • Reported - view

      McPolygon If this is the case, then when migrating to Eero Secure DNS from custom DNS, those need to be removed in the app to avoid confusion. Obviously customers are concerned as these are still retained. And while the queries may be routed through a secure DNS server, they shouldn’t be showing the existing DNS servers in the device information for iPhone. At very least, Eero development still has some work to do with the iOS app.

Login to reply

Content aside

  • Status Answered
  • 1 Likes
  • 2 yrs agoLast active
  • 5Replies
  • 390Views
  • 3 Following