SLAAC or how to mess up DNS settings

calendar Oct 26, 2021 · 4 min read · network router  ·
Share on: linkedin copy

ISP issued routers are an absolute locked-down joke and disgrace. Recently I received a new router from my ISP and once I installed it all sorts of weird behaviour surfaced. I would like to use my very own DNS and DHCP server on my own network but apparently on my ISP router it is impossible to change those settings. The only setting I found that would somewhat solve my problem is to disable DHCP. But this is not enough. It seems this setting is only disabling DHCPv4 BUT NOT DHCPv6! What. the. hell. How did I notice? Well I use pihole on my network and since I cannot change the DNS settings on the router I disabled DHCP and enabled DHCP on pihole to let pihole manage the host configuration e.g. advertise the DNS settings as well as dynamically assigned IPs.

A few days later since this change I noticed that some advertisements are coming through on my phone. I checked DNS settings and lo and behold for some reason there was another DNS entry next to my expected address of pihole and it was a IPv6 address as well! Immediately I went to the DHCP settings page but I could only find settings for DHCPv4.

SLAAC or Stateless Autoconfiguration

I believe it is a problem with stateless autoconfiguration or also called SLAAC. The way this works is that if a IPv6 enabled device joins the network it configures itself with a link-local address. This is to enable communication on layer 3 with other IPv6 devices on the network. This is done by combining the link-local prefix fe80::/64 and the interfaces MAC address. The device then performs duplicate address detection to make sure its generated address is unique. The chances are very slim to have duplicate IPv6 addresses but it still makes sense.

Now the next step for this device is to send out a router solicitation message (RS). It basically works by asking all attached IPv6 routers about the global unicast prefix that is used. Destination address for this router solicitation message is ff02::2 and for source the link-local address our device generated. After that our router responds back with a ICMPv6 message called router advertisement (RA). This message includes the global IPv6 prefix and the prefix length. Now that our device received this message it configures its global unicast address by combining the routers prefix with its EUI-64 interface identifier (generated from MAC address earlier).

Apart from that the device sets its IPv6 default gateway to the routers link-local address (from where the message was received). This message however does not contain DNS servers so how did my device configure it? Well there are a few flags in the router advertisement message that control this behaviour. If the M-flag is set to 1 it indicates that addresses are available via DHCPv6. The router is basically telling devices to ask the DHCP server for addresses and DNS. Then there is the O-flag and if set to 1 it indicates that DNS information is available via DHCPv6. Whats the difference? Well this way the router is telling the devices to autoconfigure an address via SLAAC and ask the DHCP server for DNS information.

Well and there lies my problem. I believe even if the DHCPv4 server is turned off the router still sends out these router advertisements and configures the devices to use the router as IPv6 DNS server. On Linux I can easily turn off IPv6 however on my android mobile devices it is impossible

I was now about to buy and add my own router to my network instead of the ISP issued one but this would mean I have to run this new router behind my ISPs router adding more cost to my power bill and increasing complexity.

If you have any idea how to solve this problem without adding another device please don't hesitate to contact me.

Last but not least a nice quote I stumbled across while research:

"Friends don't let friends run ISP-provided routers."