Modify RDNSS in Router Advertisements on Linux/pfsense/OpenWrt

Question

I have a linux box that acts as a bridge behind my ISP's modem-router. The reason I need bridge mode is because the ISP router doesn't support IPv6 prefix delegation. If I use my additional linux box in bridge mode, this will naturally "forward" IPv6 router advertisements to its own downstream clients without the need of a separate prefix/subnet.

However, I want to run a PiHole in my network as well. Unfortunately, the ISP router doesn't allow to manually set DNS servers to distribute to local clients. Therefor, I am thinking if it is possible to use the firewall on my linux box to not just block router advertisements, but instead to modify the RDNSS part of the RA message, OR to simply block RAs from the ISP router and setup my own radvd/odhcpd to simply advertise the prefix and my custom DNS servers.

So, has this been done? I couldn't find anything. I guess I would have to extract the data from the ISP router's RA with a custom script and then use this script to configure my own radvd/odhcpd instance?

Also, I assume this will be a bit heavy on the CPU, as this seems to imply DPI firewalling, am I right?

Answer 1

Since you are presumably running the DHCPv6 client on your Linux box, it would be cleanest to disable router advertisements on your ISP-provided router and run radvd on your Linux box.

This methodology has several advantages:

1. You can dynamically adjust the prefix being advertised based on what prefix your ISP is delegating to you (as this could change over time) using a script.
2. You can advertise your Pi-Hole DNS server via RDNSS.