My Omada DNS Proxy, Local DNS (Pihole/Adguard/Technitium), IPv6 Internet Access Configuration
I've finished my weekend project of replacing my old USG-3P with an ER707-M2 and wanted to document it.
I have a VM running Technitium DNS server (was a Pi Hole / Adguard Home server) that performs ad blocking and also resolves a local domain.
I wanted the internet DNS to still resolve if my local server was offline for one reason or another. This would be a common scenario for businesses that may only have a single active directory domain controller.
I also wanted IPv6 to use my local DNS server instead of potentially bypassing it. This again also affects businesses that might want IPv6 internet/WAN support but need to ensure only their AD server is handed out for DNS.
I found using SLAAC + RDNSS only handed out the DNS servers in my list while stateless DHCP added the ISP servers in addition to my defined DNS which could lead to unintentional bypassing of my local DNS.
These are the settings that I found worked best for my network and gave me the redundancy I was looking for.
WAN Settings
My ISP (Rogers/Shaw in Canada) uses DHCP and SLAAC/DHCPv6 for IPv6. My modem is also in bridge mode.
For IPv6 Support I set:
Connection Type: Dynamic IP (SLAAC/DHCPv6)
Get IPv6 Address: Automatically
Prefix Delegation: Enable
Prefix Delegation Size: 64
DNS: Get from ISP Dynamically
LAN Settings (under Advanced Settings)
DNS Servers: Manual
First DNS points to my local DNS server. e.g. 192.168.0.10
Second DNS points to my Omada gateway. e.g. 192.168.0.1
DNS Servers: Auto -- does work too but then your DNS server will only see your gateway as a client assuming you configure DNS proxy below.
Configure IPv6
IPv6 Interface Type: SLAAC + RDNSS
Prefix: Get from Prefix Delegation
IPv6 PD Interface: WAN
IPv6 Prefix ID: 0
DNS Server: Manual
First DNS points to the link local of my DNS server. e.g. fe80::92aa:d324:8008:1355
Second DNS blank.
DNS proxy on the gateway doesn't support IPv6 and having redundant DNS servers for IPv6 doesn't matter to me as all my devices will be IPv4 only or dual-stack.
Device Config > DNS > DNS Proxy
DNS Proxy: Enabled
First DNS points to my local DNS server. e.g. 192.168.0.10
Second DNS points to Cloudflare or Google. e.g. 1.1.1.1
After updating my Omada Gateway I also setup LAN DNS to mirror the local domains for the added redundancy.
In a business environment you can use the LAN DNS forwarding option to forward your active directory domain to your AD server.