Skip to content
LunarG's profile

New problem solver

 • 

12 Messages

Friday, December 5th, 2014 4:00 PM

CG3000DCR IPv6 interferes with my DHCP and DNS

I have a CG3000DCR with hardware version 1.04 and firmware version V3.01.04.

I run my own DHCP and DNS servers.  So I disable the "Enable LAN DHCP" on the "IPv4 setup" page.

But there is no specific setting on the "IPv6 Setup" page for DHCP and DNS behavior.

I found windows and linux systems on the LAN issue ICMPv6 "Router solicitation" packets.

And the CG3000DCR responds with ICMPv6 "Router advertisement" packets.

Those replies include Comcast DNS servers.

ICMPv6 Option (Recursive DNS Server 2001:558:feed::2 2001:558:feed::1)

That had the systems on my LAN sometimes going out to the Comcast IPV6 DNS servers that know nothing of my local DNS.

 

I have banished the cable modem off to a separate LAN behind another router until it learns to play well with others.

Accepted Solution

Advocate

 • 

1.4K Messages

10 years ago

Hello LunarG and welcome,

 

So, are you using a static IP in your NetGear3000 (NG3K)? if you are not and if you are running under strictly NG3K DCHP, then you cannot disable either IPV4 or IPV6 DHCP Servers. The reason for this is that your intra-networking DHCP and DNS Servers must have some access to the internet and if you disable the NG3K Lan Server, you are disabling all internal routing for Internet accessibility.  This is , of course, unless your NG3K is running in true bridge mode.

 

Is all of your inter-networking computers, applications, etc. able to operate in both IPV4 and IPV6, incluidng your internal DHCP and DNS server?

 

If you are needing IPV6 LAN setup information check out this forum post.  

 

Hope this helps you out and look forward to hearing from you.

Accepted Solution

New problem solver

 • 

12 Messages

10 years ago

Hi VBSSP-RICH,

 

I am using only IPv4, with static IPv4 addresses on both the LAN and WAN side of the cable modem.

I disable IPV4 DHCP for the LAN side of the cable modem and use separate systems for DHCP and DNS servers.

I have not taken any steps to start using IPv6.  There is no pressing need to enable it.

 

The problem with this cable modem is that it is announcing itself as an IPv6 router and announcing IPv6 DNS servers.

I don't want it telling the systems on the LAN anything about DNS servers.

I worked around the problem by putting the cable modem on a different LAN segment.

But that should not have been necessary.

Accepted Solution

Advocate

 • 

1.4K Messages

10 years ago

Hi LunarG,

 

So, if you are ONLY using IPV4, then is it not possible for you to disable you IPV6 LAN environment including User defined Prefix, Unicast, and EUI-64 addressing? I believe this would stop any and all announcing of any IPV6 paramters or devices for you. Try this and let us know if this helps you out.

 

So, your current workaround if to change the IPV4 LAN DHCP server address or subnet mask?

 

Look forward to hearing from you. 

Accepted Solution

New problem solver

 • 

12 Messages

10 years ago

I could experiment with changing the IPv6 configuration to get a side effect of making the router advertisement packets stop.

But that really should not be necessary.

I posted here to let folks know that the current cable modem behavior will cause trouble for any site that has its own DNS servers.

That happens without any intentional enabling of IPv6 at all.

Other folks should not have to go through the process of debugging the bad DNS behavior.

 

I already have a workaround that fixes the problem for me.

I moved the cable modem to a LAN segment of its own that does not see any "router solicitation"

ICMPv6 broadcast packets from the systems on the normal site LAN.

It has no chance to reply with bad DNS information in "router advertisement" packets.

Accepted Solution

Advocate

 • 

1.4K Messages

10 years ago

That is fine that you have a workaround that keeping your business nettwork up and running. However, Comcast has now introduced the Dual IPV4 abnd IPV6 stack implementation to provide customers the ability to prepare for the near future when IPV6 will be the primary protocol used within the computer industry.  Perhaps your DNS speciality is soemthing that Comcast needs to take a closer look at.

 

 

Accepted Solution

New Member

 • 

3 Messages

10 years ago

Hello.  I'm happy (ish) to find this forum that explains exactley what issue I've been dealing with.  So I have SBS2011 behind the Netgear CG3000CR router- firmware seems to be up to date and all checkboxes under IPV6 LAN are not checked- but the router is still giving out IPv6 address to my LAN.  How can I make it stop?  IPv6 is required for many Microsoft products and desktop OS's WIndows 7 and above will use IPv6 first before IPv4.  The effect of having the IPv6 coming from the router screws up DNS resolution for clients with it checked- on the server side it makes it impossible to sign static IPv6 address.  

 

Does anybody know how I can turn this off?  

 

Thanks! 

Patrick 

Accepted Solution

Problem solver

 • 

90 Messages

10 years ago

The NetGear CCR has a bug where we can NOT disable the DHCPv6 server, we are currently working with the vendor to fix this..

 

 

Accepted Solution

New Member

 • 

3 Messages

10 years ago

Thanks Comcast_Tuska-

 

I was going to try to work around by using the firewall to block udp 546 and 547 but the firewall on the CG3000CR doesn't like any ipv6 range I put in there (with CIDR or without).  Does the CG3000CR support an IPv6 firewall?  Could this work as a workaround?  

 

Are there any alternative modem / routers available from Comcast business?  

 

And finally- what's the ETA on a fix for disabling IPv6 DHCP on the Netgear CG3000CR?  

 

Thanks!

 

-Patrick 

Accepted Solution

New problem solver

 • 

12 Messages

10 years ago

PMcD,

 

  I placed the cable modem on a second ethernet card and routed all traffic to it through a system that ignored the IPv6 DNS.

You might get an equivalent effect by putting a simple router between the cable modem and the normal LAN.

It could prevent the ICMPv6 packets from passing between the cable modem and the systems on the LAN.

You would then need to configure firewalls and routing at the intermediate router as well as the cable modem.

That is not a nice fix.  But it could be implemented fairly quickly.

Accepted Solution

Problem solver

 • 

90 Messages

10 years ago


PMcD wrote: 

Are there any alternative modem / routers available from Comcast business?  You could ask for the Cisco DPC3939B, you can disable the DHCPv6 server

 

And finally- what's the ETA on a fix for disabling IPv6 DHCP on the Netgear CG3000CR?  Working with the vendor on this we have daily calls no ETA at this point

 

 

Accepted Solution

Gold Problem solver

 • 

610 Messages

10 years ago

Sounds like a PITA vendor 😉

Accepted Solution

New Member

 • 

3 Messages

10 years ago

Thanks Comcast_Tuska,

I  called yesterday and the techs came out and replaced the Netgear with a SMC 3D3G.  There is a box to uncheck IPv6 DHCP on the LAN side and now everything is back to normal.  

 

Regards,

Patrick 

Accepted Solution

Problem solver

 • 

90 Messages

10 years ago


@PMcD wrote:

Thanks Comcast_Tuska,

I  called yesterday and the techs came out and replaced the Netgear with a SMC 3D3G.  There is a box to uncheck IPv6 DHCP on the LAN side and now everything is back to normal.  

 

Regards,

Patrick 


Sweet..

Accepted Solution

New Member

 • 

1 Message

10 years ago

Well just to confirm and provide some additional information on this.  We are currently having the exact same problem.  In addition, the problem was set in motion by something Comcast did to our router.

 

We had the CG3000DCR router working perfectly since it was installed about six months ago. 

 

Then just a few days ago, the router starting responding to "DHCPv6/SLAAC" requests and providing all of our client machines IPv6 addresses. 

 

That in itself would be bad enough but managable.

 

HOWEVER, they also provided an IPv6 DNS address to their own DNS servers. 

 

Due to the way the Window based clients work, they use that DNS IPv6 address to resolve names over any IPv4 DNS address. 

 

But we have our own DNS server that resolves local names on our internal network.   Our internal DHCP server provides the internal DNS server address so internal names can be resolved.

The result is Comcast is now intercepting ALL DNS requests in our office, and of course returns "not found" to server names that are in our local domain.  So no client can access any server or service within our local network.

 

As reported earlier, there is no way for a CUSTOMER to turn off IPv6 on this router.  HOWEVER, Comcast is able to turn it on/off and configure it.

 

It is not clear why Comcast is blocking our control of IPv6.

 

NOTE:

 

 

  1. This is a security issue for any business using Comcast.  As you can see, Comcast was able to come in and intercept ALL our DNS requests.  They are now collecting information about ALL our internal servers/services and sites.  All without our approval.
  2. They provided no warning or notification of such a major change to the router.  If they had notified us of what change they are proposing we could have informed them of this issue.
  3. Support does not see this as a major problem.  Their answer was to "turn off IPv6 on all our clients."  Which is not reasonable when you have clients all over the place. 

 

 

 

At this time we are still waiting for some resolution from Comcast to bring our configuration back to what works. 

 

 

 

Hopefuly this can help someone else be aware of this situation and make the necessary changes to mitigatge these actions.

 

 

Accepted Solution

Problem solver

 • 

90 Messages

10 years ago


@LunarG wrote:

I have a CG3000DCR with hardware version 1.04 and firmware version V3.01.04.

I run my own DHCP and DNS servers.  So I disable the "Enable LAN DHCP" on the "IPv4 setup" page.

But there is no specific setting on the "IPv6 Setup" page for DHCP and DNS behavior.

 


A user can disable IPv6 DHCP via changing the Lease Time to "0", this will disable the DHCPv6 server..  We are working a check box like v4 has and getting the DNS Server IP's changable as well..