Hi, I’m new to this forum, forgive if my English is a bit bad

I’m using a E50UG hex as my router, currently running 7.20.7, everything is seamless except the ipv6 dns for windows devices. All clients will receive ipv6 dns via RA, but windows devices dont do that. I spent time digging the internet and found out maybe DHCPv6 Server with option 23 may help. I tried setting up and it works, but intermittently, sometimes it works, and sometimes it breaks. Mine don’t have any firewall rule.

Thanks for helping me! Here is my current configuration:

/interface bridge
add forward-reserved-addresses=yes mtu=1508 name=bri_Lan protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] advertise=100M-baseT-full,1G-baseT-full l2mtu=1526 loop-protect=off mac-address=04:42:1A:77:7C:F8 mtu=1508 name=
ether1-FPT
set [ find default-name=ether2 ] advertise=100M-baseT-full,1G-baseT-full l2mtu=1526 loop-protect=off mtu=1508
set [ find default-name=ether3 ] advertise=100M-baseT-full,1G-baseT-full l2mtu=1526 loop-protect=off mtu=1508
set [ find default-name=ether4 ] l2mtu=1526 loop-protect=off mtu=1508
set [ find default-name=ether5 ] disabled=yes l2mtu=1526 loop-protect=off mtu=1508
/interface pppoe-client
add ac-name=HCM-BRAS-01-05 add-default-route=yes disabled=no interface=ether1-FPT max-mru=1500 max-mtu=1500 name=pppoe-out1-FPT user=sgfdl-180129-659
/interface list
add name=trust
add name=WAN
add name=LAN
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128-cbc
/ip pool
add name=dhcp_pool0 ranges=192.168.50.30-192.168.50.250
/ip dhcp-server
add add-arp=yes address-pool=dhcp_pool0 allow-dual-stack-queue=no interface=bri_Lan lease-time=12h name=dhcp1
/ipv6 dhcp-server option
add code=23 name=gg2 value=0x20014860486000000000000000008888
/ipv6 dhcp-server option sets
add name=set1 options=gg2
/queue type
set 0 cake-diffserv=diffserv4 cake-nat=yes cake-rtt=60ms kind=cake
set 4 cake-ack-filter=aggressive cake-autorate-ingress=yes cake-diffserv=diffserv4 cake-nat=yes cake-rtt-scheme=internet kind=cake
add kind=pfifo name=queue1 pfifo-limit=100
/routing bgp template
set default as=0 disabled=yes
/snmp community
set [ find default=yes ] addresses=101.96.85.0/24
add addresses=101.96.85.0/24 name=netdept
/interface bridge port
add bridge=bri_Lan edge=yes ingress-filtering=no interface=ether2 point-to-point=yes trusted=yes
add bridge=bri_Lan edge=yes ingress-filtering=no interface=ether3 learn=yes point-to-point=yes trusted=yes
add bridge=bri_Lan ingress-filtering=no interface=ether4 trusted=yes
add bridge=bri_Lan ingress-filtering=no interface=ether5 trusted=yes
/ip firewall connection tracking

ipv6 accept router advertisements configuration has changed, please restart device to apply settings

set generic-timeout=3h icmp-timeout=5m liberal-tcp-tracking=yes tcp-close-timeout=15m tcp-close-wait-timeout=15m tcp-established-timeout=2d
tcp-fin-wait-timeout=15m tcp-last-ack-timeout=15m tcp-max-retrans-timeout=15m tcp-syn-received-timeout=15m tcp-syn-sent-timeout=15m
tcp-time-wait-timeout=15m tcp-unacked-timeout=15m udp-stream-timeout=1h udp-timeout=15m
/ip neighbor discovery-settings

ipv6 accept router advertisements configuration has changed, please restart device to apply settings

set discover-interface-list=!dynamic discover-interval=15s
/ip settings

ipv6 accept router advertisements configuration has changed, please restart device to apply settings

set accept-redirects=yes accept-source-route=yes arp-timeout=10m icmp-rate-limit=0 secure-redirects=no tcp-timestamps=enabled
/ipv6 settings

ipv6 accept router advertisements configuration has changed, please restart device to apply settings

set accept-router-advertisements=yes min-neighbor-entries=200 stale-neighbor-detect-interval=5 stale-neighbor-timeout=3
/interface list member
add interface=pppoe-out1-FPT list=WAN
add interface=bri_Lan list=LAN
/interface ovpn-server server
add mac-address=FE:F5:0D:2B:16:AA name=ovpn-server1
/ip address
add address=192.168.50.1/24 interface=bri_Lan network=192.168.50.0
/ip cloud
set update-time=no
/ip dhcp-server config
set store-leases-disk=never
/ip dhcp-server lease
add address=192.168.50.243 client-id=1:70:3a:e:cd:19:54 mac-address=70:3A:0E:CD:19:54 server=dhcp1
/ip dhcp-server network
add address=192.168.50.0/24 dns-server=8.8.8.8 gateway=192.168.50.1 netmask=24
/ip dns
set cache-max-ttl=1h cache-size=6250KiB doh-max-concurrent-queries=120 doh-max-server-connections=50 max-concurrent-queries=200
max-concurrent-tcp-sessions=200 max-udp-packet-size=32768 servers=8.8.8.8
/ip firewall address-list
add address=192.168.70.0/24 disabled=yes list=Trust
add address=119.15.175.0/24 disabled=yes list=Trust
add address=119.17.222.0/24 disabled=yes list=Trust
add address=192.168.50.0/24 list=LAN
add address=192.168.50.0/24 list=Trust
/ip firewall filter
add action=fasttrack-connection chain=forward connection-state=established,related hw-offload=yes
add action=accept chain=forward connection-state=established,related
add action=accept chain=forward disabled=yes dst-port=123 protocol=udp
/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu protocol=tcp tcp-flags=syn tcp-mss=1461-65535
/ip firewall nat
add action=masquerade chain=srcnat out-interface=pppoe-out1-FPT
/ip firewall raw
add action=notrack chain=prerouting dst-address=224.0.0.0/4
/ip firewall service-port
set ftp disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
/ip hotspot profile
set [ find default=yes ] login-by=""
/ip ipsec profile
set [ find default=yes ] dh-group=modp1024
/ip service
set ftp disabled=yes
set ssh address=119.17.222.0/24,192.168.70.0/24,119.15.175.0/24 disabled=yes
set telnet address=119.17.222.0/24,192.168.70.0/24,119.15.175.0/24 disabled=yes
set www address=119.17.222.0/24,192.168.70.0/24,119.15.175.0/24 disabled=yes
set winbox address=119.17.222.0/24,192.168.70.0/24,119.15.175.0/24,192.168.50.0/24
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set host-key-size=1024
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=bri_Lan type=internal
add interface=pppoe-out1-FPT type=external
/ipv6 address
add from-pool=ipv6_fpt interface=bri_Lan
/ipv6 dhcp-client
add add-default-route=yes custom-iana-id=0 custom-iapd-id=0 default-route-tables=main interface=pppoe-out1-FPT pool-name=ipv6_fpt prefix-hint=::/60
request=prefix use-peer-dns=no validate-server-duid=no

/ipv6 dhcp-server
add allow-dual-stack-queue=no dhcp-option=gg2 interface=bri_Lan lease-time=12h name=ggdns
/ipv6 firewall filter
add action=fasttrack-connection chain=forward connection-state=established,related protocol=!icmpv6
add action=accept chain=forward connection-state=established,related
/ipv6 firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu protocol=tcp tcp-flags=syn tcp-mss=1461-65535
/ipv6 firewall raw
add action=notrack chain=prerouting dst-address=ff00::/8 protocol=udp
/ipv6 nd
set [ find default=yes ] dns=2001:4860:4860::8888 mtu=1500 other-configuration=yes ra-delay=1s ra-interval=2m-5m ra-lifetime=1h reachable-time=1s
retransmit-interval=1s
/ipv6 nd prefix default
set preferred-lifetime=2h20m valid-lifetime=4h45m
/routing igmp-proxy
set query-interval=1m quick-leave=yes
/snmp
set contact=router enabled=yes location=router trap-community=netdept
/system clock
set time-zone-autodetect=no time-zone-name=Asia/Ho_Chi_Minh
/system clock manual
set time-zone=+07:00
/system identity
set name=Router
/system leds
set 0 disabled=yes
set 1 disabled=yes
set 2 disabled=yes
set 3 disabled=yes
/system leds settings
set all-leds-off=immediate
/system note
set show-at-login=no
/system ntp client
set enabled=yes
/system ntp client servers
add address=0.vn.pool.ntp.org
/system package update
set channel=long-term
/tool bandwidth-server
set authenticate=no enabled=no
/tool graphing
set page-refresh=never store-every=24hours
/tool mac-server ping
set enabled=no
/tool sniffer
set filter-dst-port=547 filter-interface=ether3 filter-src-port=546

It works, but it isn’t something “you should want to do”.

Probably you come from an IPv4 environment and have learned “DHCP is used to assign addresses and options such as DNS servers”.

In the IPv6 world this is a little different. SLAAC is used for that. You configure that in IPv6→ND. Do not configure a DHCPv6 server unless you exactly know what that is used for. (it should only be required when you have router devices that have further subnets behind them and have to ask for an entire /64 prefix, not an address)

Your export also shows you have been tinkering a lot with global IPv6 settings that require a reboot to become active, but you have not rebooted the router yet. That makes the confusion only worse.

Thanks! But without DHCPv6 Server, is there any other way for me to assign ipv6 dns servers to Windows devices?

What ancient Windows version are you using? RDNSS is supported since Windows 10 Creators Update, which was from 2017!

You only need to put the DNS server list in the IPv6 ->ND entries, what apparently you already did.

Regardless, if your network has both IPv4 and IPv6 (dual stack) then the IPv6 DNS server addresses are unimportant. Windows clients will happily use the IPv4 DNS server addresses and will be able to resolve domain names for both IPv6 and IPv4 destinations without issues.

I also agree with @pe1chl that your IPv6 configuration has quite a few customizations of multiple parameters, some require a reboot. If you are not sure of what you are doing, try to revert to the default values (so that the export contains fewer parameters).

I have a mix of Windows 10 22h2 and 11 25h2, but without ipv6 dns server, the dns v4 one will send me somewhere with high RTT, ~95ms compared to ~40ms, this causes some quite noticeable slowdown.

That might be something unrelated. Turn off the DHCPv6 server. Turn off Other Configurations in the ND entry. Run

ipconfig /all

on the Windows devices to see if the IPv6 addresses you put in ND are listed under DNS servers on the machine. Both the Windows version above should have no problem if the address is not a link local (fe80) one. You need newer version (your Windows 11 version is ok) if the DNS server list uses link local addresses. But from your export above, it's already a global unicast address.