I want all my devices to only use my DNSv4 (pihole), but my network needs IPv6 enabled.
Following this (@Bucking_Horn) advice, I should not give my pihole an IPv6 address inside docker. Or at least it is not necessary.
I also followed this advice, where I configured my router like this:
a. Untick Also announce DNSv6 server via router advertisement (RFC 5006).
b. Tick Disable DHCPv6 server in the FRITZ!Box for the home network and
b.1. choose There are no other DHCPv6 servers for the home network.
Please upload a debug log and post just the token URL that is generated after the log is uploaded by running the following command from the Pi-hole host terminal:
Today my Desktop PC is using the pihole again, altough I didn’t change anything.
nslookup googleadservices.com
Server: fritz.box
Address: fd30:...:3cdd
*** No internal type for both IPv4 and IPv6 Addresses (A+AAAA) entries available for googleadservices.com.
(Also shown in the Pihole query log)
2025-10-01 19:39:02 AAAA googleadservices.com 192.168.1.1 8.1 µs
2025-10-01 19:39:02 A googleadservices.com 192.168.1.1 16.0 µs
Your debug log shows that you've successfully disabled IPv6 RDNSS RAs: Your Fritzbox does no longer advertise its own IPv6 addresses as local DNS servers.
* Received 136 bytes from fe80::<reacted>d @ ovs_eth0
Hop limit: 255
Stateful address conf.: No
Stateful other conf.: No
Mobile home agent: No
Router preference: Medium
Neighbor discovery proxy: No
Router lifetime: 1800 s
Reachable time: N/A
Retransmit time: N/A
- Prefix: 2a<redacted>00::/64
Valid lifetime: 7200 sec
Preferred lifetime: 3600 sec
On-link: Yes
Autonomous address conf.: Yes
- Prefix: fd30:8f46:a10a::/64
Valid lifetime: 7200 sec
Preferred lifetime: 3600 sec
On-link: Yes
Autonomous address conf.: Yes
MTU: 1500 bytes (valid)
- Route: ::/0
Route preference: Medium
Route lifetime: 1800 sec
- Route: 2a<redacted>00::/64
Route preference: Medium
Route lifetime: 1800 sec
- Route: fd30:8f46:a10a::/64
Route preference: Medium
Route lifetime: 1800 sec
Your debug log shows that your networks IPv6 addresses would remain valid for 7200 seconds/2 hours, which in turn may suggest that a client may have held on to IPv6 DNS server information for at most those 2 hours.
However, your Windows PC seems to still fall back to using those IPv6 addresses that it apparently has learned in the past, long after those 2 hours have expired.
This starts to look like a potential bug in Windows.
You could try to coax Windows into forgetting about those, by temporarily configuring a manual IPv6 address for its network adapter, pointing it to use your Pi-hole's ULA instead.
Then try if rebooting the machine and switching it back to automatic would fix it.
As far as I know there has not been an update the last days.
Your debug log shows that you've successfully disabled IPv6 RDNSS RAs: Your Fritzbox does no longer advertise its own IPv6 addresses as local DNS servers.
Good to hear that the RDNSS RAs part works
You could try to coax Windows into forgetting about those, by temporarily configuring a manual IPv6 address for its network adapter, pointing it to use your Pi-hole's ULA instead.
Then try if rebooting the machine and switching it back to automatic would fix it.
Also run below on the MS host instead of ipconfig /all as it specifically mentions if DNS servers are configured through DHCP/RA:
netsh interface ipv6 show dnsservers
I remember it took a while for all my clients to forget about the advertised IPv6 DNS servers by my router after I shortly toggled IPv6 support on and off on my router.
One particular 24/7 on Linux client held on for weeks.
C:\>netsh interface ipv6 delete dnsservers ?
Usage: delete dnsservers [name=]<string> [[address=]<IPv6 address>|all] [[validate=]yes|no]
Parameters:
Tag Value
name - The name or index of the interface where DNS
servers are deleted.
address - One of the following values:
<IPv6 address>: A specific IPv6 address of a DNS server
you are deleting.
all: Deletes all configured IPv6 addresses for DNS
servers.
validate - Specifies whether validation of the DNS server setting
will be performed. The value is yes by default.
Remarks: Deletes statically configured DNS server IPv6 addresses for a
specific interface. If Validate switch is yes, then the remaining
DNS servers are validated.
Examples:
delete dnsservers "Wired Ethernet Connection" fec0:0:0:ffff::1
delete dnsservers "Wired Ethernet Connection" all
EDIT: You most likely need to run the CMD/shell prompt with Administrative powers!
I did some tinkering on my MS gaming rig and it looks like you can only delete if the DNS server(s) is/are configured statically (manually and not through DHCP/RA).
But could give it a try.
Or give below a try:
C:\>netsh interface ipv6 reset ?
Usage: reset
Parameters: none
Remarks: Removes all user configured settings. Restarting computer is
required before the default settings to be effect.
The netsh interface ipv6 delete dnsserverscommand did not work for me, as you mentioned.
I ran netsh interface ipv6 reset and restarted my PC. Now my PC does not use the pihole again. Before running the reset command, it did use the pihole.
I did not change any pihole config.
Current config, after resetting the ipv6 interface and restarting the PC:
netsh interface ipv6 show dnsservers
Konfiguration der Schnittstelle "Ethernet"
Ăśber DHCP konfigurierte DNS-Server: fd30:...:3cdd #my fritzbox
2a02:...:3cdd
Mit welchem Suffix registrieren: Nur primäres
Konfiguration der Schnittstelle "Loopback Pseudo-Interface 1"
Statisch konfigurierte DNS-Server: fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
Mit welchem Suffix registrieren: Nur primäres
Most DNS implementations prefer to resolve via IPv6 transport instead of via IPv4.
And I believe this also to be true for Windows.
You can check for IPv4 DNS servers configured with that same command:
netsh interface ipv4 show dnsservers
What do you mean by that?
It wasnt using Pi-hole before either:
Could you run below one on the UGreen host in a shell session and check if there are any lines reading "Recursive DNS server" (RDNSS)?
netsh interface ipv4 show dnsservers
Konfiguration der Schnittstelle "Ethernet"
Ăśber DHCP konfigurierte DNS-Server: 192... #my pihole
Mit welchem Suffix registrieren: Nur primäres
Konfiguration der Schnittstelle "Loopback Pseudo-Interface 1"
Statisch konfigurierte DNS-Server: Keine
Mit welchem Suffix registrieren: Nur primäres
(Before analyzing the following: I still had ipv6 enabled on my NAS interface, and it also had an IPv6 address assigned. After disabling that, I got a different result from that command. I will post that after this one.)
sudo docker exec -it pihole pihole-FTL dhcp-discover
Scanning all your interfaces for DHCP servers and IPv6 routers
Timeout: 6 seconds
Error while sending Router Solicitation on ovs_eth1: Network unreachable
Error while sending Router Solicitation on docker0: Network unreachable
* Received 136 bytes from fe80::XXXX:3cdd @ ovs_eth0
Hop limit: 255
Stateful address conf.: No
Stateful other conf.: No
Mobile home agent: No
Router preference: Medium
Neighbor discovery proxy: No
Router lifetime: 1800 s
Reachable time: N/A
Retransmit time: N/A
- Prefix: 2a02:XXXX::/64
Valid lifetime: 7200 sec
Preferred lifetime: 3600 sec
On-link: Yes
Autonomous address conf.: Yes
- Prefix: fd30:XXXX:a10a::/64
Valid lifetime: 7200 sec
Preferred lifetime: 3600 sec
On-link: Yes
Autonomous address conf.: Yes
MTU: 1500 bytes (valid)
- Route: ::/0
Route preference: Medium
Route lifetime: 1800 sec
- Route: 2a02:XXXX:4d00::/64
Route preference: Medium
Route lifetime: 1800 sec
- Route: fd30:XXXX:a10a::/64
Route preference: Medium
Route lifetime: 1800 sec
Source link-layer address: D4:.. #mac address
* Received 32 bytes from fe80::XXXX:dfc0 @ ovs_eth0
Hop limit: undefined
Stateful address conf.: No
Stateful other conf.: No
Mobile home agent: No
Router preference: Medium
Neighbor discovery proxy: No
Router lifetime: 0 s
Reachable time: N/A
Retransmit time: N/A
- Route: fdf0:XXXX:1::/64
Route preference: Medium
Route lifetime: 1800 sec
No answer on docker0
No answer on docker-af085599
No answer on docker-55773a21
No answer on docker-32a5b43d
No answer on ovs_eth1
Received 0 DHCP (IPv4) and 2 RA (IPv6) answers on ovs_eth0
After disabling ipv6 on my NAS interface:
sudo docker exec -it pihole pihole-FTL dhcp-discover
Scanning all your interfaces for DHCP servers and IPv6 routers
Timeout: 6 seconds
Error while sending Router Solicitation on ovs_eth1: Network unreachable
Error while sending Router Solicitation on ovs_eth0: Network unreachable
Error while sending Router Solicitation on docker0: Network unreachable
No answer on docker0
No answer on docker-af085599
No answer on docker-55773a21
No answer on docker-32a5b43d
No answer on ovs_eth1
No answer on ovs_eth0
Does this look good?
Yup, I thought that looks good because googlead… did not resolve. Eventho it looks weird that an IPv6 address is in use.
Okay, so the lines above were not working fine ^^
I guess that’s not suprising, but when resolving it with the pihole IP given, it works:
nslookup googleadservices.com 192... #pihole ip
Server: pi.hole
Address: 192.... #pihole ip
Name: googleadservices.com
Addresses: ::
0.0.0.0
I'm a little confused about your intentions.
Dont you want your devices to still keep using IPv6 for connecting to anything on the Internet etc?
What I recommend is to make IPv6 work for all your clients,
and only advertise the Pi-hole IPv4 address via DHCP as the sole DNS server for your clients.
No advertising of any IPv6 DNS servers via IPv6 RA or DHCPv6.
Clients can resolve a domain name to an IPv6 address via IPv4 DNS and vice versa.
The clients would still connect to the IPv6 address resolved through IPv4 DNS.
This simplifies matters considerably instead of having the clients also resolve through IPv6 DNS.
From what I've read here, this should be feasible with a Fritzbox.
Hold on, I'll have a look if I can find some!
because googlead… did not resolve. Eventho it looks weird that an IPv6 address is in use.
