Expected Behaviour:
It should block sites on all devices while now, on Android the sites are blocked on Window not unless I disable the IPv6.
Actual Behaviour:
I'm trying to setup Pi-hole on a ZTE H6645P router. As for configuring DNS for IPv4, I didn't encounter any problems - it was quick and easy setting up the Raspberry's IPv4. However, the problem arises with IPv6, as the ZTE router prefers IPv6 instead of IPv4. This causes some devices not to be filtered via Pi-hole. Alternatively, as indicated in the Pi-hole guide, it is suggested to enable ULA by generating a 40-bit prefix via RFC 4193, with the rest of the prefix at the user's choice, and setting the Local DNS via the ULA prefix and l 'Raspberry IPv6. However, in the ZTE router configuration menu I don't see any option to configure ULA or SLAAC (I noticed that RA is also there, but I can't change it).
IPv4 TAB:
IPv6 TAB:
Debug Token:
https://tricorder.pi-hole.net/6tqdnnyS/
Thank you.
Sounds like your router is advertising its own IPv6 address as DNS server, allowing your clients to by-pass Pi-hole.
You'd have to find a way to configure your router to stop advertising its own IPv6 as DNS server, or to advertise your Pi-hole host machine's IPv6.
You'd have to consult your router's documentation sources on further details for its IPv6 configuration options.
If your router doesn't support configuring IPv6 DNS, you could consider disabling IPv6 altogether, provided you'd not depend on IPv6 for reasons.
If your router doesn't support that either, your IPv6-capable clients will always be able to bypass Pi-hole via IPv6.
You could then try to mitigate this, by setting Pi-hole as the only upstream of your router, but note that you won't be able to attribute DNS requests to original individual IPv6 clients in that configuration.
What happens when you set DNS delegate type as "Manual"?
Does a field appear to fill in the IPv6 address?
Yes, I thought about disabling IPv6 completely, but I read around that for example Windows uses IPv6 for some things regarding updates.
Yes, it lets me configure the IPv6 DNS, the problem is that I can't follow the configuration like on fritz.box...
I am not aware of any such requirement.
If that would be the case, any Windows running on a network with IPv4 only connectivity would never be able to receive updates.
When considering to disable IPv6, it would be crucial whether your ISP is providing you with a native dual stack, native IPv4 or native IPv6 connection.
Obviously, disabling IPv6 is not an option in the latter case.
Configuring a DHCPv6 DNS Server may not help.
Most OSs won't use DHCPv6, but SLAAC, learning network details like DNS servers by processing a router's NDP RAs. Your clients would thus use the DNS server IPv6 address as advertised by your router's RA service.
It could be possible that your router's RA service may advertise DNS server IPv6 addresses as configured via DHCPv6, but it may also just use or fall back to advertise its own IPv6 address instead.
Try setting DHCPv6 Server to Off, and correspondingly for your RA Service, setting the M and O flags to Off (indicating that "Managed address configuration" ( Stateful DHCPv6) and "Other configuration" (Stateless DHCPv6) isn't available in your network).
This would have your router instruct devices to exclusively use NDP/SLAAC/RA to join your IPv6 network and hopefully provide no IPv6 address for DNS.
But you should verify that your router's RA service would not advertise its own IPv6 address as DNS server, e.g. by radvdump or rdisc6.
Finally the problem has been solved. I made the changes you told me, and moreover, to be safe I've set the DNSv6 to the raspberry's IPv6 (even if DHCPv6 was disabled). Now it seems that it filters all requests from each computer, so I can finally reactivate IPv6 on my main Windows too. However, good to know that deactivating the IPv6 does not create problems for the operating system.
Thank you all!
