Ipv6 dns on router Q: link ? global? scopeid?

I have pi.hole on rpi4 debian 12 since a while now, runs just puuurfect. no issues, on average, around 30% gets blocked

Technicolor dja0231 router set up ipv4 dns 192.162.1.7 (pihole)

I have some understanding of ipv4, hardly any of ipv6
on router I've set IPV4 primary DNS 192.168.1.7 (pihole)
what should I set for ipv6 primary DNS ?

fe80::71d:16b7:afdb:f218
fdcc:6bf0:4b83:0:967a:57d1:8b37:5902

which string do I enter as ipv6 dns ?
just the string as above ? or do I need prefix lenght/scope id ?

both of above resolve on 'host'
I can ping one, other one can ping if I append '%eth0'

TIA for help and any pointers!

 @rpi1:~ $ ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.7  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::71d:16b7:afdb:f218  prefixlen 64  scopeid 0x20<link>
        inet6 fdcc:6bf0:4b83:0:967a:57d1:8b37:5902  prefixlen 64  scopeid 0x0<global>
        ether dc:a6:32:c4:ad:c8  txqueuelen 1000  (Ethernet)
        RX packets 2728430  bytes 940325143 (896.7 MiB)
        RX errors 0  dropped 19029  overruns 0  frame 0
        TX packets 676151  bytes 132506676 (126.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
$ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux" VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm ID=debian
 $ uname -a
Linux rpi1 6.6.51+rpt-rpi-v8 #1 SMP PREEMPT Debian 1:6.6.51-1+rpt2 (2024-10-01) aarch64 GNU/Linux

* **Pi-hole** [v5.18.3]* **FTL** [v5.25.2]* **Web Interface** [v5.21]

Have a look at below boxes all the way at the bottom of the diagram:

Preferred is the one starting with fdcc: which is a ULA (Unique Local Address).
The other fe80: is a LLA (Link Local Address) wich can also be used but isnt routable thus works only on the local LAN segment.

I think its missing a GUA though 2000::/3 (Global Unicast Address).
That one is the only one that's routable to the Internet for if the Pi wants to connect via IPv6.
If there is no GUA, the Pi will connect via IPv4 to anything on the Internet instead of IPv6.

You can test IPv6 DNS on a Windows, MacOS or Linux client with below one:

nslookup pi.hole <PIHOLE_IPv6_ADDRESS>

EDIT: Oh dont post any IPv6 GUA addresses here for privacy or redact the latter part!
That one is similar as a public IPv4 address.

thanks for your help, and, explanations, much appreciated!

ahem, a dumb question:

Looking at my 'top clients' list, I see mainly IPv6 addresses, so, that's telling me that local devices use IPv6 for dns queries, and, my pihole can be seen under IPv6

Had I NOT entered IPv6 dns server under router/DHCP default DNS, would those DNS queries come from ipv4 addresses? or?

Just trying to understand this better..

Commonly, dual stack clients with IPv6 connectivity will prefer IPv6 over IPv4, and as IPv6 addresses are likely to change over time, that would make it somewhat harder to read Pi-hole's statistics.

Note that a DNS resolver would return A and AAAA records as requested, regardless whether the query arrived via IPv4 or IPv6, so if you can control your router's behaviour, you could consider to distribute an IPv4 address as local DNS server exclusively, i.e. do not provide IPv6 DNS resolvers at all.

That would prompt your clients to contact Pi-hole via IPv4 only, and IPv4 addresses are easier to associate with hostnames.

You'd have to consult your router's documentation sources on further details for its IPv6 configuration options.

On a side note, the lack of a public GUA address (range 2000::/3) suggests that your network has no public IPv6 connectivity anyway, i.e. your ISP may not offer IPv6.
If that's the case, you could also consider to completely disable IPv6 in your router.

Thanks for the explanation, appreciated. Just checked router, seems I've enabled on boot but then disabled IPv6 on link..

Though, going by your other comments, I think I should just disable IPv6 for this home LAN.
Thanks again

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.