I am running the stock Pi-hole 5.1.2 on Raspberry Pi OS buster. I have some guest networks on a separate vlan, so I let my router (Asus RT-AC88U running Asuswrt-Merlin) take care of the DHCP duties and just use the pi-hole as the DNS server. I have IPv6 enabled on the router and my main computer has an IPv6 addressed assigned, so my ISP supports it.
My expectation, and this was the case prior to the upgrade to Pi-hole v5, is that I can choose an upstream IPv6 DNS server.
Actual Behaviour:
When I go to the settings page, the two IPv6 columns are greyed out and I can't check them. I can only select upstream IPv4. I currently have Quad9 (filtered, DNSSEC) chosen. If I tail the log, I only see IPv4 addresses.
I've configured the device to use IPv6 and I've got the pi set up to periodically update the address as recommended here. My Asus will not let me set a ULA.
After that I rebooted the PiHole and the IPv6 columns are still greyed out.
So, I ran the reconfigure script, and it now allows me to select upstream IPv6 DNS providers.
However, perhaps I've misunderstood the point of the advice linked to in the debug log. The script therein specifically pulls out the local fe80 address and sticks it into setupVars.conf. There is also a 2605 address bound to eth0. Now that I've switched to that address, won't everything break again when the address gets reassigned? The whole reason I came by that link in the first place is because IPv6 suddenly stopped working (this was under v4).
And, if that is the address that I should now be using, maybe unlink the discourse topic from the debug log output and instead point to the proper method of tracking the dynamic IPv6 address, or do I have to reconfigure every time my ISP assigns a new address?
I think you misunderstood the linked advice for using a ULA prefix.
An IPv6 address may change if your ISP assigns you a new IPv6 prefix.
In contrast, a ULA prefix would stay fixed unless you explicitly change it.
Having your router distribute a ULA prefix (fd00::/8 range) would allow you to keep a fixed IP address for your Pi-hole, no matter whether your ISP may change your public IPv6 prefix (2000::/3 range).
Using a public IPv6 address constructed from your ISP-assigned IPv6 prefix would indeed require you to reconfigure Pi-hole every time your ISP assigns a new prefix. The user provided script from the same ULA topic aims to automate that process as an alternative to using ULAs, abandoning them altogether.
Why, then, when I have the PiHole set to use the private fd00::/8, range address the IPv6 upstream DNS servers are disabled, but when I have it set to use the public address, they are enabled.
As a side note, since changing to the public address as advised here, my PADD display has crashed.
Could you show me where you found that?
A quick perusal didn't bring up any script pulling link-local addresses (fe80::/10 range) for me; they either extract the ULA addresses:
IPV6_ADDRESS=$(ip -6 a | grep '\<fc\|\<fd'...
or certain public ones:
CURRENT_IPV6_ADDRESS=$(ip -6 a | grep '2a02'...
It's neither wrong nor right to use an IPv6 GUA or a ULA or a link-local - go for whatever works for you. Just make sure your router properly firewalls access to your Pi-hole's public IPv6 address.
Neither yubiuser nor myself did specifically advise you to use a public address, and the link in the debug log suggests to Use IPv6 ULA addresses for Pi-hole, as using a ULA address is a way of mitigating frequently changing IPv6 prefixes.
Did you confirm that was due to your ISP assigning a new IPv6 prefix?
How do you set a ULA address if your router doesn't allow you to?
I cannot recreate your issue in my installation. I am running my Pi-hole with a ULA address since ages and never had problems picking IPv6 upstreams.
However, I can confirm that IPv6 upstreams are only available if Pi-hole has full IPv6 connectivity. In settings.php, IPv6 connectivity is assumed only if Pi-hole is configured with a ULA or GUA address:
if ($GUA || $ULA) {
// Scope global address detected
$IPv6connectivity = true;
This was introduced some 3 years ago, so well before Pi-hole v5.
So yubiuser may have been hinting at this in his initial reply:
As long as you avoid the link-local address (fe80::/10 range), you should be able to pick any upstream DNS you like.
I thought that fe* was part of the ULA universe, so I guess I never have a ULA. it's the fe* address that I was adding.
For the non-ULA address, mine doesn't start with 2a02. Is there a stable prefix or regular expression that will always capture the address, or is IPv6 just fundamentally incompatible with PiHole if the router can't assign a static address?
It's the intricacies of IPv6, especially its preference for auto configuration, that requires closer attention when you decide to deploy IPv6 in your network. Most users new to IPv6 will struggle to get a better understanding, even when they were familiar with IPv4 (or maybe because).
Indeed, your "non-ULA" adresses start with fe80 (link-local address) and with 2605 (public/GUA address).
That would depend on whether your ISP habitually changes IPv6 prefixes on a regular basis or not (something you haven't answered yet). Even if it does, you'll likely find that the first part of the prefix does not change, or only alternates among a small set, as that network is owned by your ISP.
In either case, a public IPv6 address will always be in the 2000::/3 range (as mentioned before).
You may think of the public IPv6 prefix in much the same way as the public facing IPv4 address that your ISP assigns to your router - with one significant difference:
Your router's IPv4 is a complete address that's valid just for that device, while an IPv6 prefix is a part of an IPv6 address for all of your home network. Any IPv6 capable device in your network may use that prefix to construct a public(!) IPv6 address for itself, by autonomously calculating an interface identifier and combining that with the prefix.
With IPv6, the router would not commonly assign addresses to clients via DHCPv6, be it fixed or dynamic ones. Instead, it will just advertise an IPv6 prefix that clients will use to autoconfigure via SLAAC.
As explained, configuring Pi-hole with a link-local IPv6 address would result in upstream IPv6 DNS servers being disabled (greyed out) in Pi-hole's UI.
I just might add that this wouldn't stop Pi-hole from correctly returning IPv6 addresses if a client would request them, so as far as DNS resolution is concerned, this wouldn't pose any problems.