Expected Behaviour:
Any device in the network can connect through IPv6 to the internet
Actual Behaviour:
Hi, it seems my ISP has finally assigned me an IPv6 connection, and most of my devices have acquired IPv6 addresses within the last few weeks. I am able to see both their IPv4 & IPv6 IPs on the network management section (I use my Pi-Hole as the network's DHCP server), but for some reason, none of the connected devices are able to solve websites using IPv6.
I am able to run dig from within my Raspberry Pi 4 (running RPiOS arm64 beta) and solve IPv6 addresses both using Unbound and Cloudflared:
dig AAAA ipv6.google.com @127.0.0.1 -p 5335
; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> AAAA ipv6.google.com @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35213
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;ipv6.google.com. IN AAAA
;; ANSWER SECTION:
ipv6.google.com. 26619 IN CNAME ipv6.l.google.com.
ipv6.l.google.com. 300 IN AAAA 2607:f8b0:4012:800::200e
;; Query time: 3106 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Thu Oct 01 16:42:50 CDT 2020
;; MSG SIZE rcvd: 93
dig AAAA ipv6.google.com @127.0.0.1 -p 5053
; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> AAAA ipv6.google.com @127.0.0.1 -p 5053
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7917
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ipv6.google.com. IN AAAA
;; ANSWER SECTION:
ipv6.google.com. 28 IN CNAME ipv6.l.google.com.
ipv6.l.google.com. 28 IN AAAA 2607:f8b0:4000:802::200e
;; Query time: 67 msec
;; SERVER: 127.0.0.1#5053(127.0.0.1)
;; WHEN: Thu Oct 01 16:43:51 CDT 2020
;; MSG SIZE rcvd: 135
Even after reconfiguring the installation using pihole -r
and updating gravity with pihole -g
after enabling IPv6 within Unbound, the results stay the same.
My Unbound config:
server:
# If no logfile is specified, syslog is used
# logfile: "/var/log/unbound/unbound.log"
verbosity: 0
interface: 127.0.0.1
port: 5335
do-ip4: yes
do-udp: yes
do-tcp: yes
# May be set to yes if you have IPv6 connectivity
do-ip6: yes
# You want to leave this to no unless you have *native* IPv6. With 6to4 and
# Terredo tunnels your web browser should favor IPv4 for the same reasons
prefer-ip6: yes
# Use this only when you downloaded the list of primary root servers!
root-hints: "/var/lib/unbound/root.hints"
# Trust glue only if it is within the server's authority
harden-glue: yes
# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
harden-dnssec-stripped: yes
# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
# see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
use-caps-for-id: no
# Reduce EDNS reassembly buffer size.
# Suggested by the unbound man page to reduce fragmentation reassembly problems
edns-buffer-size: 1472
# Perform prefetching of close to expired message cache entries
# This only applies to domains that have been frequently queried
prefetch: yes
# One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
num-threads: 1
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
so-rcvbuf: 1m
# Ensure privacy of local IP ranges
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10
If there's anything else I might need to add, just ask.
Thanks for the help!