The issue I am facing:
I am not getting all ads blocked on all devices and have an extra DNS server other than the PiHole.
I have an AT&T fiber modem. I have turned off the DHCP server on the modem and have allowed the PiHole to be the DHCP server. I am not running a router between the modem and my network. I have no issue getting reserved addresses from the PiHole and everything all gets online fine. When I check the resolv.conf file on devices on the network, I get an extra DNS server added:
$ cat /etc/resolv.conf
# Generated by resolvconf
search local attlocal.net
nameserver 192.168.1.253
nameserver 2600:1700:xxxx:xxxx::1
nameserver 2600:1700:xxxx:xxxx:19f
I'd like to have my local network as something other than attlocal.net, but that is minor. What is bothersome is the addition of "nameserver 2600:1700:xxxx:xxxx::1" this is not the v6 address of the pi, but the address of the AT&T fiber modem. The 19f is the address of the Pi. Global Unicast IPv6 Address 2600:1700:xxxx:xxxx::1
How is this being advertised by my local system and how can I make it stop. I want the only DNS servers to be those advertised by the DHCP server which is the Pi. This is what is in the /etc/dnsmasq.d/02-pihole-dhcp.conf file:
Note that DHCP is strictly an IPv4 protocol - the Stateful DHCPv6 flavour would be a close equivalent for IPv6 (but indeed a separate protocol of its own, using different ports). Also note that with IPv6, a client may support one or more of multiple ways to join a network (SLAAC/NDP, Stateless DHCPv6 and Stateful DHCPv6). It would depend on the client OS (and potentially its individual configuration) which ways it would support, e.g. Androids do not support DHCPv6 at all.
Your router is advertising its own DNS server(s) - its own IPv6 address in your case - and thus any device may by-pass Pi-hole via IPv6.
You'd have to find a way to configure your router to advertise your Pi-hole host machine's IPv6 as DNS server instead.
You'd have to consult your router's documentation sources on further details for its IPv6 configuration options. Note however that some few router models show a misbehaviour of distributing their own IP address along with any custom address regardless.
If your router doesn't support configuring IPv6 DNS, you could consider disabling IPv6 altogether.
If your router doesn't support that either, your IPv6 capable clients will bypass Pi-hole via IPv6.
Turning off " Enable IPv6 support (SLAAC + RA)" in the advanced DHCP Settings and disabling ipv6 on my modem seems to fix it so that I only get the IP address of the PiHole as my DNS server.
The modem still has an ipv6 address for the WAN or so it appears. it lists: Global Unicast IPv6 Address,
Link Local Address and Default IPv6 Gateway Address. Is there any way to route to this and still use my Pi as the DNS server? As it is, my unbound query will only access ipv4 addresses:
There is no need to disable Pi-hole's IPv6 support.
Disabling IPv6 on your modem should be your ultimate measure to prevent clients from by-passing your Pi-hole via IPv6.
If you want to keep public IPv6 connectivity, you should prefer...
That dig is not asking to resolve a domain to an IPv6 address - it is sending a request to a DNS server at ::1 (and if you setup your unbound by our guide, then unbound would be listening on its host's IPv4 loopback address only, which is fully sufficient).
Note that dig will query A records by default.
You can request other types by explicity stating them, i.e. you'd have to request AAAA records to resolve that domain to an IPv6 address, e.g.
Well, I did set it up like in the guide. The only changes were to the IPv6 config bits.
# May be set to yes if you have IPv6 connectivity
do-ip6: yes
# You want to leave this to no unless you have *native* IPv6. With 6to4 and
# Terredo tunnels your web browser should favor IPv4 for the same reasons
prefer-ip6: yes
and I added another DNS server at ::1#5335
This setup appears to work at my main residence where my router is behind the modem and I have it set up as "IP Pass Through". At this apartment, though, I have no router and am using the PiHole as my DHCP server and DNS server and am using the modem as a router as well (wifi and ethernet) and when I enable ipv6 on the modem, it wants to advertise it as a DNS server. To get around this, I need to turn off IPV6 completely on the modem and just use ipv4 on this setup. Not the end of the world, but it is the only way I get the PiHole functionality.
Those options you've changed control unbound's usage of IPv6 as a transport protocol.
They don't affect whether DNS replies contain IPv4 or IPv6 addresses, and they are not required for unbound to be operational (and now that you've disabled IPv6 on your router, they would be of no use anyway).
do-ip6 would allow unbound to transport DNS requests over IPv6 (both incoming and outgoing), and prefer-ip6 would tell unbound to prefer IPv6 transport when sending DNS requests upstream.
Regardless, your queries send to ::1#5335 will never reach unbound, because -as mentioned- unbound is configured to listen only on its host's IPv4 loopback address.
I've noticed you've edited your title as [Solved].
Please consider to mark a post as solution:
