Unbound IPv6 DNS

xsinlogik · July 30, 2020, 4:40pm

This has been discussed in previous topics, but hoping I can get some clarifying information.

I originally had my network as IPv4 only. I have recently enabled IPv6, and I have reconfigured Pi-hole to include IPv6. In some previous posts it was mentioned that in the unbound configuration for do-ip6, you can either have this set to 'yes' or 'no'. From what I understand you can leave this to 'no' if you want ipv6 queries to be handled by IPv4? I currently have it set to 'no' and from what I can see it looks to be working.

Also, from some old posts on Reddit for the DNS settings in Pi-hole, you don't necessarily have to have a DNS set for IPv6 when using Unbound. I tried to add ::1#5335 to the IPv6 DNS, but get an invalid IP error.

When I do a dig request: dig AAAA ipv6.google.com @127.0.0.1 -p 5335

; <<>> DiG 9.11.5-P4-5.1+deb10u1-Raspbian <<>> AAAA ipv6.google.com @127.0.0.1 -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51783
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;ipv6.google.com. IN AAAA

;; ANSWER SECTION:
ipv6.google.com. 27289 IN CNAME ipv6.l.google.com.
ipv6.l.google.com. 300 IN AAAA 2607:f8b0:4002:808::200e

;; Query time: 79 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1)
;; WHEN: Thu Jul 30 12:36:50 EDT 2020
;; MSG SIZE rcvd: 93

With all of this being said, I'm assuming everything is working as expected, but I'm not savvy in a lot of this. Most of my knowledge is just from trying to read through other posts and user setups.

Debug Token:

https://tricoder.pi-hole.net/plex4llar2

Bucking_Horn · July 30, 2020, 4:58pm

The DNS protocol is oblivious to the way it gets transported:
A DNS server will answer an IPv4 (A) or IPv6 (AAAA) hostname record as requested, regardless whether a client connects via IPv4 or IPv6.
Your dig for an AAAA record through an IPv4 address nicely demonstrates this.

With Pi-hole as unbound's only client, it is therefore completely irrelevant whether they would talk over IPv4 or IPv6.
I would thus recommend to leave unbound's configuration untouched.

Often enough, the hard part is making your clients comply to use Pi-hole's IPv6 address as their sole DNS server for IPv6 (and not some other IPv6 DNS server advertised on your network, e.g. as distributed by your router).

xsinlogik · July 30, 2020, 5:06pm

So if I'm reading what you said correctly, I should leave do-ip6 set to 'no' in the unbound configuration and leave my pi-hole dns to just be 127.0.0.1#5335?

I use eero and I noticed that after I enabled ipv6 that eero was pushing the ipv6 DNS from my ISP. I have since added the pi-hole ipv6 address as the ipv6 DNS in eero.

yubiuser · July 31, 2020, 6:42am

Yes.

Fixed in the next release.

deHakkelaar · July 31, 2020, 1:31pm

I also have only IPv4 configured on my network.
If also try to support IPv6, it means you have to do everything twice and for what (prone to more errors).
Plus IPv6 can be a bit more tricky because of its auto discovery feature.

xsinlogik · July 31, 2020, 1:59pm

Thank you! I will leave my unbound config as is. Also, I wasn't aware the ipv6 DNS configuration wasn't working so thank you for that.

system · August 21, 2020, 1:59pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.