Unbound IPv6 DNS

This has been discussed in previous topics, but hoping I can get some clarifying information.

I originally had my network as IPv4 only. I have recently enabled IPv6, and I have reconfigured Pi-hole to include IPv6. In some previous posts it was mentioned that in the unbound configuration for do-ip6, you can either have this set to 'yes' or 'no'. From what I understand you can leave this to 'no' if you want ipv6 queries to be handled by IPv4? I currently have it set to 'no' and from what I can see it looks to be working.

Also, from some old posts on Reddit for the DNS settings in Pi-hole, you don't necessarily have to have a DNS set for IPv6 when using Unbound. I tried to add ::1#5335 to the IPv6 DNS, but get an invalid IP error.

When I do a dig request: dig AAAA ipv6.google.com @ -p 5335

; <<>> DiG 9.11.5-P4-5.1+deb10u1-Raspbian <<>> AAAA ipv6.google.com @ -p 5335
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51783
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 1472
;ipv6.google.com. IN AAAA

ipv6.google.com. 27289 IN CNAME ipv6.l.google.com.
ipv6.l.google.com. 300 IN AAAA 2607:f8b0:4002:808::200e

;; Query time: 79 msec
;; WHEN: Thu Jul 30 12:36:50 EDT 2020
;; MSG SIZE rcvd: 93

With all of this being said, I'm assuming everything is working as expected, but I'm not savvy in a lot of this. Most of my knowledge is just from trying to read through other posts and user setups.

Debug Token:


The DNS protocol is oblivious to the way it gets transported:
A DNS server will answer an IPv4 (A) or IPv6 (AAAA) hostname record as requested, regardless whether a client connects via IPv4 or IPv6.
Your dig for an AAAA record through an IPv4 address nicely demonstrates this.

With Pi-hole as unbound's only client, it is therefore completely irrelevant whether they would talk over IPv4 or IPv6.
I would thus recommend to leave unbound's configuration untouched.

Often enough, the hard part is making your clients comply to use Pi-hole's IPv6 address as their sole DNS server for IPv6 (and not some other IPv6 DNS server advertised on your network, e.g. as distributed by your router).

So if I'm reading what you said correctly, I should leave do-ip6 set to 'no' in the unbound configuration and leave my pi-hole dns to just be

I use eero and I noticed that after I enabled ipv6 that eero was pushing the ipv6 DNS from my ISP. I have since added the pi-hole ipv6 address as the ipv6 DNS in eero.

I disabled IPv6 in my network because of this sneaky behavior, by in my case Andriod.


Fixed in the next release.

I also have only IPv4 configured on my network.
If also try to support IPv6, it means you have to do everything twice and for what (prone to more errors).
Plus IPv6 can be a bit more tricky because of its auto discovery feature.

Thank you! I will leave my unbound config as is. Also, I wasn't aware the ipv6 DNS configuration wasn't working so thank you for that.