ahh right, totally missed this. It’s the localhost interface only.
No firewall installed on dietpi. No Ipv6 firewall on router.
Only pihole,ipv6,unbound.
If you look at the 2nd to last line:
tcp LISTEN 0 32 [fe80::a:b:c:d]%eth0:53 [::]:* users:(("pihole-FTL",pid=367,fd=9))
Pihole is listening on port 53 via ipv6, but unbound is not listening on [::]:53, or [::]:5335
did you ever tried to use custom option 1 (IPv4) only to connect PiHole to Unbound? Means to skip custom option 3 (IPv6).
I erased option 3, now nslookup is pointing to the ipv4 pihole dns, and returns an ipv6 address:
nslookup ipv6.google.com
Server: pi.hole
Address: 192.168.1.8
Non-authoritative answer:
Name: ipv6.l.google.com
Address: 2607:f8b0:400f:803::200e
Aliases: ipv6.google.com
Seems to function correctly, but still do not understand why this has to go through IPv4 and can not be done via IPv6?
Any ideas on how to open ports [::]:53, or [::]:5335 on unbound?
Shouldn’t the dietpi-config do this automatically when IPv6 is enabled with unbound?
Or add a dietpi script for this function?
what DNS IPv6 Server you have set on the Windows box?
As stated, many times above. It simply doesn’t matter how Unbound is reachable. IPv4 on Unbound is totally fine. You don’t need a complete chain of IPv6 servers just to resolve a simple address.
I have it set to Obtain DNS automatically.
Just trying to understand why this can not be done via complete chain of ip6?
we are trying to work around an issue that your SBC did not get a GUA IPv6. Are you able to resolve DNS request on your windows box if you set Link-Local IPv6 address of your PiHole as DNS server?
Not if I manually enter the dietpi link local FE80 IP6 address in windows dns server settings.
Gives this error:
nslookup dietpi.com
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: fe80::a:b:c:d
DNS request timed out.
timeout was 2 seconds.
This is for tcp, which is used in special cases only. For udp you have the binding to a link local address without the interface, which doesn’t seem correct. Which I suspect is why your nslookup fails.
1 Like
How can this be fixed to work correctly?
Normally it should be bound on all interfaces. Either you didn’t configure that properly in pihole settings, or another service is bound on udp/53 and doesn’t let pihole bind it.
Maybe the same issues blocking PiHole to bound correctly to the interface, that prevents DietPi to assign correct IPv6 GUA.
If you have a spare dietpi sbc or a spare sd card to flash a dietpi image on it, I’d recommend to try a clean installation. This must acquire IPv6 GUA without issues. Then you can add pihole, unbound, etc
@Joulinar said above that his ip6 network worked on link local ip6 address fe80::dea6:xxx just fine?
Why do I need gua?
Seems like there is some configuration error with the dietpi-config scripting, because that is all I used to install ip6,pihole, and unbound?
Yes, my network is working fine, and I connect to PiHole using link local. Due to whatever reason, your system has not setup IPv6 correctly. That’s why you have issues to get PiHole as well as Unbound Listen to the correct interface.
BTW: just out of interesst, what DNS server you have set while using DHCP on your Windows box? As well have a look to your mobile clients what DNS server they have assigned.
I have them set to automatic, which gives them the pihole 192.168.1.8 address
No IPv6 DNS server assigned? Even not the router? Just 1 IPv4 DNS server?
No ip6 dns assigned.
If I manually put in the fe80 deitpi address for dns, it will not connect.
But in this case, the whole exercise is nearly useless. Your Windows system will always use the assigned IPv4 DNS server as there is no other DNS server assigned. Have a look to mobile phones. Within WiFi settings, you can see assigned DNS server as well. If it’s showing IPv4 only, you should be fine.