I’m running Pi-hole v6 and Unbound on my DietPi setup, and both are working perfectly for IPv4. However, I’ve noticed that despite having an active IPv6 connection through my ISP, websites like https://www.dnscheck.tools/ report that my DNS resolvers cannot reach IPv6 nameservers.
Here’s what I’ve checked so far:
My router shows IPv6 is enabled and has an active IPv6 address.
In dietpi-config, under the network adapter section, IPv6 is enabled.
Running ip -6 addr confirms that my eth0 interface has an IPv6 address assigned.
However, when I test connectivity with ping6 -c 4 google.com, I get a “network is unreachable” error.
My question is: how can I configure my setup so that my DNS resolvers (Pi-hole/Unbound) can successfully reach IPv6 nameservers? Any advice or troubleshooting steps would be greatly appreciated!
I want to share the output you asked about, but I’d like to avoid sharing sensitive info that fingerprints my system or network on a public forum. How can I go about that to help you help me?
Based on my observations, it appears that an unbound configuration issue may need fixing, as my ISP supports IPv6 and it’s enabled. Additionally, DietPi settings have IPv6 enabled, so I suspect unbound is the problem, though I could be mistaken.
I meant that when you post the output of the above commands, change the characters to protect your privacy, but at the same time make it consistent, so we can point you to the culprit.
If your IPv6 is 2abc:1357:.... change it everywhere to 2bcd:2468:...
Understood. Here is a randomized but consistent output:
root@DietPi:~# ip -6 ad ; ip -6 ro list table all; ip -6 ru
nslookup ipv6.google.com
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::a1b2:c3d4:5678:9012/64 scope link
valid_lft forever preferred_lft forever
3: tailscale0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 state UNKNOWN qlen 500
inet6 fd12:3456:789a::bcde:f012/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::1f2e:3d4c:5b6a:7890/64 scope link stable-privacy
valid_lft forever preferred_lft forever
fd12:3456:789a::53 dev tailscale0 table 52 metric 1024 pref medium
fd12:3456:789a::/48 dev tailscale0 table 52 metric 1024 pref medium
fd12:3456:789a::bcde:f012 dev tailscale0 proto kernel metric 256 pref medium
fe80::/64 dev tailscale0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
local fd12:3456:789a::bcde:f012 dev tailscale0 table local proto kernel metric 0 pref medium
anycast fe80:: dev tailscale0 table local proto kernel metric 0 pref medium
anycast fe80:: dev eth0 table local proto kernel metric 0 pref medium
local fe80::1f2e:3d4c:5b6a:7890 dev tailscale0 table local proto kernel metric 0 pref medium
local fe80::a1b2:c3d4:5678:9012 dev eth0 table local proto kernel metric 0 pref medium
multicast ff00::/8 dev tailscale0 table local proto kernel metric 256 pref medium
multicast ff00::/8 dev eth0 table local proto kernel metric 256 pref medium
0: from all lookup local
5210: from all fwmark 0x80000/0xff0000 lookup main
5230: from all fwmark 0x80000/0xff0000 lookup default
5250: from all fwmark 0x80000/0xff0000 unreachable
5270: from all lookup 52
32766: from all lookup main
Server: 10.28.87.2
Address: 10.28.87.2#53
Non-authoritative answer:
ipv6.google.com canonical name = ipv6.l.google.com.
Name: ipv6.l.google.com
Address: 2607:f8b0:400a:805::200e
No specific use case, just want to turn the red “DNS resolvers cannot reach IPv6 nameservers” to green on dnstools.check. Experimenting and tinkering to make it happen. Nothing wrong with that.
I enabled IPv6 DHCP and I can see my LAN devices being assigned IPv6 addresses slowly. So far the dietpi hasn’t received one even though ipv6 is enabled in dietp-config.
When monitoring LAN devices in my router’s web interface, I see an IPv6 address briefly assigned to the DietPi device, but it quickly disappears. This keeps reoccurring every several minutes or so.
cat << EOF > /etc/network/interfaces.d/ipv6.conf
iface eth0 inet6 dhcp
# use SLAAC to get global IPv6 address from the router
# we may not enable ipv6 forwarding, otherwise SLAAC gets disabled
autoconf 1
accept_ra 2
EOF