Pi-hole v6 with Unbound - DNS Resolvers Not Reaching IPv6 Nameservers Despite Active IPv6 Connection

Hi,

I’m running Pi-hole v6 and Unbound on my DietPi setup, and both are working perfectly for IPv4. However, I’ve noticed that despite having an active IPv6 connection through my ISP, websites like https://www.dnscheck.tools/ report that my DNS resolvers cannot reach IPv6 nameservers.

Here’s what I’ve checked so far:

  • My router shows IPv6 is enabled and has an active IPv6 address.
  • In dietpi-config, under the network adapter section, IPv6 is enabled.
  • Running ip -6 addr confirms that my eth0 interface has an IPv6 address assigned.

However, when I test connectivity with ping6 -c 4 google.com, I get a “network is unreachable” error.

My question is: how can I configure my setup so that my DNS resolvers (Pi-hole/Unbound) can successfully reach IPv6 nameservers? Any advice or troubleshooting steps would be greatly appreciated!

Thanks!

What is the output of:

ip -6 ad ; ip -6 ro list table all; ip -6 ru
nslookup ipv6.google.com

Please make consistent changes in the public IPv6 addresses, for example 2001:1234: can be changed to 20ab:5678: for all.

Side note: In principle, IPv6 is not required for DNS resolution itself. IPv6 addresses can also be resolved via IPv4 without any problems

Example, resolve google IPv6 via 9.9.9.9

root@DietPiProd:~# dig google.com AAAA

; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> google.com AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52021
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com.                    IN      AAAA

;; ANSWER SECTION:
google.com.             28      IN      AAAA    2a00:1450:4001:827::200e

;; Query time: 20 msec
;; SERVER: 9.9.9.9#53(9.9.9.9) (UDP)
;; WHEN: Wed Mar 26 10:58:50 CET 2025
;; MSG SIZE  rcvd: 67

root@DietPiProd:~#

I understand. I just want this IPV6 message on the DNS check website in my OP to not produce the current error.

That’s my main objective here.

Can you expand on what you meant by this?

I want to share the output you asked about, but I’d like to avoid sharing sensitive info that fingerprints my system or network on a public forum. How can I go about that to help you help me?

Based on my observations, it appears that an unbound configuration issue may need fixing, as my ISP supports IPv6 and it’s enabled. Additionally, DietPi settings have IPv6 enabled, so I suspect unbound is the problem, though I could be mistaken.

I meant that when you post the output of the above commands, change the characters to protect your privacy, but at the same time make it consistent, so we can point you to the culprit.
If your IPv6 is 2abc:1357:.... change it everywhere to 2bcd:2468:...

Understood. Here is a randomized but consistent output:

root@DietPi:~# ip -6 ad ; ip -6 ro list table all; ip -6 ru
nslookup ipv6.google.com
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::a1b2:c3d4:5678:9012/64 scope link 
       valid_lft forever preferred_lft forever
3: tailscale0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 state UNKNOWN qlen 500
    inet6 fd12:3456:789a::bcde:f012/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::1f2e:3d4c:5b6a:7890/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
fd12:3456:789a::53 dev tailscale0 table 52 metric 1024 pref medium
fd12:3456:789a::/48 dev tailscale0 table 52 metric 1024 pref medium
fd12:3456:789a::bcde:f012 dev tailscale0 proto kernel metric 256 pref medium
fe80::/64 dev tailscale0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
local fd12:3456:789a::bcde:f012 dev tailscale0 table local proto kernel metric 0 pref medium
anycast fe80:: dev tailscale0 table local proto kernel metric 0 pref medium
anycast fe80:: dev eth0 table local proto kernel metric 0 pref medium
local fe80::1f2e:3d4c:5b6a:7890 dev tailscale0 table local proto kernel metric 0 pref medium
local fe80::a1b2:c3d4:5678:9012 dev eth0 table local proto kernel metric 0 pref medium
multicast ff00::/8 dev tailscale0 table local proto kernel metric 256 pref medium
multicast ff00::/8 dev eth0 table local proto kernel metric 256 pref medium
0:      from all lookup local
5210:   from all fwmark 0x80000/0xff0000 lookup main
5230:   from all fwmark 0x80000/0xff0000 lookup default
5250:   from all fwmark 0x80000/0xff0000 unreachable
5270:   from all lookup 52
32766:  from all lookup main
Server:         10.28.87.2
Address:        10.28.87.2#53

Non-authoritative answer:
ipv6.google.com canonical name = ipv6.l.google.com.
Name:   ipv6.l.google.com
Address: 2607:f8b0:400a:805::200e

There is no global IPv6 address assigned to eth0.
Tailscale has some private address only.

Hmm. So all I need to do is enable IPv6 DHCP in my router?

What exactly is your use case? For what reason you need IPv6 an you local system? DNS resolution doesn’t require it.

No specific use case, just want to turn the red “DNS resolvers cannot reach IPv6 nameservers” to green on dnstools.check. Experimenting and tinkering to make it happen. Nothing wrong with that.

I enabled IPv6 DHCP and I can see my LAN devices being assigned IPv6 addresses slowly. So far the dietpi hasn’t received one even though ipv6 is enabled in dietp-config.

Simply reboot the device

I did and still no ipv6 address is being assigned.

When monitoring LAN devices in my router’s web interface, I see an IPv6 address briefly assigned to the DietPi device, but it quickly disappears. This keeps reoccurring every several minutes or so.

Have you enabled IPv6 in dietpi-config > Network Options: Adapters first?

Yes I have. It’s been enabled since the day I installed dietpi.

I set the network DHCP IPv6 to ‘stateless dhcp v6 mode’.

I then set the primary and secondary DNS using the IPv6 address from the dietpi system that’s produced by executing ip -6 addr show eth0.

Rebooted the Pi and my router and most of my devices are showing IPv6, but the Raspberry Pi4 with dietpi is failing to do so.

Run this:

cat << EOF > /etc/network/interfaces.d/ipv6.conf
iface eth0 inet6 dhcp
        # use SLAAC to get global IPv6 address from the router
        # we may not enable ipv6 forwarding, otherwise SLAAC gets disabled
        autoconf 1
        accept_ra 2
EOF

Then do an ifup eth0 or reboot

The configuration worked, but my static IPv4 address disappeared so I changed it to:

sudo bash -c 'cat << EOF > /etc/network/interfaces.d/ipv6.conf
# IPv4 configuration
auto eth0
iface eth0 inet dhcp

# IPv6 configuration
iface eth0 inet6 dhcp
        autoconf 1
        accept_ra 2
EOF'

And now I have both IPv4 and IPv6.

I checked dnscheck.tools again, but still the same red error on IPv6 nameservers not being reachable by my DNS resolvers.

Is there another step I’m supposed to do after assigning the IPv6 LAN IP simultaneously alongside the IPv4?