Both Windows and FreeBSD clients were missing the usual V6 DNS server addresses.
With Comcast the V6 delegated prefix changes with every pfSense reboot.
I'm requesting a 60 bit prefix. The delegated ranges below are correct given that the masked (xxxx) parts are the same value for both interfaces.
LAN (lan) -> re2 -> v4: 192.168.1.1/24
v6/t6: 2601:cf:xxxx:19b0:230:18ff:fec8:fdb/64
DMZ (opt1) -> re3 -> v4: 192.168.2.1/24
v6/t6: 2601:cf:xxxx:19b1:230:18ff:fec8:fdc/64
I think I have found the problem, and a partial solution.
On the Resolver (unbound) config page, there is a drop-down that allows you to specify network interfaces. Out of paranoia I've always selected only the LAN and DMZ interfaces there, leaving out the WAN interface. I'm guessing that most leave this setting at the default ALL setting. On a whim, since I was having V6 DNS resolution issues, I replaced the setting with ALL. Lo and behold all started operating as expected!!!
Reverted to the more selective setting, with the following /var/unbound/unbound.conf generated.
Interface IP(s) to bind to
interface: 73.184.240.250 <<=== What is this doing here. It is the WAN side V4 address which is NOT selected!
interface: 2001:558:6011:93:3ce8:f1d4:efe4:5540 <<=== Same here for V6!
interface: 192.168.1.1
interface: 2601:cf:8101:b550:230:18ff:fec8:fdb
interface: 192.168.2.1
interface: 2601:cf:8101:b551:230:18ff:fec8:fdc
interface: fe80::230:18ff:fecb:11a3%re1
interface: fe80::1:1%re2
interface: fe80::1:1%re3
interface: 127.0.0.1
interface: ::1
Unbound restarted, I ran the V6 tests, again all is well!!!
Rebooted… No more V6 DNS resolution!!! Over to the service status page. The unbound DNS resolver is stopped!
Manually start the resolver and V6 DNS support is restored.
So the question is: Why does unbound fail at reboot if specific interfaces are configured for unbound.
No error logs in the unbound logs. This in the system log:
rc.bootup: The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '[1468603936] unbound[35432:0] error: can't bind socket: Can't assign requested address for fe80::230:18ff:fec8:fdb [1468603936] unbound[35432:0] fatal error: could not open ports'
OK, deleted the V6 link local interfaces from the selected unbound interfaces, rebooted, and all is well.
Sooo… Should link local interfaces actually be considered as V6 DNS query interface candidates or not. If so, why do they cause unbound to fail on reboot. If not, should they be presented as interface candidates in the unbound interface selection drop down?