IPv6 encryption on UniFiOS
I have installed the NextDNS app on my UniFi Dream Machine Pro. When I have IPv6 turned off, all clients are going through the NextDNS servers encrypted. However, when IPv6 is enabled, all clients are using my ISPs DNS servers. I have tried uninstalling, reinstalling, restarting PCs, and I can't seem to get IPv6 to go through NextDNS. I am able to manually specify the NextDNS IPv6 DNS servers, but the data is then not encrypted.
Any assistance would be great.
Note: I'm currently DHCPv6 on my UDM to advertise IPv6 addresses on my local network, though changes required should be similar for PD setup.
What's happening here is that UDM is directly advertising NextDNS IPv6 (WAN) addresses to the clients to be set as their resolvers. What you want is to have all your clients use UDM as their resolvers, similarly to how IPv4 is setup.
For me, I configured my DHCPv6 name servers to advertise the IPv6 equivalent IPv4 address of my router's subnet address.
E.g. if the gateway IP is configured to 192.168.10.1, set 0:0:0:0:0:ffff:c0a8:a01 as the DHCPv6 name server. You can use any IPv4 to IPv6 address conversion tools out there to obtain the IPV6 equivalent address. Depending (if any) of your firewall configurations, you may need to allow UDP 5553 (e.g. on your Guest network).