pfSense

This issue first appeared when changes were made to reduce how often unbound restarts. It may have been present before, but not noticed, because unbound was restarting so often.

This issue pertains to pfsense 2.4 beta using the setting "Do not wait for a RA". After rebooting pfsense, unbound refuses ipv6 queries. This is noted with nslookup on windows and dig on windows and linux.

It's possible this problem is happening because unbound is starting before the PD process is complete.

C:\Users\User>nslookup google.com
Server: UnKnown
Address: 2001:*:*:*:215:5dff:fe5c:e21e

• UnKnown can't find google.com: Query refused

C:\Users\User>dig @2001:*:*:*:215:5dff:fe5c:e21e google.com

; <<>> DiG 9.10.5 <<>> @2001:*:*:*:215:5dff:fe5c:e21e google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; >>HEADER<< opcode: QUERY, status: REFUSED, id: 16212
;; flags: qr rd ad; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; Query time: 0 msec
;; SERVER: 2001:*:*:*:215:5dff:fe5c:e21e#53(2001:*:*:*:215:5dff:fe5c:e21e)
;; WHEN: Wed Aug 02 11:47:31 Pacific Daylight Time 2017
;; MSG SIZE rcvd: 12

After restarting unbound, nslookup and dig work properly.