diff --git a/baseimage/initializeBaseUbuntuImage.sh b/baseimage/initializeBaseUbuntuImage.sh
index 7be84145c..744d9d049 100644
--- a/baseimage/initializeBaseUbuntuImage.sh
+++ b/baseimage/initializeBaseUbuntuImage.sh
@@ -126,3 +126,9 @@ systemctl disable postfix || true
 systemctl stop systemd-resolved || true
 systemctl disable systemd-resolved || true
 
+# ubuntu's default config for unbound does not work if ipv6 is disabled. this config is overwritten in start.sh
+# we need unbound to work as this is required for installer.sh to do any DNS requests
+ip6=[[ -s /proc/net/if_inet6 ]] && echo "yes" || echo "no"
+echo -e "server:\n\tinterface: 127.0.0.1\n\tdo-ip6: ${ip6}" > /etc/unbound/unbound.conf.d/cloudron-network.conf
+systemctl restart unbound
+
diff --git a/setup/start.sh b/setup/start.sh
index 6cecf82ca..396d3edbd 100755
--- a/setup/start.sh
+++ b/setup/start.sh
@@ -91,8 +91,9 @@ echo "==> Setting up unbound"
 # DO uses Google nameservers by default. This causes RBL queries to fail (host 2.0.0.127.zen.spamhaus.org)
 # We do not use dnsmasq because it is not a recursive resolver and defaults to the value in the interfaces file (which is Google DNS!)
 # We listen on 0.0.0.0 because there is no way control ordering of docker (which creates the 172.18.0.0/16) and unbound
-# If IP6 is not enabled, dns queries seem to fail on some hosts
-echo -e "server:\n\tinterface: 0.0.0.0\n\tdo-ip6: yes\n\taccess-control: 127.0.0.1 allow\n\taccess-control: 172.18.0.1/16 allow\n\tcache-max-negative-ttl: 30\n\tcache-max-ttl: 300\n\t#logfile: /var/log/unbound.log\n\t#verbosity: 10" > /etc/unbound/unbound.conf.d/cloudron-network.conf
+# If IP6 is not enabled, dns queries seem to fail on some hosts. -s returns false if file missing or 0 size
+ip6=[[ -s /proc/net/if_inet6 ]] && echo "yes" || echo "no"
+echo -e "server:\n\tinterface: 0.0.0.0\n\tdo-ip6: ${ip6}\n\taccess-control: 127.0.0.1 allow\n\taccess-control: 172.18.0.1/16 allow\n\tcache-max-negative-ttl: 30\n\tcache-max-ttl: 300\n\t#logfile: /var/log/unbound.log\n\t#verbosity: 10" > /etc/unbound/unbound.conf.d/cloudron-network.conf
 # update the root anchor after a out-of-disk-space situation (see #269)
 unbound-anchor -a /var/lib/unbound/root.key
 
diff --git a/src/config.js b/src/config.js
index 120c4ed1f..e84e70244 100644
--- a/src/config.js
+++ b/src/config.js
@@ -231,7 +231,8 @@ function isManaged() {
 
 function hasIPv6() {
     const IPV6_PROC_FILE = '/proc/net/if_inet6';
-    return fs.existsSync(IPV6_PROC_FILE);
+    // on contabo, /proc/net/if_inet6 is an empty file. so just exists is not enough
+    return fs.existsSync(IPV6_PROC_FILE) && fs.readFileSync(IPV6_PROC_FILE, 'utf8').trim().length !== 0;
 }
 
 // it has to change with the adminLocation so that multiple cloudrons