From 6561a40f2c2b3b4b97d1d8f87d34ebeb752c39b6 Mon Sep 17 00:00:00 2001
From: Girish Ramakrishnan <girish@cloudron.io>
Date: Sat, 28 Jun 2025 17:56:09 +0200
Subject: [PATCH] unbound: use ipv4 on older ubuntu

SpamHaus rejects queries from ipv6.
unbound does not work on ipv6 only servers without do-ip6: true
prefer-ip4 only works on ubuntu 24

this leads to a situation that we cannot support ipv6 only servers with
older ubuntu
---
 setup/start.sh                      | 8 +++++---
 setup/start/unbound/prefer-ip4.conf | 6 ------
 setup/start/unbound/unbound.conf    | 8 +++++++-
 3 files changed, 12 insertions(+), 10 deletions(-)
 delete mode 100644 setup/start/unbound/prefer-ip4.conf

diff --git a/setup/start.sh b/setup/start.sh
index 29e087643..c67e83d70 100755
--- a/setup/start.sh
+++ b/setup/start.sh
@@ -94,10 +94,12 @@ systemctl restart systemd-journald
 usermod -a -G adm ${USER}
 
 log "Setting up unbound"
+rm -f /etc/unbound/unbound.conf.d/prefer-ip4.conf # old config file
 cp -f "${script_dir}/start/unbound/unbound.conf" /etc/unbound/unbound.conf.d/cloudron-network.conf
-unbound_version=$(unbound -V | sed -n 's/^Version \([0-9.]*\)/\1/p')
-if vergte "${unbound_version}" "1.19.2"; then
-    cp "${script_dir}/start/unbound/prefer-ip4.conf" /etc/unbound/unbound.conf.d/cloudron-prefer-ip4.conf
+if [[ "${ubuntu_version}" == "20.04" || "${ubuntu_version}" == "22.04" ]]; then
+    # on older ubuntu, prefer-ip4 option does not exist. do-ip6 has to be disabled because SpamHaus rejects IPv6 queries
+    # this means we cannot support IPv6 only servers on older ubuntu
+    sed -e 's/do-ip6: yes/do-ip6: no/' -e 's/prefer-ip4:/# prefer-ip4:/' -i /etc/unbound/unbound.conf.d/cloudron-network.conf
 fi
 rm -f /etc/unbound/unbound.conf.d/remote-control.conf # on ubuntu 24
 
diff --git a/setup/start/unbound/prefer-ip4.conf b/setup/start/unbound/prefer-ip4.conf
deleted file mode 100644
index a46d78c0d..000000000
--- a/setup/start/unbound/prefer-ip4.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-# Prefer IPv4 outbound queries. Spamhaus often rejects queries from IPv6 addresses
-# This setting is in a separate file since it only works from Ubuntu 24 , unbound 1.19.2
-
-server:
-    prefer-ip4: yes
-
diff --git a/setup/start/unbound/unbound.conf b/setup/start/unbound/unbound.conf
index 27d5ce158..f700ab1e7 100644
--- a/setup/start/unbound/unbound.conf
+++ b/setup/start/unbound/unbound.conf
@@ -6,11 +6,17 @@ server:
         interface: 127.0.0.150
         interface: 172.18.0.1
         ip-freebind: yes
-        do-ip6: yes
         access-control: 127.0.0.1 allow
         access-control: 172.18.0.1/16 allow
         cache-max-negative-ttl: 30
         cache-max-ttl: 300
+
+        # Prefer IPv4 outbound queries. Spamhaus often rejects queries from IPv6 addresses
+        # without this, unbound does not start on IPv6 only servers
+        do-ip6: yes
+        # this setting only works with ubuntu 24 and unbound >= 1.19.2
+        prefer-ip4: yes
+
         # enable below for logging to journalctl -u unbound
         # verbosity: 5
         # log-queries: yes