Hello fellow Hurricane Electric community members,
I wanted to share this with users in case others also have issues with streaming services such as Netflix blocking IPv6 tunnel brokers. I seem to have found a solution, it is to force pfSense's Unbound DNS resolver to utilize DNS A records when accessing specific Netflix domains or other domains that have this issue.
Unbound DNS resolver has a custom option in here. You can add these options.
server:
dns64-ignore-aaaa: netflix.com
dns64-ignore-aaaa: netflix.net
dns64-ignore-aaaa: nflxext.com
dns64-ignore-aaaa: nflxso.net
dns64-ignore-aaaa: nflxvideo.net
dns64-ignore-aaaa: www.netflix.com
This seemed to resolve my issue as anything with those domains will now only use DNS A records.
I hope that helps. Thanks for all you do