You are right! I tried the masquerade rules (initially I thought you were saying about the wan postrouting masquerade) and now replies back to clients seem to come from the legitimate nameserver.
Regarding IPv6 why are you trying to masquerade on the wan? Any host contacting some other host on the internet should use the GUA, not the LUA.
I also fixed the reply from unexpected source for ipv6 just with this: ip6tables -t nat -A POSTROUTING -d fd00:bbbb::2 -p udp -m udp --dport 53 -m comment --comment "!fw3: DNS Pi-hole MASQUERADE" -j MASQUERADE
My current config for reference:
#
# DNSHIJACKv4
# Log and hijack to Pihole
iptables -t nat -N dnshijack
iptables -t nat -I dnshijack -j LOG --log-prefix "dnshijack4 "
iptables -t nat -A dnshijack -j DNAT --to-destination 10.0.2.2
# allow Pihole to query internet
iptables -t nat -A prerouting_lan_rule -m mac --mac-source 00:11:22:33:44:55 -p udp --dport 53 -j ACCEPT
iptables -t nat -A prerouting_lan_rule -m mac --mac-source 00:11:22:33:44:55 -p tcp --dport 53 -j ACCEPT
# allow queries to OpenWrt
iptables -t nat -A prerouting_lan_rule -p tcp --dport 53 -d 10.0.2.1 -j ACCEPT
iptables -t nat -A prerouting_lan_rule -p udp --dport 53 -d 10.0.2.1 -j ACCEPT
# anything else is hijacked
iptables -t nat -A prerouting_lan_rule -p udp --dport 53 -j dnshijack
iptables -t nat -A prerouting_lan_rule -p tcp --dport 53 -j dnshijack
# other zones
iptables -t nat -A prerouting_guest_rule -p tcp --dport 53 -d 10.0.2.2 -j ACCEPT
iptables -t nat -A prerouting_guest_rule -p udp --dport 53 -d 10.0.2.2 -j ACCEPT
iptables -t nat -A prerouting_guest_rule -p udp --dport 53 -j dnshijack
iptables -t nat -A prerouting_guest_rule -p tcp --dport 53 -j dnshijack
iptables -t nat -A prerouting_iot_rule -p tcp --dport 53 -d 10.0.2.2 -j ACCEPT
iptables -t nat -A prerouting_iot_rule -p udp --dport 53 -d 10.0.2.2 -j ACCEPT
iptables -t nat -A prerouting_iot_rule -p udp --dport 53 -j dnshijack
iptables -t nat -A prerouting_iot_rule -p tcp --dport 53 -j dnshijack
# fix "reply from unexpected source"
iptables -t nat -A postrouting_lan_rule -d 10.0.2.2 -p tcp -m tcp --dport 53 -m comment --comment "!fw3: DNS Pi-hole MASQUERADE" -j MASQUERADE
iptables -t nat -A postrouting_lan_rule -d 10.0.2.2 -p udp -m udp --dport 53 -m comment --comment "!fw3: DNS Pi-hole MASQUERADE" -j MASQUERADE
#
# DNSHIJACKv6
# Log and send to Pihole
ip6tables -t nat -N dnshijack
ip6tables -t nat -I dnshijack -j LOG --log-prefix "dnshijack6 "
ip6tables -t nat -A dnshijack -j DNAT --to-destination fd00:bbbb::2
# allow to ask OpenWrt
ip6tables -t nat -A prerouting_lan_rule -p tcp --dport 53 -d fd00:bbbb::1 -j ACCEPT
ip6tables -t nat -A prerouting_lan_rule -p udp --dport 53 -d fd00:bbbb::1 -j ACCEPT
# allow Pihole to query internet
ip6tables -t nat -A prerouting_lan_rule -m mac --mac-source 00:11:22:33:44:55 -p udp --dport 53 -j ACCEPT
ip6tables -t nat -A prerouting_lan_rule -m mac --mac-source 00:11:22:33:44:55 -p tcp --dport 53 -j ACCEPT
# anything else goes to hijack
ip6tables -t nat -A prerouting_lan_rule -p udp --dport 53 -j dnshijack
ip6tables -t nat -A prerouting_lan_rule -p tcp --dport 53 -j dnshijack
# other zones
ip6tables -t nat -A prerouting_guest_rule -p tcp --dport 53 -d fd00:bbbb::2 -j ACCEPT
ip6tables -t nat -A prerouting_guest_rule -p udp --dport 53 -d fd00:bbbb::2 -j ACCEPT
ip6tables -t nat -A prerouting_guest_rule -p udp --dport 53 -j dnshijack
ip6tables -t nat -A prerouting_guest_rule -p tcp --dport 53 -j dnshijack
ip6tables -t nat -A prerouting_iot_rule -p tcp --dport 53 -d fd00:bbbb::2 -j ACCEPT
ip6tables -t nat -A prerouting_iot_rule -p udp --dport 53 -d fd00:bbbb::2 -j ACCEPT
ip6tables -t nat -A prerouting_iot_rule -p udp --dport 53 -j dnshijack
ip6tables -t nat -A prerouting_iot_rule -p tcp --dport 53 -j dnshijack
# fix "reply from unexpected source"
ip6tables -t nat -A postrouting_lan_rule -d fd00:bbbb::2 -p udp -m udp --dport 53 -m comment --comment "!fw3: DNS Pi-hole MASQUERADE" -j MASQUERADE
ip6tables -t nat -A postrouting_lan_rule -d fd00:bbbb::2 -p tcp -m tcp --dport 53 -m comment --comment "!fw3: DNS Pi-hole MASQUERADE" -j MASQUERADE