Configure order of IPv6 DNS records returned (ULA before GUA)?

Is there any way to configure the order of the IPv6 DNS records returned by OpenWRT? The reason being is that I would like clients to prefer the ULA address on the local network due to Nginx IP filtering using ULA addresses and being unable to use GUA addresses here due to no static prefix from my ISP. This means that sometimes clients will use their GUA address when accessing the server and be blocked.

Here's an example, with fd67:0:0:1::2 being the ULA address.

$ nslookup changedetection.domain.lan

changedetection.domain.lan     canonical name = containerhost.domain.lan.
Name:   containerhost.domain.lan
Name:   containerhost.domain.lan
Address: GUA:ADDR:****:***1::2
Name:   containerhost.domain.lan
Address: fd67:0:0:1::2

As a workaround, here a quick one-liner to set this on the client side for Linux clients.

grep -qxF 'precedence fc00::/7 45' /etc/gai.conf || echo 'precedence fc00::/7 45' | sudo tee -a /etc/gai.conf

Then, either reboot, or restart the networking service.

As a note, this configuration goes directly against RFC 6724, and as inferred by the RFC, will cause issues if someone publishes an LUA address to public DNS, as the address will be unreachable.

I like IPv6 is a tech, but sometimes it feels like it's a product of the optimism of the time it was designed, where ISPs would do the right thing and people would be more likely to create on a more decentralized web than just consume on a few large platforms.

You can just add a /48 for the ULA address range you use. That way you would still avoid other folks' ULAs. I've been running with the following for years and the IETF police hasn't kicked in my door yet. :grinning:

precedence fc00::/7               3
precedence fd12:3456:789a::/48 	 37

label fd12:3456:789a::/48 	 15