Unable to turn off IPv6 and still use DNS

I recently updated to 19.07.8 with the default config and am trying to disable my router from using IPv6 over the public internet. I have read several iterations of advice like this (or this). What I thought I could do is make the following edits to my default configs:

# /etc/config/network
…
config interface 'wan'
        option ifname 'eth1.2'
        option proto 'dhcp'
        # Don't trust ISP-provided DNS servers …
        option peerdns '0'
        # … but use these instead
        list dns '185.121.177.177'
        list dns '169.239.202.202'
        # this appears to have no effect
        option ipv6 'off'

# Disable wan6
# config interface 'wan6'
#         option ifname 'eth1.2'
#         option proto 'dhcpv6'
…
# /etc/config/firewall
…
config zone
        option name 'wan'
        list network 'wan'
        # Remove the only reference to wan6
        # list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'…
# /etc/config/dhcp

config dnsmasq
        …
        option logqueries '1'
        # Delegate to these DNS servers
        list server '185.121.177.177'
        list server '169.239.202.202'
…

What I'm trying to do is ensure that I do not have a public-facing IPv6 interface and that packets routed from my router to the public Internet use IPv4. I expected that the above configuration would do this and would route DNS requests to the indicated OpenNIC servers. However, what actually happens is that my router can't resolve any public address.

On my router:

root@…:~# date
Fri Sep 10 16:54:07 UTC 2021
root@…:~# nslookup openwrt.org
;; connection timed out; no servers could be reached

root@…:~# nslookup openwrt.org localhost
;; connection timed out; no servers could be reached

dnsmasq log:

Fri Sep 10 16:54:37 2021 daemon.info dnsmasq[3391]: 937 127.0.0.1/40425 query[A] 3.openwrt.pool.ntp.org from 127.0.0.1
Fri Sep 10 16:54:37 2021 daemon.info dnsmasq[3391]: 937 127.0.0.1/40425 forwarded 3.openwrt.pool.ntp.org to 169.239.202.202
Fri Sep 10 16:54:37 2021 daemon.info dnsmasq[3391]: 937 127.0.0.1/40425 forwarded 3.openwrt.pool.ntp.org to 185.121.177.177
Fri Sep 10 16:54:37 2021 daemon.info dnsmasq[3391]: 937 127.0.0.1/40425 forwarded 3.openwrt.pool.ntp.org to 185.121.177.177
Fri Sep 10 16:54:37 2021 daemon.info dnsmasq[3391]: 937 127.0.0.1/40425 forwarded 3.openwrt.pool.ntp.org to 169.239.202.202
Fri Sep 10 16:54:37 2021 daemon.info dnsmasq[3391]: 938 127.0.0.1/40425 query[AAAA] 3.openwrt.pool.ntp.org from 127.0.0.1
Fri Sep 10 16:54:37 2021 daemon.info dnsmasq[3391]: 938 127.0.0.1/40425 forwarded 3.openwrt.pool.ntp.org to 169.239.202.202
Fri Sep 10 16:54:37 2021 daemon.info dnsmasq[3391]: 938 127.0.0.1/40425 forwarded 3.openwrt.pool.ntp.org to 185.121.177.177
Fri Sep 10 16:54:37 2021 daemon.info dnsmasq[3391]: 938 127.0.0.1/40425 forwarded 3.openwrt.pool.ntp.org to 185.121.177.177
Fri Sep 10 16:54:37 2021 daemon.info dnsmasq[3391]: 938 127.0.0.1/40425 forwarded 3.openwrt.pool.ntp.org to 169.239.202.202

A similar behavior exists if I try to perform a lookup from one of the devices on my private lan:

% nslookup openwrt.org 192.168.254.1  # router IP
;; connection timed out; no servers could be reached

I can ping and traceroute raw IPs from both my router and lan devices:

root@…:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=117 time=19.248 ms
64 bytes from 8.8.8.8: seq=1 ttl=117 time=17.440 ms
64 bytes from 8.8.8.8: seq=2 ttl=117 time=19.615 ms
64 bytes from 8.8.8.8: seq=3 ttl=117 time=18.472 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 17.440/18.693/19.615 ms
root@…:~# traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 38 byte packets
 1  <ISP_IP> (<ISP_IP>)  7.114 ms  9.264 ms  8.993 ms
 2  …  10.262 ms  8.126 ms  8.746 ms
 3  …  8.901 ms  7.333 ms  8.533 ms
 4  …  9.521 ms  9.862 ms  9.997 ms
 5  …  20.095 ms  21.352 ms  20.143 ms
 6  …  18.098 ms  18.898 ms  18.147 ms
 7  …  18.532 ms  75.149.231.226 (75.149.231.226)  17.876 ms  18.752 ms
 8  *  *  *
 9  8.8.8.8 (8.8.8.8)  20.740 ms  17.848 ms  18.746 ms

My interfaces:

root@…:~# ifconfig
…

eth1.2    Link encap:Ethernet  HWaddr …
          inet addr:<ISP_ASSIGNED_IP>  Bcast:<ISP_ASSIGNED_BCAST_IP>  Mask:255.255.254.0
          inet6 addr: fe80::6238:…/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:742 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11923 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:193143 (188.6 KiB)  TX bytes:958142 (935.6 KiB)

wlan0     Link encap:Ethernet  HWaddr …
          inet6 addr: fe80::6038:…/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6046 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2085 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:587155 (573.3 KiB)  TX bytes:1459993 (1.3 MiB)

wlan1     Link encap:Ethernet  HWaddr …
          inet6 addr: fe80::6038:…/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:133 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:39056 (38.1 KiB)

I can't even use my designated IPv4 DNS servers when I have wan6:

Adding this back won't work:

…
config interface 'wan6'
        option ifname 'eth1.2'
        option proto 'dhcpv6'
        option delegate '0'
        option peerdns '0'
…

Nor will this:

…
config interface 'wan6'
        option ifname 'eth1.2'
        option proto 'dhcpv6'
        option delegate '0'
        option peerdns '0'
        list dns '185.121.177.177'
        list dns '169.239.202.202'
…
root@…:~# ifconfig
…
eth1.2    Link encap:Ethernet  HWaddr …
          inet addr:<ISP_ASSIGNED_IPv4>  Bcast:<ISP_ASSIGNED_BCAST_IPv4>  Mask:255.255.254.0
          inet6 addr: <ISP_ASSIGNED_IPv6>/128 Scope:Global
          inet6 addr: fe80::6238:…/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:24 errors:0 dropped:0 overruns:0 frame:0
          TX packets:271 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4882 (4.7 KiB)  TX bytes:23058 (22.5 KiB)
…

Only if I do this, can I resolve names:

…
config interface 'wan6'
        option ifname 'eth1.2'
        option proto 'dhcpv6'
        option delegate '0'
        option peerdns '0'
        # These have to be IPv6 addresses for some reason, otherwise I can't resolve names
        list dns '2a05:dfc7:5::53'
        list dns '2a05:dfc7:5::5353'
…

Now it works (but uses IPv6):

root@…:~# nslookup openwrt.org
Server:         127.0.0.1
Address:        127.0.0.1#53

Name:      openwrt.org
Address 1: 139.59.209.225
Address 2: 2a03:b0c0:3:d0::1af1:1

dnsmasq logs:

Fri Sep 10 17:12:14 2021 daemon.info dnsmasq[5874]: 155 127.0.0.1/49708 query[A] openwrt.org from 127.0.0.1
Fri Sep 10 17:12:14 2021 daemon.info dnsmasq[5874]: 155 127.0.0.1/49708 forwarded openwrt.org to 2a05:dfc7:5::5353
Fri Sep 10 17:12:14 2021 daemon.info dnsmasq[5874]: 156 127.0.0.1/49708 query[AAAA] openwrt.org from 127.0.0.1
Fri Sep 10 17:12:14 2021 daemon.info dnsmasq[5874]: 156 127.0.0.1/49708 forwarded openwrt.org to 2a05:dfc7:5::5353
Fri Sep 10 17:12:14 2021 daemon.info dnsmasq[5874]: 155 127.0.0.1/49708 reply openwrt.org is 139.59.209.225
Fri Sep 10 17:12:14 2021 daemon.info dnsmasq[5874]: 156 127.0.0.1/49708 reply openwrt.org is 2a03:b0c0:3:d0::1af1:1

What gives?

The wan/wan6 thing might have been a non sequitur, but I still can't resolve names unless I'm delegating to DNS servers over IPv6. This resolves names, but via IPv6:

# /etc/config/network
…
config interface 'wan'
        option ifname 'eth1.2'
        option proto 'dhcp'
        # Don't trust ISP-provided DNS servers …
        option peerdns '0'

config interface 'wan6'
        option ifname 'eth1.2'
        option proto 'dhcpv6'
        # Don't trust ISP-provided addresses or DNS servers …
        option delegate '0'
        option peerdns '0'
…
# /etc/config/dhcp

config dnsmasq
        …
        option logqueries '1'
        # Delegate to these DNS servers, which have to be IPv6 addresses for some reason, otherwise I can't resolve names
        list server '2a05:dfc7:5::53'
        list server '2a05:dfc7:5::5353'
        # These won't work
        # list server '185.121.177.177'
        # list server '169.239.202.202'
…

How the heck can I resolve names via IPv4?