Unbound doesn't respond to ULA IPv6 address

I'm having an issue with Unbound not responding over IPv6. It works when I do it on the router, but not on devices connected to the router. I have set up a split-horizon DNS record and I thought that was not working, but seems like the issue is in Unbound.

The DNS address advertised by the router is fd6a:f17d:d871:0::1:1. I can SSH using it to the router and I can open it in a browser to see the luci interface.

Please advice, thanks.

On the computer it works only over IPv4:

> nslookup -type=A mydomain.com 192.168.16.1
Server:  openwrt
Address:  192.168.16.1

Name:    mydomain.com
Address:  192.168.28.1

> nslookup -type=A mydomain.com fd6a:f17d:d871::1
Server:  openwrt
Address:  fd6a:f17d:d871::1

Non-authoritative answer:
Name:    mydomain.com
Address: 65.254.242.180

On the router it works over both the IPv4 and IPv6:

> nslookup type=A mydomain.com 127.0.0.1
Server:         127.0.0.1
Address:        127.0.0.1:53

Name:   mydomain.com
Address: 192.168.28.1


> nslookup -type=A mydomain.com ::1
Server:         ::1
Address:        [::1]:53

Name:   mydomain.com
Address: 192.168.28.1

netstat -tunlp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      2624/uhttpd
tcp        0      0 127.0.0.1:8953          0.0.0.0:*               LISTEN      31989/unbound
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      2624/uhttpd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1369/dropbear
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      31989/unbound
tcp        0      0 :::443                  :::*                    LISTEN      2624/uhttpd
tcp        0      0 ::1:8953                :::*                    LISTEN      31989/unbound
tcp        0      0 :::80                   :::*                    LISTEN      2624/uhttpd
tcp        0      0 :::22                   :::*                    LISTEN      1369/dropbear
tcp        0      0 :::53                   :::*                    LISTEN      31989/unbound
udp        0      0 0.0.0.0:53              0.0.0.0:*                           31989/unbound
udp        0      0 0.0.0.0:67              0.0.0.0:*                           2493/odhcpd
udp        0      0 :::546                  :::*                                4386/odhcp6c
udp        0      0 :::547                  :::*                                2493/odhcpd
udp        0      0 :::547                  :::*                                2493/odhcpd
udp        0      0 :::53                   :::*                                31989/unbound

/etc/config/unbound

config unbound 'ub_main'
	option edns_size '1232'
	option hide_binddata '1'
	option interface_auto '1'
	option listen_port '53'
	option localservice '1'
	option manual_conf '0'
	option num_threads '1'
	option protocol 'default'
	option rate_limit '0'
	option rebind_localhost '0'
	option rebind_protection '1'
	option recursion 'default'
	option root_age '9'
	option ttl_neg_max '1000'
	option verbosity '1'
	option dhcp_link 'odhcpd'
	option dhcp4_slaac6 '1'
	option enabled '1'
	option iface_lan 'lan'
	option validator '1'
	option validator_ntp '1'
	option resource 'medium'
	option unbound_control '1'
	option extended_stats '1'
	option add_extra_dns '1'
	option dns64 '0'
	option ttl_min '300'
	option domain_type 'static'
	option add_wan_fqdn '1'
	option add_local_fqdn '1'
	option domain 'lan'
	list iface_wan 'wan'
	list iface_wan 'wan6'
	list iface_trig 'lan'
	list iface_trig 'wan'

config zone 'auth_icann'
	option enabled '0'
	option fallback '1'
	option url_dir 'https://www.internic.net/domain/'
	option zone_type 'auth_zone'
	list server 'lax.xfr.dns.icann.org'
	list server 'iad.xfr.dns.icann.org'
	list zone_name '.'
	list zone_name 'arpa.'
	list zone_name 'in-addr.arpa.'
	list zone_name 'ip6.arpa.'

config zone 'fwd_isp'
	option enabled '0'
	option fallback '1'
	option resolv_conf '1'
	option zone_type 'forward_zone'
	list zone_name 'isp-bill.example.com.'
	list zone_name 'isp-mail.example.net.'

config zone 'fwd_google'
	option fallback '1'
	option tls_index 'dns.google'
	option tls_upstream '1'
	option zone_type 'forward_zone'
	list server '8.8.4.4'
	list server '8.8.8.8'
	list server '2001:4860:4860::8844'
	list server '2001:4860:4860::8888'
	list zone_name '.'
	option enabled '1'

config zone 'fwd_cloudflare'
	option enabled '0'
	option fallback '1'
	option tls_index 'cloudflare-dns.com'
	option tls_upstream '1'
	option zone_type 'forward_zone'
	list server '1.1.1.1'
	list server '1.0.0.1'
	list server '2606:4700:4700::1111'
	list server '2606:4700:4700::1001'
	list zone_name '.'

/etc/unbound/unbound_srv.conf

XXXX:XXXX:XXXX:XX54::/64 is my public IP range for the lan. Here are all the IPs that appear in LuCI under lan:
IPv4: 192.168.16.1/20
IPv6: XXXX:XXXX:XXXX:XX54::1/64
IPv6: fd6a:f17d:d871::1/64


access-control-view: fd6a:f17d:d871::/48 "mydomain"
access-control-view: fe80::/10 "mydomain"
access-control-view: XXXX:XXXX:XXXX:XX54::/64 "mydomain"
access-control-view: 192.168.16.1/20 "mydomain"
access-control-view: 127.0.0.1 "mydomain"
access-control-view: ::1 "mydomain"

private-domain: "mydomain.com"

private-address: 192.168.16.1/20
private-address: fd6a:f17d:d871::/48

/etc/unbound/unbound_ext.conf

view:
    name: "mydomain"
    view-first: yes
    local-zone: "mydomain.com." redirect
    local-data: "mydomain.com. IN A 192.168.28.1"

uci export network;

package network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fd6a:f17d:d871::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option defaultroute '0'
        option ip6assign '64'
        list ipaddr '192.168.16.1/20'
        option delegate '0'

config interface 'wan'
        option device 'wan'
        option proto 'pppoe'
        option username 'XXX@t-online.de'
        option password 'XXX'
        option peerdns '0'
        option ipv6 '1'
        list dns '1.1.1.1'
        list dns '1.0.0.1'
        option metric '10'

config interface 'wan_lte'
        option proto '3g'
        option device '/dev/ttyUSB2'
        option service 'umts'
        option ipv6 'auto'
        option apn 'internet'
        option auto '0'

config interface 'modem'
        option proto 'static'
        list ipaddr '192.168.0.2/24'
        option gateway '192.168.0.1'
        option delegate '0'
        option device 'wan'

config interface 'wan6'
        option proto 'dhcpv6'
        option device '@wan'
        option reqaddress 'try'
        option reqprefix '64'
        option ip6assign '64'

uci export dhcp;

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option ra 'server'
        option dhcpv6 'server'
        option ra_management '1'
        option ndp 'hybrid'
        option dns_service '0'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option leasefile '/tmp/hosts/odhcpd'
        option loglevel '4'
        option leasetrigger '/usr/lib/unbound/odhcpd.sh'
        option maindhcp '1'

config dhcp 'modem'
        option interface 'modem'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option ignore '1'
        option dynamicdhcp '0'

config dhcp 'wan6'
        option interface 'wan6'
        option ignore '1'
        option ra 'relay'
        option dhcpv6 'relay'
        option ndp 'hybrid'

ls -l /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*

lrwxrwxrwx    1 root     root            16 Aug 19 16:01 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r--    1 root     root           118 Nov 20 08:37 /tmp/resolv.conf
-rw-r--r--    1 root     root            48 Nov 20 02:33 /tmp/resolv.conf.ppp

/tmp/resolv.conf.d:
-rw-r--r--    1 root     root           156 Nov 20 02:33 resolv.conf.auto
==> /etc/resolv.conf <==
# /tmp/resolv.conf generated by Unbound UCI 2023-11-20T08:37:38+01:00
nameserver 127.0.0.1
nameserver ::1
search lan.

==> /tmp/resolv.conf <==
# /tmp/resolv.conf generated by Unbound UCI 2023-11-20T08:37:38+01:00
nameserver 127.0.0.1
nameserver ::1
search lan.

==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error

==> /tmp/resolv.conf.ppp <==
nameserver 10.105.3.100
nameserver 10.105.3.101