diff --git a/TODO.md b/TODO.md
index 166b45b..25a6c45 100644
--- a/TODO.md
+++ b/TODO.md
@@ -40,3 +40,7 @@ nullfs into jail
 - kresd.conf => listen on ::
 - add ::1 to host resolv.conf
 - add default gw to jail resolv.conf
+
+## Network
+
+{{ ansible_default_ipv6.interface }} sometimes resolves to the link local ip, not the inet6 one, which results in a wrong (or none) default route and resolve.conf inside the jail.
diff --git a/roles/server/files/kresd.conf b/roles/server/files/kresd.conf
index 3753207..e5ddf1b 100644
--- a/roles/server/files/kresd.conf
+++ b/roles/server/files/kresd.conf
@@ -1,7 +1,7 @@
 -- Network interface configuration
 net.listen('127.0.0.1', 53, { kind = 'dns' })
 net.listen('127.0.0.1', 853, { kind = 'tls' })
-net.listen('::1', 53, { kind = 'dns', freebind = true })
+net.listen('::', 53, { kind = 'dns', freebind = true })
 net.listen('::1', 853, { kind = 'tls', freebind = true })
 
 -- Load useful modules