diff --git a/modules/nixos/services/bind.nix b/modules/nixos/services/bind.nix
index c971daa..ee4a1e1 100644
--- a/modules/nixos/services/bind.nix
+++ b/modules/nixos/services/bind.nix
@@ -5,7 +5,12 @@
 # To set this on all home machines, I point my router's DNS resolver to the
 # local IP address of the machine running this service (swan).
 
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 
 let
 
@@ -18,8 +23,8 @@ let
   ];
   mkRecord = service: "${service}       A       ${localIp}";
   localRecords = lib.concatLines (map mkRecord localServices);
-
-in {
+in
+{
 
   config = lib.mkIf config.services.bind.enable {
 
@@ -31,12 +36,20 @@ in {
 
       # Allow requests coming from these IPs. This way I don't somehow get
       # spammed with DNS requests coming from the Internet.
-      cacheNetworks = [ "127.0.0.0/24" "192.168.0.0/16" ];
+      cacheNetworks = [
+        "127.0.0.0/24"
+        "192.168.0.0/16"
+        "::1/128" # Required because IPv6 loopback now added to resolv.conf
+        # (see: https://github.com/NixOS/nixpkgs/pull/302228)
+      ];
 
       # When making normal DNS requests, forward them to Cloudflare to resolve.
-      forwarders = [ "1.1.1.1" "1.0.0.1" ];
+      forwarders = [
+        "1.1.1.1"
+        "1.0.0.1"
+      ];
 
-      ipv4Only = true;
+      ipv4Only = false;
 
       # Use rpz zone as an override
       extraOptions = ''response-policy { zone "rpz"; };'';
@@ -59,13 +72,16 @@ in {
           '';
         };
       };
-
     };
 
     # We must allow DNS traffic to hit our machine as well
     networking.firewall.allowedTCPPorts = [ 53 ];
     networking.firewall.allowedUDPPorts = [ 53 ];
 
+    # Set our own nameservers to ourselves
+    networking.nameservers = [
+      "127.0.0.1"
+      "::1"
+    ];
   };
-
 }