IPv6 DNS issues within a VPN.

Contact the VPN provider and ask them. Why are you using a VPN? Are you creating a private tunnel to a corporate or institutional network? If so, contact the network admin/support for that corporation or institution.

EmilsP wrote:

When connected to Wi-Fi network with a DHCP server that serves IPv4 and IPv6 configs, IPv6 hostname resolution works just fine.

When connected to a Wi-Fi network that only serves IPv4 configs whilst connected to a VPN that does support IPv6 and having set appropriate IPv6 addresses and routes for the tunnel device and setting IPv6 DNS servers in the system config, IPv6 hostname resolution fails. Inspecting the network traffic seems to suggest that no DNS request is being sent out, the requests just time out. This is rather peculiar, as I can reach the IPv6 addresses just fine, and if I manually send out the DNS request to the IPv6 resolver, the response comes back just fine (via dig -6 apple.com @$my-ipv6-resolver-address).

What should I be doing to ensure that IPv6 DNS works when connected to a VPN that supports IPv6?

So why are you so determined to use VPN— what do you suspect is the advantage here...

EmilsP wrote:

I don't believe there are issues with the VPN configuration as it remains the same between the IPv6 enabled LAN and the IPv4 only LAN. In fact, I've tried different clients and different configurations (WireGuard and OpenVPN), and in all of the cases, IPv6 DNS works in one network, and doesn't in the other. And the same configuration works just fine on other systems.

So why are you so determined to use VPN— what do you suspect is the advantage here...

How is this relevant to my initial question? I need to use a VPN to reach IPv6 hosts to do work. My reasons for using a VPN are orthogonal to macOS not resolving IPv6 hostnames.

If this is required for work contact your VPN/Network admin to determine why the VPN client/server is not performing correctly. Typically when connected through a private tunnel using VPN, DNS is performed at the server/private network end of the tunnel. Your Mac can not have multiple concurrent gateways.