Whenever your BIND requests the addresses of either the root DNS servers or of any the top level domains' DNS servers, it is going to get a list of both IPv6 and IPv4 addresses - the root or TLD nameserver does neither know nor care that you might not have IPv6 internet connectivity.
And since you have at least local IPv6 connectivity, BIND will attempt to use IPv6. So, if a NS records for a particular external domain specify a DNS server name that has an IPv6 address associated with it, and that record happens to be the first in the current round-robin order, BIND will attempt to use IPv6 to perform a recursive name resolution for one of its clients.
Yes, even if the client did make its request over IPv4.
And yes, even if the client only requested an A record, not an AAAA.
But since you apparently don't have IPv6 internet connectivity, any attempt to contact an external DNS server over IPv6 will fail with a network unreachable error. At that point, BIND will try other IP addresses listed for that DNS server... and when it tries an IPv4 address, it will work just fine.
Remember: With the DNS protocol, there is nothing to block you from requesting IPv4 information over IPv6, or vice versa. And when your BIND is doing a recursive resolve on behalf of one of its clients, it will use whatever protocol it sees fit: the fact that the client may have connected to your BIND using IPv4 does not automatically mean BIND should restrict itself to IPv4 only.
To tell BIND that any IPv6 addresses for external DNS servers should not be used, one possibility would be to declare the entire IPv6 address space (except your local domain(s), for which your BIND is presumably already authoritative for) as bogus:
server ::/0 {
bogus yes;
};
(I have not tested whether or not you will then have to explicitly reverse this for any other local IPv6-reachable DNS servers you may have.)
Another option to fully stop BIND from trying to reach out to other DNS servers over IPv6 would be to start BIND with the -4 option, which does not seem appropriate to your situation, as you said your local network is IPv6-capable but apparently has no IPv6 connectivity to the internet.
Source: this question on Server Fault.
If you want to stop any IPv4 clients of your BIND from ever seeing any IPv6 addresses, you could add this line to the options section:
filter-aaaa-on-ipv4 break-dnssec;
However, this does not have any effect at all on BIND's use of IPv6 on outgoing connections to other DNS servers. And it will only work if your BIND has been compiled with the ./configure --enable-filter-aaaa build-time option.
Source: https://kb.isc.org/docs/aa-00576
fe80:...is similar to169.254.*.*link-local zeroconf address of IPv4, but unlike IPv4, any other addresses will be added alongside it, not replace it. Your router should be sending out periodic IPv6 router advisories if it provides IPv6 connectivity: in Linux, you could use therdisc6tool to see them. An IPv6 router advisory will specify the netmask and default gateway, and will also tell any clients if they should use DHCPv6, or if they can just use SLAAC methods to generate themselves a routable IPv6 address. Your internet provider should have some docs on IPv6. – telcoM Jun 10 '21 at 21:56