apt-get error on ubuntu after applying IPV6 rules in IPTables

March 30, 2016 585 views
Networking Linux Basics Ubuntu

This question was originally asked by paveltashev after going through our how to implement a basic firewall tutorial, but we thought it would be useful to share here.

After applying new IPv6 rules in IPTables I got an error. When I execute:

sudo apt-get update

I get the following error:

Err http://security.ubuntu.com trusty-security InRelease
Err http://ppa.launchpad.net trusty InRelease
Err http://ppa.launchpad.net trusty Release.gpg
  Could not resolve 'ppa.launchpad.net'
Err http://security.ubuntu.com trusty-security Release.gpg
  Could not resolve 'security.ubuntu.com'
Err http://mirrors.digitalocean.com trusty InRelease
Err http://mirrors.digitalocean.com trusty-updates InRelease
Err http://mirrors.digitalocean.com trusty Release.gpg
  Could not resolve 'mirrors.digitalocean.com'
Err http://mirrors.digitalocean.com trusty-updates Release.gpg
  Could not resolve 'mirrors.digitalocean.com'
Reading package lists... Done
W: Failed to fetch http://mirrors.digitalocean.com/ubuntu/dists/trusty/InRelease
W: Failed to fetch http://mirrors.digitalocean.com/ubuntu/dists/trusty-updates/InRelease
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/trusty-security/InRelease
W: Failed to fetch http://ppa.launchpad.net/ondrej/php5-5.6/ubuntu/dists/trusty/InRelease
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/trusty-security/Release.gpg  Could not resolve 'security.ubuntu.com'
W: Failed to fetch http://ppa.launchpad.net/ondrej/php5-5.6/ubuntu/dists/trusty/Release.gpg  Could not resolve 'ppa.launchpad.net'
W: Failed to fetch http://mirrors.digitalocean.com/ubuntu/dists/trusty/Release.gpg  Could not resolve 'mirrors.digitalocean.com'
W: Failed to fetch http://mirrors.digitalocean.com/ubuntu/dists/trusty-updates/Release.gpg  Could not resolve 'mirrors.digitalocean.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.
1 Answer

This can actually be the result of a few different factors working in conjunction.

First, the failure to fetch the new package updates seem to be related to DNS. Depending on a few different things sometimes your network configuration will be configured to rely on IPv6 name servers. This can become a problem if we are blocking IPv6. We can easily change the settings to use IPv4 servers however.

First, open up the network configuration file in your text editor:

  • sudo nano /etc/network/interfaces

Inside, you should see a few different configuration blocks, one for each of your configured network interfaces. Only one of these will define a parameter called dns-nameservers. This is the option we need to modify. We can change the value to use the and name servers, both of which are reliably operated by Google:

. . .

iface eth0 inet6 static
        address ...
        netmask 64
        gateway 2604:A880:0800:00A1:0000:0000:0000:0001
        autoconf 0
iface eth0 inet static
        address . . .
        . . .

Save and close the file when you've change that value.

Next, we can modify the behavior of the getaddrinfo configuration file. This will help us control whether IPv4 or IPv6 destinations are preferred if we are given a choice. We can change this behavior by modifying the /etc/gai.conf file:

  • sudo nano /etc/gai.conf

Inside, find and uncomment this line:

. . .
precedence ::ffff:0:0/96  100
. . .

This will tell your system to always choose IPv4 when given the choice. Save and close the file when you have uncommented the line above.

Now, we just need to restart our network interface to use our new DNS settings. Assuming that the network interface in question is eth0, you can stop and quickly restart the interface, reading the new configuration changes, by typing:

  • sudo ifdown eth0 && sudo ifup eth0

You will have a momentary pause in your connection to the server as the network is adjusted.

After that, all of your services, including apt, will prefer IPv4. That should fix the issue you are seeing.

Have another answer? Share your knowledge.