DigitalOcean

Report this

What is the reason for this report?
Question

apt-get error on ubuntu after applying IPV6 rules in IPTables

Posted on March 30, 2016
Linux Basics
Networking
Ubuntu
auxiliumbo

By auxiliumbo

This question was originally asked by paveltashev after going through our how to implement a basic firewall tutorial, but we thought it would be useful to share here.

After applying new IPv6 rules in IPTables I got an error. When I execute:

sudo apt-get update

I get the following error:

Err http://security.ubuntu.com trusty-security InRelease
Err http://ppa.launchpad.net trusty InRelease
Err http://ppa.launchpad.net trusty Release.gpg
  Could not resolve 'ppa.launchpad.net'
Err http://security.ubuntu.com trusty-security Release.gpg
  Could not resolve 'security.ubuntu.com'
Err http://mirrors.digitalocean.com trusty InRelease
Err http://mirrors.digitalocean.com trusty-updates InRelease
Err http://mirrors.digitalocean.com trusty Release.gpg
  Could not resolve 'mirrors.digitalocean.com'
Err http://mirrors.digitalocean.com trusty-updates Release.gpg
  Could not resolve 'mirrors.digitalocean.com'
Reading package lists... Done
W: Failed to fetch http://mirrors.digitalocean.com/ubuntu/dists/trusty/InRelease
W: Failed to fetch http://mirrors.digitalocean.com/ubuntu/dists/trusty-updates/InRelease
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/trusty-security/InRelease
W: Failed to fetch http://ppa.launchpad.net/ondrej/php5-5.6/ubuntu/dists/trusty/InRelease
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/trusty-security/Release.gpg  Could not resolve 'security.ubuntu.com'
W: Failed to fetch http://ppa.launchpad.net/ondrej/php5-5.6/ubuntu/dists/trusty/Release.gpg  Could not resolve 'ppa.launchpad.net'
W: Failed to fetch http://mirrors.digitalocean.com/ubuntu/dists/trusty/Release.gpg  Could not resolve 'mirrors.digitalocean.com'
W: Failed to fetch http://mirrors.digitalocean.com/ubuntu/dists/trusty-updates/Release.gpg  Could not resolve 'mirrors.digitalocean.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
auxiliumbo
auxiliumbo
March 30, 2016

This can actually be the result of a few different factors working in conjunction.

First, the failure to fetch the new package updates seem to be related to DNS. Depending on a few different things sometimes your network configuration will be configured to rely on IPv6 name servers. This can become a problem if we are blocking IPv6. We can easily change the settings to use IPv4 servers however.

First, open up the network configuration file in your text editor:

  1. sudo nano /etc/network/interfaces

Inside, you should see a few different configuration blocks, one for each of your configured network interfaces. Only one of these will define a parameter called dns-nameservers. This is the option we need to modify. We can change the value to use the 8.8.8.8 and 8.8.4.4 name servers, both of which are reliably operated by Google:

/etc/network/interfaces
. . .

iface eth0 inet6 static
        address ...
        netmask 64
        gateway 2604:A880:0800:00A1:0000:0000:0000:0001
        autoconf 0
        dns-nameservers 8.8.8.8 8.8.4.4
iface eth0 inet static
        address . . .
        . . .

Save and close the file when you’ve change that value.

Next, we can modify the behavior of the getaddrinfo configuration file. This will help us control whether IPv4 or IPv6 destinations are preferred if we are given a choice. We can change this behavior by modifying the /etc/gai.conf file:

  1. sudo nano /etc/gai.conf

Inside, find and uncomment this line:

/etc/gai.conf
. . .
precedence ::ffff:0:0/96  100
. . .

This will tell your system to always choose IPv4 when given the choice. Save and close the file when you have uncommented the line above.

Now, we just need to restart our network interface to use our new DNS settings. Assuming that the network interface in question is eth0, you can stop and quickly restart the interface, reading the new configuration changes, by typing:

  1. sudo ifdown eth0 && sudo ifup eth0

You will have a momentary pause in your connection to the server as the network is adjusted.

After that, all of your services, including apt, will prefer IPv4. That should fix the issue you are seeing.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.