DC2R
By:
DC2R

IPv6 prevents me from using "apt-get update" (Ubuntu 14.04)

June 12, 2016 3.7k views
DNS IPv6 Networking Ubuntu

My droplet is running Ubuntu 14.04.4 LTS. I tried running the following command:

sudo apt-get update

but got errors like:

Temporary failure resolving 'mirrors.digitalocean.com'

Pinging 8.8.8.8 works. Pinging google.com results in:

ping: unknown host google.com

I found other people with a similar problem, but none of the solutions in the other threads worked, such as forcing IPv4 by uncommenting precedence ::ffff:0:0/96 100 in /etc/gai.conf.

Disabling IPv6 with /etc/sysctl.conf did not fix the DNS problems either. Is there something else that could be wrong? I tried the above commands with and without ufw enabled.

4 comments
  • A quick look at the DO network status shows no problems, so that means it's something localized to your setup. What are the contents of your /etc/resolv.conf file? Also, to be clear, you have disabled IPv4 and are only using IPv6, correct?

  • These are the only two lines in /etc/resolv.conf:

    # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
    #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
    

    Both IPv4 and IPv6 are enabled.

  • For test purposes, go ahead and edit that file for IPv4 name resolution addresses:

    # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
    #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
    nameserver 8.8.8.8
    nameserver 8.8.4.4
    

    After saving the file, try a name lookup

    dig digitalocean.com
    

    If that doesn't work, then make sure your interfaces are up (usually eth0, but check eth1 also):

    ifconfig eth0
    ifconfig eth1
    
  • Thanks! Adding the two nameservers resolved all the errors.

1 Answer

Hey @DC2R - Take a look at this answer the wonderful @jellingwood provided to a user with a similar problem.

Reproduced here:

First, the failure to fetch the new package updates seem to be related to DNS. Depending on a few different things sometimes your network configuration will be configured to rely on IPv6 name servers. This can become a problem if we are blocking IPv6. We can easily change the settings to use IPv4 servers however.

First, open up the network configuration file in your text editor:

  • sudo nano /etc/network/interfaces

Inside, you should see a few different configuration blocks, one for each of your configured network interfaces. Only one of these will define a parameter called dns-nameservers. This is the option we need to modify. We can change the value to use the 8.8.8.8 and 8.8.4.4 name servers, both of which are reliably operated by Google:

/etc/network/interfaces
. . .

iface eth0 inet6 static
        address ...
        netmask 64
        gateway 2604:A880:0800:00A1:0000:0000:0000:0001
        autoconf 0
        dns-nameservers 8.8.8.8 8.8.4.4
iface eth0 inet static
        address . . .
        . . .

Save and close the file when you've change that value.

Next, we can modify the behavior of the getaddrinfo configuration file. This will help us control whether IPv4 or IPv6 destinations are preferred if we are given a choice. We can change this behavior by modifying the /etc/gai.conf file:

  • sudo nano /etc/gai.conf

Inside, find and uncomment this line:

/etc/gai.conf
. . .
precedence ::ffff:0:0/96  100
. . .

This will tell your system to always choose IPv4 when given the choice. Save and close the file when you have uncommented the line above.

Now, we just need to restart our network interface to use our new DNS settings. Assuming that the network interface in question is eth0, you can stop and quickly restart the interface, reading the new configuration changes, by typing:

  • sudo ifdown eth0 && sudo ifup eth0

You will have a momentary pause in your connection to the server as the network is adjusted.

After that, all of your services, including apt, will prefer IPv4. That should fix the issue you are seeing.

Implementing a firewall is an important step in securing your server. A large part of that is deciding on the individual rules and policies that will enforce traffic restrictions to your network. Firewalls like iptables also allow you to have a say about the structural...
Have another answer? Share your knowledge.