Ubuntu has a newer Internet protocol called IPv6 turned on by default. However, some hardware — such as NICs and modems — shows broken behavior when exposed to IPv6 related DNS requests[1]. This leaves you wondering why DNS resolution seems slower or doesn't work at all. This guide shows how to disable this new protocol.

[1] « Various forums on the Internet carry reports of people disabling IPv6 because of perceived slowdowns when connecting to hosts on the Internet. This happens because of DNS resolver issues.

This "slow-down" results from DNS resolution failures due to broken NAT 'routers' and other DNS resolvers which don't know how to handle the AAAA DNS query. These DNS resolvers just drop the DNS query request for the AAAA record, instead of returning the appropriate negative DNS response. Because the request is dropped, the host sending the request has to time out, thus causing a perceived slow down when connecting to new hosts.

Note that DNS queries happen over any transport available (IPv4, if only protocol); the transport is independent from the type of query. »

  • Jeroen Massar

Blackhole IPv6 route

Slow responses are often due to the presence of a default route for IPv6 but which is not connected to the Internet. Routers and or other machines on the network may advertise themselves as IPv6 routers, and your own host's Linux kernel can add these as a default IPv6 gateway automatically (probably only when there is no default route yet). To counter this issue, you can block all received Router-Advertisement (RA) packets either by setting a sysctl flag or using ip6tables (tutorials for that elsewhere).

In /etc/sysctl.conf one would add:

net.ipv6.conf.all.accept_ra = 0

or with ip6tables (further actions may be needed to make this permanent across reboots),

ip6tables -I INPUT -p ipv6-icmp --icmpv6-type router-advertisement -j DROP

Hosts having working IPv6 networking do have a default route (as shown below); conversely, if you do not have IPv6 internet, no "default.." line should be present to avoid delays. If RA is blocked from the start, no such route should spring into existence either, thereby solving the problem.

# ip -6 r
2a01:198:200:f::/64 via :: dev sit1  proto kernel  metric 256  mtu 1392 advmss 1332 hoplimit 4294967295
fe80::/64 dev rtl0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev sis0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev sit1  proto kernel  metric 256  mtu 1392 advmss 1332 hoplimit 4294967295
default via 2a01:198:200:f::1 dev sit1  metric 1024  mtu 1392 advmss 1332 hoplimit 4294967295

The rationale behind this is: If there is no default IPv6 route, attempts to connect with outside IPv6 hosts immediately fails because there is no route to them, and programs can continue to try with IPv4 without delays.

Hence, completely disabling IPv6 by removing addresses on interfaces or unloading the module is often just a bad workaround. Below's claims w.r.t. DNS are therefore to be taken with lots of salt.

Checking whether IPv6 is Enabled

Open up a terminal and type:

test -f /proc/net/if_inet6 && echo "Running kernel is IPv6 ready"

If it says

Running kernel is IPv6 ready

then IPv6 is enabled. If there's no output, then IPv6 is disabled.

Permanently disable ipv6 in 14.04

sudo nano /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

sudo nano /etc/init/scip.conf

# description "Start sysctl at boot"

description "sysctl"

start on runlevel [2345]
stop on runlevel [016]

console log

respawn limit unlimited

exec /sbin/sysctl -p

Identifying the Broken Device

The real reason for the problem is because IPv6 does DNS queries for "AAAA" records which request the IPv6 address of an internet hostname. You can identify the problem from a terminal, by making a specific DNS query such as:

dig AAAA www.kame.net

The corresponding query for an IPv4 address would be:

dig A www.kame.net

If the first one of these queries times out without returning a valid IPv6 address then your internet router is not working correctly and you may want to see if there is a firmware upgrade available to fix the real problem.

WebBrowsingSlowIPv6IPv4 (last edited 2015-04-30 00:14:53 by penalvch)