Convince apt-get *not* to use IPv6 method
The ISP I work at is setting up an internal IPv6 network in preparation for eventually connecting to the IPv6 internet. As a result, several of the servers in this network now try to connect to security.debian.org via its IPv6 address by default when running apt-get update, and that results in having to wait for a lengthy timeout whenever I’m downloading updates of any sort.
Is there a way to tell apt to either prefer IPv4 or ignore IPv6 altogether?
How about adding a line in /etc/hosts overriding the relevant addresses? e.g.,
130.89.149.226 ftp.debian.org
195.20.242.89 security.debian.org
You could work around this by setting up a DNS proxy server that dropped ip6 responses.
You could setup apt-cacher-ng on a spare machine to act as a proxy/cache for all of your hosts. You can force the configuration to only use specific hosts or use the /etc/hosts trick suggested by @badp on that one machine.
apt-get install apt-cacher-ng
Once you have apt-cache-ng setup you just need to drop the following line (with IP address/hostname altered to point at your cacher machine) in /etc/apt/apt.conf.d/90httpproxy
Acquire::http { Proxy "http://[192.168.1.254]:3142"; };
I use that setup to reduce bandwidth usage but it should workaround your problem. Unfortunately I’m not aware of a way to directly disable ipv6 lookups for apt-get itself.
As Gilles says, use gai.conf. Notes:
- This works at a much lower level (DNS and IP networking) than APT, so it will change how all your applications network–at least, all that use
getaddrinfo. - Before editing your
gai.conf, you should back it up, and also read it (don’t worry, it’s short). The edits below are probably already mentioned in your current file; if the current file indicates something different from what’s mentioned below, you should probably prefer what’s in your current file.
But if this is what you want (which it probably is), let’s proceed. Say we have two hosts www.he.net and www.ripe.net :
$ host www.he.net
www.he.net is an alias for he.net.
he.net has address 216.218.186.2
he.net has IPv6 address 2001:470:0:76::2
$ host www.ripe.net
www.ripe.net has address 193.0.6.139
www.ripe.net has IPv6 address 2001:67c:2e8:22::c100:68b
Case 1: prefer IPV4 for all hosts
Append to /etc/gai.conf the following line:
precedence ::ffff:0:0/96 100
After saving the edited file (no need to restart), you should see networking apps (e.g., telnet) using IPV4: e.g.,
$ telnet www.ripe.net 81
Trying 193.0.6.139...
^C
$ telnet www.he.net 81
Trying 216.218.186.2...
Case 2: prefer IPV6 for specific hosts
If we want to prefer IPV6 only for www.he.net or its network, we can append a mask/prefix for all, or just some part, of its IPV6 address to /etc/gai.conf. E.g., the following line:
precedence 2001:470::/32 100
(after saving the edited file) produces
$ telnet www.ripe.net 81
Trying 193.0.6.139...
^C
$ telnet www.he.net 81
Trying 2001:470:0:76::2...
^C
Case 3: prefer IPV4 for specific hosts
If we invert the mask will the reverse be true? According to @GrueMaster, appending
precedence 2001:470::/96 100
worked for him after disabling IPV6 for security.ubuntu.com (otherwise it stalls forever).
See also:
- http://www.funtoo.org/wiki/IPv6_Networking#Prefer_IPv4_over_IPv6 (archived @ https://web.archive.org/web/20180905053005/https://www.funtoo.org/IPv6_Networking#Prefer_IPv4_over_IPv6 )
- http://www.getipv6.info/index.php/Customer_problems_that_could_occur#GNU.2FLinux (archived @ https://web.archive.org/web/20180920175314/https://getipv6.info/display/IPv6/IPv6+Info+Home#GNU.2FLinux )
I have found a much better way to do this. Open up your sources.list file and note down the hostnames of the repos. Get their IPv4 addresses, then edit sources.list with the IPv4 addresses rather than the hostnames. Apt-get should now contact the repositories over the IPv4 addresses you specified, bypassing IPv6.
There is the disadvantage that repos usually have some sort of load balancing and/or IP geolocation set up, which this method of course bypasses. However, it shouldn’t matter if only a few people are doing it. If you do find one mirror is slow, try getting another repo IP address (for instance, by using an online ping service) and use that.
Add -o Acquire::ForceIPv4=true when running apt-get.
If you want to make the setting persistent just create /etc/apt/apt.conf.d/99force-ipv4 and put Acquire::ForceIPv4 "true"; in it:
echo 'Acquire::ForceIPv4 "true";' | sudo tee /etc/apt/apt.conf.d/99force-ipv4
Config options Acquire::ForceIPv4 and Acquire::ForceIPv6 were added to version 0.9.7.9~exp1 (see bug 611891) which is available since Ubuntu Saucy (released in October 2013) and Debian Jessie (released in April 2015).
Hijacking old topic, but faced with the same problem recently. So, based on the advice given above and the output of host and whois:
# host security.debian.org
security.debian.org has address 212.211.132.250
security.debian.org has address 195.20.242.89
security.debian.org has address 212.211.132.32
security.debian.org has IPv6 address 2001:8d8:580:400:6564:a62:0:2
security.debian.org has IPv6 address 2001:a78:5:0:216:35ff:fe7f:be4f
security.debian.org has IPv6 address 2001:a78:5:1:216:35ff:fe7f:6ceb
Solved problem in a slightly different way – lowered the precedence of the IPv6 networks which contain security.debian.org in /etc/gai.conf:
# Make IPv6 for security.debian.org undesirable
precedence 2001:8d8:580::/48 5
precedence 2001:a78:5::/48 5
So, IPv6 is still preferred except for security.debian.org.
As of Oct 08th 2014, I had the same issue, trying to update debian behind a proxy on local network. In the hope it will be relevant to others, I post my response here. As others have mentioned, editing /etc/hosts is something one should be careful with.
But personally I just wanted to have the update done.
Content of /etc/apt/sources.list when doing the update (it was different before the update..):
deb http://http.debian.net/debian/ testing main
deb-src http://http.debian.net/debian/ testing main
deb http://mirrors.kernel.org/debian/ wheezy main
deb-src http://mirrors.kernel.org/debian/ wheezy main
deb http://security.debian.org/ wheezy/updates main
deb-src http://security.debian.org/ wheezy/updates main
Content of /etc/apt/apt.conf:
Acquire::http::proxy "http://192.168.1.10:7777/";
Acquire::http::Timeout "10";
Acquire::ftp::Timeout "10";
Addition to /etc/hosts:
#Workaround for making apt-get work (08-10-2014)
195.20.242.89 security.debian.org
130.89.148.12 ftp.debian.org
Now, running apt-get update ; apt-get upgrade as root worked well.
As mentioned in other answers, use, run host command on the domain to get the correct ip to insert in the hosts file.
Example:
$ host ftp.debian.org
ftp.debian.org has address 130.89.148.12
This successfully updated the system to Debian GNU/Linux testing (jessie). You might not want to run with the testing repositories, then simply remove it from the sources. The testing repositories gives you more recent updates of several packages, but is not considered stable.