# What is the "official" way to disable IPv6? [REOPENED]

## furanku

If I enable IPv6 DNS queries are very slow on my system because it's looking or an IPv6 server before it resolves it using IPv4. So I want to disable IPv6. But in the case I want to toy around with IPv6 I don't want to completely disable it in the kernel, nor do I want to recompile world with USE=-ipv6. So I added

```
alias ipv6 off

alias net-pf-10 off

```

to /etc/modules.d/aliases.

This works, but it doesn't feel "right" in the meaning of proper Gentoo administration. Is there an official way to disable IPv6 but keep the system capable of it, without recompiling the kernel or the whole system, by using some more meaningful and obvious configuration file then the module configuration?

[New question 2008-06-28: see below]Last edited by furanku on Sat Jun 28, 2008 7:30 pm; edited 1 time in total

----------

## phajdan.jr

 *furanku wrote:*   

> Is there an official way to disable IPv6 but keep the system capable of it, without recompiling the kernel or the whole system, by using some more meaningful and obvious configuration file then the module configuration?

 

I don't know of any Gentoo-specific way. The way you did it is quite often used and recognizable, so someone seeing this shouldn't get much confused.

----------

## mikegpitt

There's the ipv6 USE flag.  I usually add a -ipv6 to my make.conf to disable it for all programs.  You won't need to recompile your whole system afterwords, only the apps that use ipv6.  'emerge -DuN world' should take care of it.

----------

## furanku

Thanks for the answers.

Recompiling all packages affected by the ipv6 use flag seems not like a practical way to try out some IPv6 configurations now and then, setting it per package in /etc/portage/package.use seems to me like calling for troubles, so I'll stick with the solution described above.

I just thought that there might be something like a USE_IPV6_NETWORKING=true/false variable in gentoos config files that I might have missed.

----------

## MostAwesomeDude

There are two parts to IPv6, the userland and the kernel. Disabling the kernel's IPv6 will also disable it in the userland, although many applications will still check for it because of the libraries they were linked against.

Offtopic: IPv6 is generally not a bad thing... Link-scope IPv6 should not be resulting in double DNS lookups. Whose DNS servers are you using?

----------

## furanku

 *MostAwesomeDude wrote:*   

> Whose DNS servers are you using?

 

Currently OpenDNS, cached via pdnsd, which works quite good with IPv6 disabled. Before I had problems with my ISP ones, which seemed quite unreliable terms of availabilty. If you know a better solution for me (located in Hamburg, Germany): Suggestions for better servers or a better configurations are welcome!

----------

## Jaglover

I'm using dnscache (djbdns) in my router. This is serious genosse, comes with this list:

cat /var/dnscache/root/servers/@

198.41.0.4

192.228.79.201

192.33.4.12

128.8.10.90

192.203.230.10

192.5.5.241

192.112.36.4

128.63.2.53

192.36.148.17

192.58.128.30

193.0.14.129

198.32.64.12

202.12.27.33

----------

## furanku

Hmmmm I'm not too sure whether using the DNS root server as end-user in a hierarchical naming system is a good idea.

----------

## Jaglover

This is what methought, too, but since it had this list by default ... and my ISP DNS takes sometimes a few seconds to respond ...

----------

## XenoTerraCide

I wish I could tell you how to disable it... I'm not sure but you might be able to compile the ipv6 stuff in the kernel as a module. If you aren't using it, it should be disabled as it can be a major security risk.

----------

## furanku

Thats what the entries in /etc/modules.d/aliases basically do: They avoid autoloading of the ipv6 relevant kernel modules. I thought there could be a configuration option which would take care of that on the level of gentoos administration tools and files, not the raw linux modutils (well ... /etc/modules.d/ and update-modules are gentoo specific, but in a general way for all modules, and not "network" specific)

----------

## furanku

Since a few days the above described method doesn't work anymore, I had to disable ipv6 in the kernel configuration to prevent ipv6 related DNS time outs. The ipv6 kernel module was always loaded, wether the entries in modules.d/alias were present or not.

Does anybody know what happend?

----------

## XenoTerraCide

have you tried adding the ipv6 modules to /etc/modprobe.d/blacklist ? this is typically the preferred way to stop modules from loading.. also have you looked to see if there are options to set in sysctl settings...

----------

## furanku

 *XenoTerraCide wrote:*   

> have you tried adding the ipv6 modules to /etc/modprobe.d/blacklist ?

 

Thanks for the fast reply. Yes, I've tried that. The module was still loaded.

 * XenoTerraCide wrote:*   

> this is typically the preferred way to stop modules from loading.. 

 

Does it work reliable in the meantime? IIRC, I remember some times when udev ignored /etc/modprobe.d/blacklist. At least im my case blacklisting ipv6 didn't prevented ipv6 from being loaded.

 * XenoTerraCide wrote:*   

> also have you looked to see if there are options to set in sysctl settings...

 

Could you give some more details or a link on that?

----------

## XenoTerraCide

 *furanku wrote:*   

>  *XenoTerraCide wrote:*   have you tried adding the ipv6 modules to /etc/modprobe.d/blacklist ? 
> 
> Thanks for the fast reply. Yes, I've tried that. The module was still loaded.
> 
> 

 

I'm not having that problem atm...

 *furanku wrote:*   

>  * XenoTerraCide wrote:*   this is typically the preferred way to stop modules from loading..  
> 
> Does it work reliable in the meantime? IIRC, I remember some times when udev ignored /etc/modprobe.d/blacklist. At least im my case blacklisting ipv6 didn't prevented ipv6 from being loaded.
> 
> 

 

Strange ... try to find out what udev module is loading.

 *furanku wrote:*   

>  * XenoTerraCide wrote:*   also have you looked to see if there are options to set in sysctl settings... 
> 
> Could you give some more details or a link on that?

 

of the top of my head man sysctl and google sysctl... I don't know if you can use it to disable ipv6 atm... that's more of an educated guess that it might be possible.

EDIT: I assume you had the alias and the blacklist at the same time?

----------

## furanku

 *XenoTerraCide wrote:*   

> I'm not having that problem atm...
> 
> 

  Hmmm ... I'm using module-init-tools-3.4-r1 on an ~amd64 system. What version do you use?

 * XenoTerraCide wrote:*   

> Strange ... try to find out what udev module is loading.
> 
> 

  As said, that was some time (several months) ago and I solved it by cutting down my kernel config to the point I didn't need module blacklisting anymore. I always thought that blacklisting modules is more a issue for generic distributions like SUSE or Ubuntu to resolve issues with their "One size fits all" kernels.

 * XenoTerraCide wrote:*   

> of the top of my head man sysctl and google sysctl... I don't know if you can use it to disable ipv6 atm... that's more of an educated guess that it might be possible.
> 
> 

  I'll try that. Thanks for the hint!

 * XenoTerraCide wrote:*   

> EDIT: I assume you had the alias and the blacklist at the same time?

 

Yep. Well, I had the alias entry all the time until it failed and then added the blacklisting.

----------

## XenoTerraCide

 *furanku wrote:*   

> Hmmm ... I'm using module-init-tools-3.4-r1 on an ~amd64 system. What version do you use?
> 
> 

 

3.4 (maybe the r1 patch borks something? are you running ~x86?)

 *furanku wrote:*   

> 
> 
> As said, that was some time (several months) ago and I solved it by cutting down my kernel config to the point I didn't need module blacklisting anymore. I always thought that blacklisting modules is more a issue for generic distributions like SUSE or Ubuntu to resolve issues with their "One size fits all" kernels.
> 
> 

  why not just build a kernel without the ipv6 modules then?

----------

## furanku

That's what i actually did: Rebuilded the Kernel without ipv6 support. As I said in my first posting, from time to time I like to toy around with IPv6, but it's not that essential, that I'ld now start a real bug search.

Thanks again for your help!

----------

