Problem and aim
We don't get IPv6 from our ISP thus I have an IPv6 tunnel which works fine but is, of course, not very fast. And not really reliable. I like to have IPv6 available "just in case" but I want certain hosts (domains) to be connected with IPv4 only.
Default protocol
It seems to me that all applications try IPv6 first; this is probably a glibc setting. I would be fine if this default would be reversed (for all applications).
Netfilter
It would be possible to block IPv6 addresses / networks with Netfilter but there are two problems:
- Would this cause a delay as the app waits for a IPv6 timeout before it tries IPv4?
- Some domains seem to be mixed that it looks like chaos. Separating google.com and youtube.com seems like something you don't want to do if you can avoid it.
I just note that the man page for ip route
says for the routing type unreachable
:
The local senders get an EHOSTUNREACH error.
Does the same happen with Netfilter DROPs or REJECTs? Such an error should not cause a relevant delay.
DNS filtering
Another solution (rather easy one if that is possible) would be to filter AAAA records for certain domains. If that is not (easily) possible: Is it possible to connect the DNS server and Netfilter so that I know "IP address X belongs to domain Y" so that I can add it to Netfilter? Anything more elegant than logging everything and grepping the log?
The way to go?
Which (other) possibilities are there and what is the easiest?
You can control address selection with
/etc/gai.conf
. The configuration file is well documented, and already contains the defaults, so you can just begin tweaking.The interesting defaults here are:
The last line gives the lowest preference to all IPv4 addresses.
If you want to give a higher preference to all IPv4, you could change it to:
If you only wanted to give higher preference to specific IPv4 addresses or blocks, you can specify them as well. Remember that you have to use an IPv4-mapped IPv6 in hex.
So, to give preference to 203.0.113.0/24 over all IPv6, you would add:
Restart running applications to have them pick up changes you make.
On Debian derived systems,
/etc/gai.conf
is already present. On Red Hat derived systems, it is absent, but a sample file is located at/usr/share/doc/glibc-common-*/gai.conf
; just copy it to/etc
.OK, here's a completely different answer.
Place the offending hosts with crappy IPv6 connectivity in
/etc/hosts
with their corresponding IPv4 address.For example:
Remember to remove them when their (in this case) or your IPv6 connectivity improves.