Preferring IPv6 over IPv4 LAN-wide

For official Void Linux documentation: https://docs.voidlinux.org/
Post Reply
pid1
Site Admin
Posts: 113
https://dekodeco.com.pl/producent-mebli-na-wymiar-w-warszawie-nowoczesne-kuchnie/
Joined: Sun Nov 21, 2021 2:50 am
Location: USA

Preferring IPv6 over IPv4 LAN-wide

Post by pid1 »

I have been watching the progression of IPv6 adoption around the internet as a curiosity for some time and decided to do my part in prioritizing IPv6 traffic everywhere that I am able.
2ybwh2.jpg
I have 3 servers in my basement with many FreeBSD jails and virtual machines on them and more than 95% of traffic is now IPv6 between LAN devices. The only holdouts are a handful of IoT devices such as cameras and a "not-so-smart" thermostat that simply don't support IPv6 at all. Even services on a device using "localhost" use only ::1 instead of 127.0.0.1 (for no reason other than I have that much free time to configure and troubleshoot software services.

I travel for work so am away from home about half the month. I lug around my circa 2012 ASUS laptop running Void Linux and stay connected to my LAN with the WireGuard VPN. Despite most hotels not supporting IPv6, all encrypted traffic over the VPN uses an IPv6 ULA and falls back to the IPv4 RFC1918 addresses for only a very few devices.

The most time consuming part was setting up DNS on my LAN's BIND nameservers for both forward and reverse zones and keeping track of a stupid "dynamic" IPv6 /56 subnet from my ISP. It rarely changes, but when it does I have to reconfigure my DNS servers, my Layer3 routing switch, and some firewall rules in OPNSense. This generally only happens if the modem is offline for more than a couple of hours - so big maintenance or a long power outage.

As far as DNS while on the road, I recently switched from manually adjusting my laptop's /etc/host file to using dnsmasq and assigning specific domains to my LAN DNS servers over the WireGuard VPN - significantly easier and I can't believe I didn't do this much sooner.

If you have IPv6 support at home, consider switching from your local ISP resolver or the famous Quad9's 9.9.9.9, Cloudflare's 1.1.1.1, or Google's 8.8.8.8 public DNS servers to their IPv6 counterparts as a small step. Remember your /etc/resolv.conf file uses nameservers in-order of appearance and IPv6 nameservers are skipped if the IPv6 address is unroutable (like if you are on a WiFi network with no native IPv6 available).

An example /etc/resolv.conf may look something like:

Code: Select all

domain mylan.home.arpa
nameserver 2620:fe::fe
nameserver 2620:fe::9
nameserver 9.9.9.9
nameserver 149.112.112.112
options timeout:1 attempts:1
Fun fact: See why home.arpa is the recommended household LAN domain if not using a FQDN.

Most of us use DHCP of some sort on our client devices so you are probably not able to preserve /etc/resolv.conf changes after reconnecting to a network or reboot. I use NetworkManager on my laptop and the only way I have found to prioritize DHCP-assigned IPv6 nameservers over IPv4 is the following:

Code: Select all

nmcli conn mod "MiWiFi" ipv6.dns-priority 50
nmcli conn mod "MiWiFi" ipv4.dns-priority 100
Unfortunately I have found a way to make it apply to all WiFi networks, just each one I run these two commands for.

Additionally, you can make it even simpler by just using resolvconf to force your own /etc/resolv.conf settings over DHCP's offerings:

Code: Select all

resolv_conf=/etc/resolv.conf
name_servers="2620:fe::fe 2620:fe::9 9.9.9.9 149.112.112.112"
resolv_conf_options=timeout:1\ attempts:1
Linux/BSD since 2001. Void Linux+KDE/Plasma since 2015. Windows? Not even in a virtual machine :D
User avatar
ACR-Jeff
Posts: 6
Joined: Sun Mar 31, 2024 3:37 am

Re: Preferring IPv6 over IPv4 LAN-wide

Post by ACR-Jeff »

pid1 wrote: Tue Jun 18, 2024 1:57 pm I have been watching the progression of IPv6 adoption around the internet as a curiosity for some time and decided to do my part in prioritizing IPv6 traffic everywhere that I am able.
One of the main reasons I believe IPv6 is dying is due ads, Etc being pushed through IPv6, It has been looked at as a security risk, Thanks to Big Tech using it for malicious purposes, People figured this out and started to switch back to IPv4 disabling IPv6.
pid1
Site Admin
Posts: 113
Joined: Sun Nov 21, 2021 2:50 am
Location: USA

Re: Preferring IPv6 over IPv4 LAN-wide

Post by pid1 »

I disagree with that. Sure ads are being served over IPv6 and IPv4 alike, but in either case, ads on websites and apps are blocked through an adblocker like uBlock Origin or through a DNS recursive name server RPZ like what Pi-Hole does. The ad should have nothing to do with which IP version it uses.

To block ads, I use Firefox or Librewolf with uBlock Origin and OPNsense with the Zenarmor addon with known advertisement domains blocked. I very rarely see ads on apps or websites.
Linux/BSD since 2001. Void Linux+KDE/Plasma since 2015. Windows? Not even in a virtual machine :D
Post Reply