Spyke
selfhosted·SelfhostedbyZagorath

How do I stop Docker trying to pull from IPv6?

I'm currently trying to install Docker on my old Raspberry Pi (3 Model B+) to host some personal projects. When I run docker run hello-world, I get:

Unable to find image 'hello-world:latest' locally
docker: Error response from daemon: Get "https://registry-1.docker.io/v2/library/hello-world/manifests/sha256:ec153840d1e635ac434fab5e377081f17e0e15afab27beb3f726c3265039cfff": dial tcp [2600:1f18:2148:bc00:eff:d3ae:b836:fa07]:443: connect: network is unreachable

My Internet connection does not support IPv6 at all, which would explain why this error occurs. But how do I force docker-pull to only use IPv4?

View original on aussie.zone
47
Comments35
frebib
social.nerdhouse.io

It will only try IPv6 if your computer has an address. Now the question is: if your network doesn't support it, then why do you have an address?

17
Aulireply
lemmy.ca

Well where is the router getting the prefix from if their ISP doesn't support it.

2
tychosmoose
piefed.social

Docker is a distraction in your problem description.

It's like if you asked why the top gear in your car isn't working and gave the model of car and engine type and gearbox. But it's really that you're stuck in slow traffic. Focus on the road name and destination to find a faster route.

For your problem, search for how to disable ipv6 for the Linux distribution and version that you have installed. You will find lots of guidance. Or share those details here for someone to help.

Or, better might be to see if there is a way to get ipv6 tunneling working on your connection. It may be possible even if the ISP is unhelpful.

9
Zagorathreply
aussie.zone

It’s like if you asked why the top gear in your car isn’t working and gave the model of car and engine type and gearbox

Except if I try and access the same domain using curl, it works fine. For some reason, Docker specifically is what's failing.

1
tychosmoosereply
piefed.social

Different programs have different defaults.

But in your situation which would be more helpful - prevent this one docker command from using ipv6 (likely more difficult), or preventing all commands from using your broken ipv6 config (likely easier)?

I have no idea about the first. Maybe some people know this detail. But I'm sure that with a distro and version that you're running, there are lots of people who could help with the second. Raspberry Pi 3B+ is the hardware. What software are you using?

3
Zagorathreply
aussie.zone

Whatever the latest version of Raspbian was a month or two ago when I installed it. uname -a outputs [...]6.12.25+rpt-rpi-v8[...]. /etc/os-release contains "Debian GNU/Linux 12 (bookworm)".

2
tychosmoosereply
piefed.social

Ok, so it's probably using NetworkManager. I would try disabling it in /etc/NetworkManager/NetworkManager.conf by adding a block like:

[ipv6]
addr-gen-mode=stable-privacy
method=disabled

Then sudo systemctl restart NetworkManager. Can't say for sure if this will work. I dislike using NetworkManager on my servers so I can't test if this works. But hopefully the before/after of ip addr is different.

Although it looks like your ip addr output posted an hour or so ago doesn't show any ipv6 addressing. Maybe the problem is solved now.

3
Zagorathreply
aussie.zone

Unfortunately not.

 docker run hello-world
Unable to find image 'hello-world:latest' locally
docker: Error response from daemon: Get "https://registry-1.docker.io/v2/library/hello-world/manifests/sha256:ec153840d1e635ac434fab5e377081f17e0e15afab27beb3f726c3265039cfff": dial tcp [2600:1f18:2148:bc00:eff:d3ae:b836:fa07]:443: connect: network is unreachable

Run 'docker run --help' for more information
2
tychosmoosereply
piefed.social

Well crap. Do you have no ipv6 address now in ip addr?

Guess I gave Docker too much benefit of the doubt and assumed it should failover to v4 once v6 was disabled. Bad assumption on my part.

Could it be a DNS problem? If you dig registry-1.docker.io +short does it return an ipv4 or v6 address?

It looks like there have been sporadic reports of problems from people since last year.

2
MysteriousSophon21reply
lemmy.world

Try adding {"ipv6": false} to your /etc/docker/daemon.json file (create it if it doesnt exist), then restart docker with sudo systemctl restart docker - this forces docker to use IPv4 only.

1
Zagorathreply
aussie.zone

Do you have no ipv6 address now in ip addr

Just comparing it by eye, there's no change.

zag@raspberrypi:~ $ man dig
No manual entry for dig
zag@raspberrypi:~ $ which dig
zag@raspberrypi:~ $ sudo apt install dig
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package dig

But if I ping it

$ ping registry-1.docker.io
PING registry-1.docker.io (107.20.112.188) 56(84) bytes of data.
1
iglou
programming.dev

Looks like your Pi thinks it can use IPv6. Find where, and disable it.

7
Zagorathreply
aussie.zone

Sorry, maybe I should have explained every single step I tried in the body of the original post. I didn't, partly because there were just too many and partly because I forgot which methods I had tried and which pages I had visited. But that page is one I've seen already.

It mentions to "blacklist" the module in a file that doesn't exist. In fact, in a file that's in a directory that doesn't exist, which makes me very sceptical about the later claim that creating that file will fix it. /etc/modules-load.d exists, but not /etc/modules.d. I did already try the final suggestion to add that line to the end of /boot/firmware/cmdline.txt though. No luck.

I think the fact that it's 6 years old is probably a big part of the reason it didn't help. Files and directories have moved around. The suggestions in that post are literally just "do this" without any underlying explanation of what it's doing that could lend to further investigation of the more modern way to do it.

1
igloureply
programming.dev

What version of Pi OS are you running?

(we can move to DMs if you wish, it will be less polluting, or stay in the comment thread if you don't feel safe in DMs)

2
Zagorathreply
aussie.zone

I'm happy to keep it public if only for the off chance that if we find a solution it might some day help someone else with the same issue. The thread'll fall down in the rankings naturally over time anyway so I wouldn't worry about polluting anything for people not actively seeking it out.

I'm not 100% sure how to find the OS version, but uname -a outputs [...]6.12.25+rpt-rpi-v8[...]. /etc/os-release contains "Debian GNU/Linux 12 (bookworm)". It should be whatever was latest as of a month or two ago when I installed the OS fresh.

1
igloureply
programming.dev

I have read the rest of the comments to see what you already tried. I was about yo tell you to use sysctl to disable ipv6 but it looks like that is already done.

As a matter of fact, it looks like you have no ipv6 address at all. Which makes me think that your DNS config might be off, as it shouldn't even attempt an ipv6 resolution.

Can you show me the content of /etc/resolv.conf ?

Also install "dig" if you dont have it already and show the output of

dig registry-1.docker.io
2
Zagorathreply
aussie.zone
$ dig registry-1.docker.io

; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> registry-1.docker.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50801
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;registry-1.docker.io.          IN      A

;; ANSWER SECTION:
registry-1.docker.io.   33      IN      A       54.210.249.78
registry-1.docker.io.   33      IN      A       44.218.153.24
registry-1.docker.io.   33      IN      A       107.20.112.188
registry-1.docker.io.   33      IN      A       34.234.222.10
registry-1.docker.io.   33      IN      A       34.195.83.243
registry-1.docker.io.   33      IN      A       52.21.128.203
registry-1.docker.io.   33      IN      A       52.0.248.137
registry-1.docker.io.   33      IN      A       52.207.69.161

;; Query time: 47 msec
;; SERVER: 192.168.20.1#53(192.168.20.1) (UDP)
;; WHEN: Tue Aug 12 22:27:45 AEST 2025
;; MSG SIZE  rcvd: 177
$ cat /etc/resolv.conf
# Generated by NetworkManager
search Home
nameserver 192.168.20.1

edit: oh, and in my router's configuration:

  • Primary DNS Server:9.9.9.9
  • Secondary DNS Server:1.1.1.1
1
chonkyninja
lemmy.world

It’s transparently pulling from both at the same time and the first one to connect wins. It should just work. Unless you got a typo.

5
cereals
discuss.tchncs.de

Check your DHCP Server and disable DHCPv6. The raspi shouldn't get a ipv6 then and you won't have this problem in the future with other devices.

edit: and restart the pi after disabling DHCPv6

3
Taasz/Woof
lemmy.blahaj.zone

Even if it has an IPv6 address that can't route, it's odd that the OS isn't falling back to IPv4.

But disabling IPv6 in the OS should fix it, as this is not a docker problem.

2
Zagorathreply
aussie.zone

But disabling IPv6 in the OS should fix it

I've already followed the instructions I could find to do that, but it didn't work. Either disabling IPv6 isn't the solution, or the instructions for how to disable it are incomplete. (You can see comments elsewhere in the thread for more detail.)

2
mlfhreply
lemmy.sdf.org

Can you give us the full output of the following commands?

ip addr

sysctl net.ipv6.conf.all.disable_ipv6

3
Zagorathreply
aussie.zone
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether b8:27:eb:93:9b:06 brd ff:ff:ff:ff:ff:ff
    inet 192.168.20.40/24 brd 192.168.20.255 scope global dynamic noprefixroute eth0
       valid_lft 81876sec preferred_lft 81876sec
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether b8:27:eb:c6:ce:53 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether ce:3e:0d:9b:fa:14 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever

net.ipv6.conf.all.disable_ipv6 = 1
2

You reached the end