0

I'm running Docker on a Raspberry Pi 4 (8GB model) with Raspberry Pi OS, and I'm experiencing an issue where Docker intermittently attempts to use IPv6 addresses to connect to Docker Hub, despite having disabled IPv6 both system-wide and within Docker's configuration. Here's a detailed account of the steps I've taken so far to enforce IPv4 usage and disable IPv6:

System Configuration:

  1. IPv6 Disabled at Kernel Level:

    • Modified /boot/firmware/cmdline.txt to include ipv6.disable=1: 
      console=serial0,115200 console=tty1 root=PARTUUID=fabab7a4-02 rootfstype=ext4 fsck.repair=yes rootwait quiet splash plymouth.ignore-serial-consoles cfg80211.ieee80211_regdom=IN ipv6.disable=1
    • Verified with ip -6 addr show, which shows no IPv6 addresses.

  2. Docker Daemon Configuration:

    • Edited /etc/docker/daemon.json to disable IPv6 and set IPv4 DNS servers: 
      { "ipv6": false, "dns": ["8.8.8.8", "8.8.4.4"] }

  3. Docker Service Environment Overrides:

    • Created override file /etc/systemd/system/docker.service.d/override.conf with the following settings: 
      [Service] Environment="DOCKER_OPTS=--dns=8.8.8.8 --dns=8.8.4.4 --ipv6=false" Environment="GODEBUG=netdns=go+2"
    • Reloaded and restarted Docker using: 
      sudo systemctl daemon-reload sudo systemctl restart docker

  4. NetworkManager Configuration:

    • Configured /etc/NetworkManager/NetworkManager.conf with: 
      [main] dns=none [connection] ipv6.method=ignore
    • Restarted NetworkManager: 
      sudo systemctl restart NetworkManager

  5. iptables Rules to Block IPv6:

    • Set up rules to drop all IPv6 traffic: 
      sudo ip6tables -P INPUT DROP sudo ip6tables -P FORWARD DROP sudo ip6tables -P OUTPUT DROP
    • Saved rules using iptables-persistent.

The Issue:

Despite all these configurations, Docker still sometimes attempts to resolve registry URLs using IPv6, resulting in errors like:

docker: Error response from daemon: Head "https://registry-1.docker.io/v2/library/hello-world/manifests/latest": Get "https://auth.docker.io/token?scope=repository%3Alibrary%2Fhello-world%3Apull&service=registry.docker.io": dial tcp [2600:1f18:2148:bc01:20a3:9c3e:d4a7:9fb]:443: socket: address family not supported by protocol.

Additional Observations:

  • The first attempt to pull an image after a restart often succeeds, but subsequent attempts fail.
  • I have verified that IPv6 is not assigned to any network interfaces (ifconfig eth0 shows only IPv4 addresses).
  • Entries in /etc/hosts map Docker registry domains to known IPv4 addresses.

My Question:

What else could be causing Docker to intermittently use IPv6 despite these configurations? Are there any Docker-specific or system-level settings that I might have overlooked that could force IPv4 consistently? Any insights or suggestions would be greatly appreciated!

Improve this question
2
  • Was this an issue before you tried 'disabling' IPv6? There are plenty of IPv4-only systems out there running docker and I've never heard them need to take specific steps to work in that environment. (More importantly, though, you seem to have misunderstood what half of your configurations actually do... changing DNS servers doesn't disable IPv6 by any means.) Commented Sep 16, 2024 at 4:29
  • The steps mentioned above are not all at once. I made incremental changes to the config but here I shared what all I tried. That said, I even started fresh again with the pi and the issue persisted. I got to know that it is an existing issue so I abandoned the Pi OS and moved to Ubuntu server and now all works perfectly fine. Commented Sep 19, 2024 at 14:29

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.