DNS Configuration for IPv6: Step-by-Step Tutorial
The internet is gradually transitioning to IPv6, and an increasing number of websites, applications, and devices are adopting it. But having an IPv6 address alone isn’t enough. To make everything work properly, you need to configure DNS correctly—both on the server side and on your own computer.
Without DNS, no connection will work: the browser simply won’t know where to send the request. This is especially critical for IPv6. If you forget to set the necessary DNS records, your site will become invisible to many users, and even content that used to open just fine may stop working on client devices.
How to Check if Your ISP Supports IPv6
This guide is relevant only if your internet provider supports IPv6.
Linux-based OS
Run the following command:
ip -6 addr show
If you see interface addresses starting with 2xxx: or 3xxx:, then your provider supports IPv6.
macOS
Use the command:
ifconfig
If your ISP assigns an IPv6 address, it will look something like this:
Windows
Open Command Prompt by pressing Win + R, then type cmd.
Enter the following command:
ipconfig
You should see output like this:
What Is DNS for IPv6, and Why Is It Important?
DNS is like the internet’s address book. When a user types a website address, the browser doesn’t know where to go—it needs an IP address. DNS translates human-readable addresses into a numeric IP address that devices and networks can use.
You need to configure DNS for IPv6 in two places:
1. On the Server (where your website or service is hosted)
This enables browsers to find your site via IPv6. If your domain’s DNS zone doesn’t contain an AAAA record with the server’s IPv6 address, browsers won’t even know that they can use the new protocol to access your site. As a result, the site may load slowly or not at all for users with IPv6-only access.
2. On the Client Side (your computer or router)
Your computer also needs to know which DNS server to use in order to resolve site addresses into IPv6 format. If your computer or router doesn’t have access to a DNS server that supports IPv6, it won’t open the site, even if your ISP supports IPv6.
You need to set up DNS for IPv6 so that the internet continues working quickly, reliably, and without interruptions under the new protocol. Without proper configuration, IPv6 might be available—but not functional.
The Best Public IPv6 DNS Servers
To ensure stable and fast performance, your device must know which DNS server to query. Usually, the router handles this: it receives the settings from your ISP and distributes them to the network. But if your ISP doesn’t support IPv6 or their DNS is unstable, you can manually specify public DNS servers that support IPv6.
These are free, reliable addresses accessible from anywhere in the world:
Name
Primary IPv6 DNS Address
Secondary IPv6 DNS Address
Google DNS
2001:4860:4860::8888
2001:4860:4860::8844
Cloudflare
2606:4700:4700::1111
2606:4700:4700::1001
Quad9
2620:fe::fe
2620:fe::9
OpenDNS
2620:119:35::35
2620:119:53::53
All of these services:
support IPv6 without additional setup,
respond quickly to queries worldwide,
protect against fake and malicious sites (especially Quad9 and OpenDNS).
When Should You Set DNS Manually?
Follow the instructions below if any of the following apply:
Your device does not automatically receive DNS server settings.
Your ISP does not support IPv6 at the DNS level.
Websites load slowly or return “address not found” errors.
The next sections explain how to manually configure DNS servers. It only takes a few minutes and results in a stable, error-free internet connection.
Configuring DNS IPv6 on Windows
If you have internet access but websites won’t load, Windows might not know which DNS server to use for IPv6. You can fix this easily by setting the correct addresses manually.
This method works for both Windows 10 and 11—the interface is nearly identical.
Open Network Connections: Press Win + R, type ncpa.cpl, and hit Enter.
A window with all connections (Ethernet, Wi-Fi, etc.) will open.
Find your active connection. It’s usually called “Local Area Connection” or “Wireless Network”. Right-click on it → select Properties.
Choose Internet Protocol Version 6 (TCP/IPv6). In the list of components, find this line and click the Properties button.
Enter the DNS servers manually:
Check Use the following DNS server addresses.
Type in:
Preferred: 2001:4860:4860::8888
Alternate: 2001:4860:4860::8844
Save your settings. Click OK → OK, then close the window.
Windows will now use the specified DNS servers for IPv6 connections.
Configuring IPv6 DNS in Linux
DNS configuration in Linux depends on the edition you're using (desktop or server) and the network management tool used (NetworkManager, systemd-networkd, or manual configuration).
To ensure everything works correctly with IPv6, you need to determine who is responsible for the network and DNS in your system and then choose the appropriate configuration method.
How to Find Out What Your Distribution Uses
Open a terminal and run:
nmcli device
If the command returns a list of interfaces and their statuses, you’re using NetworkManager.
If nmcli is not installed, try:
networkctl
If you see interfaces with the status routable, configured, you're using systemd-networkd.
Ubuntu Desktop, Fedora, Manjaro — Using NetworkManager
If you use a graphical environment (GNOME, KDE, Xfce) and see a network icon in the panel — most likely you're using NetworkManager.
Via GUI:
Go to Settings → Network → Select active connection → IPv6
In the DNS section:
Switch the mode to “Manual” or “Advanced”
Enter DNS addresses, e.g.: 2001:4860:4860::8888 and 2001:4860:4860::8844
Save and restart the connection
Via terminal:
nmcli connection modify eth0 ipv6.dns "2001:4860:4860::8888 2001:4860:4860::8844"
nmcli connection modify eth0 ipv6.ignore-auto-dns yes
nmcli connection up eth0
Replace eth0 with your actual interface name (check it by running nmcli device).
Ubuntu Server (18.04+, 20.04+, 22.04+) — Using Netplan
On Ubuntu server editions, netplan is used to generate configuration for systemd-networkd.
Open the configuration file, for example:
sudo nano /etc/netplan/01-netcfg.yaml
Add IPv6 addresses in the nameservers section. Be sure to strictly follow YAML formatting — use spaces only, no tabs. Usually, indentations are multiples of 4 spaces.
In the addresses field, insert the IPv6 address with /64.
In the gateway6 field, insert the gateway — drop the last group of your IPv6 address and replace it with 1 to get the gateway address.
network:
version: 2
ethernets:
eth0:
dhcp4: true
dhcp4-overrides:
use-dns: false
dhcp6: false
addresses:
- 2001:0db8:a::0370/64
gateway6: 2001:0db8:a::1
match:
macaddress: <insert your machine’s MAC address>
nameservers:
addresses:
- 2001:4860:4860::8888
- 2001:4860:4860::8844
Apply the changes:
sudo netplan apply
After applying the changes, verify that the correct DNS servers are in use.
If the DNS Servers field displays incorrect servers, they are likely being automatically delivered via DHCP. Disable this as follows:
Ensure correct permissions on the YAML file:
sudo chmod 600 /etc/netplan/01-netcfg.yaml
Delete the old resolv.conf and create a symlink:
sudo rm -f /etc/resolv.conf
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
If you get the error “Unable to resolve host”, add the hostname to /etc/hosts:
HOSTNAME=$(hostname)
sudo sed -i "/127.0.1.1/d" /etc/hosts
echo "127.0.1.1 $HOSTNAME" | sudo tee -a /etc/hosts
Enable systemd-resolved (if it’s not already):
sudo systemctl enable systemd-resolved --now
Apply configuration and restart services:
sudo netplan apply
sudo systemctl restart systemd-networkd
sudo systemctl restart systemd-resolved
Recheck the result:
resolvectl status
resolvectl dns
At this point, DHCP-based DNS should be fully disabled.
Modern Systems with systemd-resolved
If your system uses systemd-resolved directly (e.g., Arch Linux, or Ubuntu with systemd), you can define DNS via the config file.
Open the configuration file:
sudo nano /etc/systemd/resolved.conf
Add the following lines:
[Resolve]
DNS=2001:4860:4860::8888 2001:4860:4860::8844
FallbackDNS=2606:4700:4700::1111
Restart the service:
sudo systemctl restart systemd-resolved
Manual Configuration via resolv.conf — If Nothing Else Works
Sometimes, it's easiest to make changes directly in /etc/resolv.conf, especially in minimal systems or containers.
Open the file:
sudo nano /etc/resolv.conf
Add the lines:
nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844
Keep in mind that the system often overwrites this file. To preserve settings:
sudo chattr +i /etc/resolv.conf
Configuring IPv6 DNS on a Router
If you've already configured IPv6 DNS on your server and PC, but the site still won't open via the new protocol, check your router settings. The router distributes the internet and tells devices where to send DNS queries.
If no IPv6-enabled DNS servers are set on the router, your home devices may still use the old protocol — even if the ISP has switched to IPv6.
Where to Find IPv6 DNS Settings
It depends on the model, but the typical path is: Router settings → Internet / WAN → IPv6 → DNS.
If there is a separate DNS tab, go to it. Some models hide these parameters in Advanced sections.
Example: TP-Link Router
Go to the router’s interface: 192.168.0.1 or tplinkwifi.net
Enter your login and password
Go to Advanced → IPv6
Enable IPv6 — it’s usually off by default
In WAN connection settings, check Configure the DNS server manually
Enter your selected IPv6 DNS addresses, e.g.:
2001:4860:4860::8888
2001:4860:4860::8844
Save changes and reboot the router
Example: Keenetic Router
Go to my.keenetic.net
From the menu, select Internet → Connection
Go to the DNS Servers tab
Check Manual
Enter IPv6 addresses (e.g., Google DNS)
Apply changes and reboot the router
What to Do If DNS Doesn’t Accept IPv6
Check whether your router supports IPv6 (not all older models do).
Make sure your ISP has assigned a global IPv6 address (and not just fe80::).
Try updating your router’s firmware — this often resolves the issue.
How to Test DNS over IPv6
Testing DNS over IPv6 is easy — both in a browser and via the terminal. It takes just a few minutes and quickly helps identify where the problem is: in the DNS, the network, or IPv6 itself.
In the Browser
The simplest method is to open a testing site: test-ipv6.com
The page will show:
Whether there is an IPv6 connection.
Which protocol is used by default (IPv4 or IPv6).
Whether DNS over IPv6 is working.
Whether popular websites have AAAA records.
If everything is green, it’s working fine. If there’s an error, the site will tell you what the issue is.
In the Terminal (Linux, macOS)
Check the AAAA DNS record:
dig AAAA google.com
If the response includes an IPv6 address (e.g., 2a00:1450:4009::200e), then DNS over IPv6 is working.
Check which DNS servers are being used:
resolvectl status
This shows active interfaces and DNS servers (including IPv6 ones).
Check whether traffic goes through IPv6:
ping6 google.com
Or:
curl -6 https://ifconfig.co
If the command executes and shows an IPv6 address, then IPv6 connectivity is active.
Solving Common Issues
Below is a cheat sheet for resolving problems frequently encountered when configuring IPv6 DNS:
Symptom
Problem
Solution
Websites open, but slowly. ping6 works, but ping is faster.
The browser tries IPv6 first, then falls back to IPv4. The DNS server responds too slowly. Often, the ISP's default DNS is the culprit.
Switch to a fast public DNS server. See "Configuring IPv6 DNS in Windows" or "Configuring IPv6 DNS in Linux".
ping6 google.com → “Name or service not known”
The DNS client is not receiving IPv6 responses: either the server addresses are incorrect or IPv6 is disabled on the interface.
Check if IPv6 is active using ip -6 addr.
Make sure resolvectl status shows an IPv6 DNS server. If not, set one manually (see Windows or Linux setup guides).
Internet stops working after netplan apply.
There’s a syntax error in the YAML file or the gateway is missing.
Check the file using netplan try. If there’s an error, roll back and reapply the changes carefully.
Watch for typos and fix indentation — use two spaces per level.
No active connections in Ubuntu GUI.
Netplan uses systemd-networkd, while the GUI expects NetworkManager.
Either edit Netplan for a server setup, or install NetworkManager and change renderer: NetworkManager in the config file.
nslookup -type=AAAA site.com in Windows shows “Non-existent domain”.
The router does not have IPv6 DNS set, or its firmware does not support the protocol.
Log in to the router's admin panel → “IPv6” → “DNS” → enter Cloudflare or Google DNS. Update firmware if the “IPv6” section is completely missing.
Docker container ignores IPv6 DNS.
Docker daemon uses its own resolv.conf copied at startup.
Add the DNS address to /etc/docker/daemon.json, or pass it when launching the container:
docker run --dns 2606:4700:4700::1111 alpine
systemd-resolved continuously caches a SERVFAIL error.
An upstream DNS server failed; the failed response is cached.
Clear the cache and change DNS:
sudo resolvectl flush-caches
sudo systemd-resolve --set-dns=2001:4860:4860::8888 --interface=eth0
A site with HSTS loads via HTTPS only over IPv4.
The certificate has only an A record; there's no AAAA record — the browser doesn’t trust it.
Issue a certificate that validates both IP versions. For Let’s Encrypt:
sudo certbot --preferred-challenges http -d site.com -d '*.site.com'
ping6 to a local host is OK, but gives “Network unreachable” to the internet.
The ISP assigned a prefix but no gateway (gateway6 is not set).
Manually add a gateway:
gateway6: 2a03:6f01:1:2::1
Apply the changes:
sudo netplan apply
IPv6 address is present, but DNS queries go to 192.168.0.1.
The router distributes IPv4 DNS via DHCPv6 Option 23; the system gives them higher priority.
Manually set IPv6 DNS with the highest priority:
sudo resolvectl dns-priority eth0 0
dig @2606:4700:4700::1111 google.com works, but dig google.com doesn't.
systemd-resolved listens on 127.0.0.53, but a local firewall blocks outbound DNS packets.
Allow outbound traffic on port 53 (UDP and TCP) or disable UFW:
sudo ufw allow out 53
Compare your symptom with the first column and check the brief diagnosis in the second column.
Execute the command(s) in the third column and verify the result.
If the issue isn’t resolved, return to the DNS setup steps.
Conclusion
The transition to IPv6 is slow, but inevitable. More and more ISPs are issuing only IPv6 addresses, more hosting providers are operating with Dual Stack, and more services are checking for IPv6 support by default. And if DNS is misconfigured, connections fail, websites won’t load, and users will leave for services that work.
The good news? It all takes 5–10 minutes:
Add an AAAA record in your hosting panel;
Set reliable public DNS servers on your server, router, and client devices;
Check the result — and forget about the issue.
IPv6 is not about the future — it’s about ensuring your website, service, or home network works reliably right now. And a properly configured DNS is your ticket into this new Internet.
17 June 2025 · 13 min to read