iptables: Overview and Practical Use

IPv6 has long since stopped being “the future of the Internet”—it is a fully functional standard that is being implemented by ISPs, hosting providers, mobile operators, and service developers. However, it will not work automatically: even if your provider assigns a prefix, without configuring the IPv6 network and DNS servers, connections may fail, websites may not load, and devices may remain inaccessible. This guide will help you configure IPv6 on a computer, server, or router from scratch, up to verifying functionality. We will cover how to set up IPv6 in Windows and Linux, what needs to be enabled in your router’s control panel, how to check whether IPv6 is actually working, and what issues you may encounter along the way. Everything is explained step by step, without unnecessary theory, with commands and examples. Preliminary Preparations To enable and configure IPv6 on your system, you first need to access your network adapter's properties through your operating system’s settings or control panel. Typically, this can be done by right-clicking on your network connection (Ethernet or Wi-Fi) and selecting Properties. In the Properties window of the network adapter, scroll through the list of items, locate Internet Protocol Version 6 (TCP/IPv6), check the box next to it to enable it, and click OK to save your changes. For more advanced configuration, you can use the Properties button within the IPv6 settings to manually configure a static IPv6 address, subnet prefix, and DNS server. Alternatively, you can use command-line tools like PowerShell for dynamic configuration through cmdlets such as New-NetIPAddress. Checking IPv6 Support  Before configuring IPv6, you need to make sure it is available. Even in 2025, many networks—especially home and office networks—still run on IPv4 only, simply because no one has enabled support for the new protocol. We can say that a device has IPv6 configured if: The device has a global IPv6 address (starting with 2xxx: or 3xxx:) It has an IPv6 gateway and configured DNS servers It can access websites that are available only via IPv6 (for example, http://[2606:4700:4700::1111]) It successfully passes a test on test-ipv6.com Now, let’s see how to check if a machine has an IPv6 address. Linux Open the terminal and run: ip -6 addr If the output shows addresses like inet6 2xxx:... scope global, everything is fine. If it shows only fe80:... scope link, then you only have a local address and cannot reach the Internet. Example output of ip -6 addr in Linux when an IPv6 address is assigned and recognized Even if the machine has an IPv6 address, websites will not load without IPv6 DNS servers—the browser will not be able to resolve domain names into IPs. Therefore, immediately after checking the address, it makes sense to check which DNS servers are configured and whether they work over the new protocol. Check DNS with: resolvectl status Example output of resolvectl status in Linux when DNS servers are configured When both the IPv6 address and DNS servers appear correct, it does not yet mean that the connection is working. To ensure that the machine can actually send and receive traffic over IPv6, use ping6: ping6 google.com If the connection succeeds, then DNS works, the address is assigned, and the route to the Internet exists. If the response is “Name or service not known”, then DNS likely does not work. If “Network is unreachable”, then there is no route to the network, possibly because the gateway is not set. Note: having a global IPv6 address and DNS servers does not guarantee that the connection will work. Sometimes the provider assigns an address but does not provide a gateway—the system may think everything is connected, but Internet access will not be possible. Therefore, ping6 is a mandatory step. It helps determine whether traffic is actually flowing over IPv6. Example output of ping6 google.com in Linux when packets reach the recipient Windows Open the command prompt (cmd). Press Win + R, type cmd, and hit Enter. Then run: ipconfig Find the active network interface, e.g., Ethernet or Wi-Fi. Look for lines like: IPv6 Address. . . . . . . . . . . : 2600:1901:0:1234::100 Default Gateway . . . . . . . . . : 2600:1901:0:1234::1 If the IPv6 address starts with 2xxx: or 3xxx:, this is a global address, meaning IPv6 is already working. If you see only fe80:..., this is local IPv6, it works only within the network. It cannot reach the Internet. If there is no address at all, IPv6 is disabled or not configured. Example output of ipconfig in Windows when an IPv6 address is assigned and recognized Next, check whether DNS works over IPv6. In the same command prompt, enter: nslookup -type=AAAA google.com The response should include lines like: Name:    google.com Addresses:  2a00:1450:4010:c05::65             2a00:1450:4010:c05::71             2a00:1450:4010:c05::66             2a00:1450:4010:c05::64 If there is an address like 2a00:..., DNS is returning AAAA records and IPv6 support is working. If you see “Non-existent domain” or “can't find”, DNS does not return IPv6 addresses, and manual DNS configuration may be required. Example output of nslookup -type=AAAA google.com in Linux when DNS servers are configured Now check the IPv6 connection: ping -6 google.com If the response is Reply from 2a00:1450:400e:80f::200e: time=xxms, everything works: IPv6 is connected, DNS responds, routing is configured. If “Destination unreachable” or “General failure” appears: The address or gateway is configured incorrectly; The firewall is blocking ICMPv6; The provider assigned an address but did not provide a route. Example output of ping -6 google.com in Windows when packets reach the recipient What the Check Results Mean If you have a global IPv6 address (starting with 2xxx: or 3xxx:), DNS returns AAAA records, and ping -6 or ping6 succeeds to google.com, IPv6 is already working, and no further configuration is needed. If ipconfig or ip -6 addr shows only addresses like fe80:, DNS does not respond to AAAA queries, ping -6 returns “Destination unreachable” or “General failure”, or there are no IPv6 addresses in the system at all. It means that IPv6 is either not configured or completely disabled. In that case, proceed to the next section. We will cover how to enable and correctly configure IPv6 on a computer, server, or router. Preparation for Configuring IPv6 IPv6 can operate in fully automatic mode or require manual input of address, gateway, and DNS. It depends on the specific network, router, or server. If your provider or hosting has already configured everything for you—great. But if you see only local addresses (fe80:) and ping -6 fails, manual IPv6 configuration will likely be required. The first thing you need is a global IPv6 address. It is provided by your ISP or listed in the VPS control panel. Such an address may look like, for example, 2600:1901:0:1234::100. Along with it, the prefix length—subnet mask—is usually specified. In practice, /64 is most commonly used, giving a huge number of possible addresses within the subnet. Sometimes /128 is issued—a single address without the ability to address other devices. This is common on virtual servers. The next element is the gateway. It is needed for traffic from your network to reach the Internet. Most often, it matches the first address in the subnet. For example, if your address is 2600:1901:0:1234::100, the gateway may be 2600:1901:0:1234::1. In Linux, it is specified in the gateway6 field, and in Windows, in the network adapter properties. IPv6 will not work without DNS. Even if the address and route are correct, the system will not be able to resolve domain names. During setup, you can use reliable public DNS servers that support IPv6. For example: Google: 2001:4860:4860::8888 Cloudflare: 2606:4700:4700::1111 Quad9: 2620:fe::fe You can specify them manually. Once you have the IPv6 address, gateway, and DNS, you can proceed to configuration. The following sections will explain in detail how to set up IPv6 on Windows, Linux, and a router. Configuring IPv6 on a Computer or Server To manually configure IPv6, you will need the IPv6 address itself. You can obtain it from your Internet provider or the company where you purchased your cloud server, if they support IPv6. At the moment, Hostman doesn’t provide IPv6 addresses for our cloud servers. Linux The method depends on your system: it could be NetworkManager (on desktops), Netplan (on Ubuntu Server), or systemd-networkd. Obtaining IPv6 Automatically via dhclient Before configuring IPv6 manually, try obtaining it automatically. Use the dhclient utility, which requests an address from the DHCPv6 server and applies it to the interface. Install dhclient if it is not already installed: sudo apt update sudo apt install isc-dhcp-client Request an IPv6 address: sudo dhclient -6 The command does not output results to the terminal, but if the request is successful, the interface will receive a global IPv6 address. You can check with: ip -6 addr ip -6 route ping -6 google.com If you only see a local address like fe80:, then automatic acquisition failed, and you will need to proceed with manual configuration. Manual Configuration via Netplan (Ubuntu) On server distributions of Ubuntu, Netplan is used for network configuration. To set IPv6 manually, open the configuration file, usually: sudo nano /etc/netplan/50-cloud-init.yaml Fill in the fields in the block with the values obtained in the section “Preparation for Configuring IPv6”: network:   version: 2   ethernets:     eth0:       dhcp4: true       dhcp6: false       addresses:         - <IPv6-address>/<subnet-prefix-length>       gateway6: <IPv6-gateway>       nameservers:         addresses:           - 2001:4860:4860::8888           - 2606:4700:4700::1111 Then apply the settings: sudo netplan apply Check the results: ip -6 addr ip -6 route ping6 google.com If everything is entered correctly, the address will appear, and traffic will flow over IPv6. Windows To configure the address in Windows: Press Win + R, type ncpa.cpl, and press Enter. The Network Connections window will open. Right-click the active connection (e.g., Ethernet) → Properties. Select Internet Protocol Version 6 (TCP/IPv6) and click Properties. Check Use the following IPv6 address and fill in the fields: IPv6 Address: enter your address (e.g., 2600:1901:0:1234::100) Subnet prefix length: Windows usually fills this automatically based on the IPv6 address Gateway: enter the value obtained in “Preparing to Configure IPv6” Below, check Use the following DNS server addresses and enter: 2001:4860:4860::8888 2606:4700:4700::1111 These are DNS servers provided by Google and Cloudflare. Click OK → OK to save the settings. Restart the computer or server for the changes to take effect. Configuring IPv6 on a Router If you connect to the Internet via a home router, its settings determine whether your devices will receive IPv6 addresses and be able to access the network using the new protocol. Fortunately, modern routers increasingly support IPv6 out of the box. However, it is not always enabled by default—you may need to configure it manually. Even if your provider supports IPv6, devices in the network cannot use it until the router starts receiving a global IPv6 address from the provider, distributing addresses to devices (via SLAAC or DHCPv6), and providing DNS and routes. Router interfaces vary, so the exact location of settings may differ. To find the necessary section, open the router’s web interface (usually http://192.168.0.1 or http://192.168.1.1) and look for a tab named IPv6, Internet, WAN, or Network. If you cannot find it, search online for your router model. Note: For some providers, IPv6 works only if specific connection parameters are specified (connection type, prefix length, gateway). It is best to check your personal account or technical support. Next: Select the connection type. If the provider offers IPv6 directly, choose Native IPv6 or DHCPv6. If IPv6 is tunneled via IPv4, choose 6to4, 6rd, or Tunnel (rarely needed). Enable IPv6 distribution within the local network. Options may be named: Enable SLAAC Enable DHCPv6 Server Assign IPv6 prefix to LAN It is recommended to enable SLAAC + RDNSS, automatic configuration of addresses and DNS without DHCP. Specify IPv6 DNS servers: Google: 2001:4860:4860::8888 Cloudflare: 2606:4700:4700::1111 Save and restart the router. Linux: Troubleshooting Common Issues Symptom Problem Solution ip -6 addr shows only fe80: The device did not receive a global IPv6 address Make sure DHCPv6/SLAAC is enabled. Ensure the provider supports IPv6. ping6 google.com → Network is unreachable No route (gateway) set for IPv6 Check for gateway6 in Netplan or set manually: ip -6 route add default via <gateway> dev eth0. ping6 google.com → Name or service not known DNS is not working over IPv6 Make sure working DNS servers are configured (e.g., Google/Cloudflare). Check with resolvectl status and cat /etc/resolv.conf. DNS server is set, but ping6 still fails DNS server is unreachable over IPv6 Test DNS connection: ping6 2606:4700:4700::1111. Try a different DNS server. IPv6 intermittently disappears SLAAC/DHCPv6 does not refresh addresses or addresses are reset Ensure dhcp6: true is set or SLAAC is enabled. Check logs: journalctl -u systemd-networkd or nmcli device show. After netplan apply, IPv6 doesn’t work Errors in Netplan configuration Check YAML syntax: indentation, spaces, correct IP. Run sudo netplan try or sudo netplan generate && sudo netplan apply. DNS still uses IPv4 systemd-resolved only uses IPv4 Make sure IPv6 DNS servers are listed under nameservers.addresses. Restart the service: sudo systemctl restart systemd-resolved. IPv6 address exists, but no access to websites Provider did not give an Internet route or ICMPv6 is blocked Check if a route is received (ip -6 route). Ensure ICMPv6 is not blocked by the firewall: open ICMPv6 in iptables or nftables. ip -6 route is empty The system did not receive a route via IPv6 Add manually: sudo ip -6 route add default via <gateway> dev <interface>. systemd-networkd ignores configuration Conflict with NetworkManager Disable NetworkManager on the server: sudo systemctl stop NetworkManager && sudo systemctl disable NetworkManager. Use only systemd-networkd. Windows: Troubleshooting Common Issues Symptom Problem Solution No IPv6 address in ipconfig (only fe80:) The system did not receive a global IPv6 address Check that IPv6 support is enabled in adapter properties. Ensure the router/provider assigns addresses. Configure IPv6 manually if needed. ping -6 google.com → Destination unreachable No route (gateway) Manually set the gateway in adapter properties. Ensure the gateway is in the same subnet as your IPv6 address. ping -6 or nslookup → Name or service not known DNS does not work over IPv6 Set reliable IPv6 DNS (Google, Cloudflare) manually in adapter properties. nslookup -type=AAAA google.com → can't find DNS does not return AAAA records (IPv6 addresses) The DNS server does not support IPv6 queries. Use another server, e.g., 2001:4860:4860::8888. Addresses exist, DNS works, but websites do not open ICMPv6 is blocked or firewall interferes with routes Ensure incoming and outgoing ICMPv6 traffic is allowed in Windows Firewall. Check the network profile (Home/Public). Connection is unstable, IPv6 disappears Conflicting settings or issues with DHCPv6/SLAAC Try switching to manual configuration. Disable and re-enable IPv6 in adapter properties. Internet still does not work after manual setup Incorrect address, prefix, or gateway Ensure the address and gateway are in the same subnet. Check the prefix length (usually /64). Network does not respond after changing settings Windows did not apply changes without restart Restart the computer. Sometimes the IPv6 stack requires a full reboot to apply new settings. No IPv6 configuration option in interface Disabled or corrupted in the system Make sure the IP Helper service is running. Open services.msc and check the service status. ping -6 works, but websites do not open in the browser Browser uses only IPv4 or DNS conflict Flush DNS cache: ipconfig /flushdns. Try another browser or reset network settings. Conclusion IPv6 has long ceased to be experimental; it is a fully functional standard, working with most ISPs, hosting providers, and modern operating systems. However, simply obtaining an address is not enough to actually use it. It is important to ensure that everything is configured: from routes and DNS to router support. In this guide, we have covered the entire process, from initial checks to manual configuration and troubleshooting. If you followed the steps carefully, your computer or a virtual server should now work reliably over IPv6, and websites should load even without IPv4. If it still doesn’t work, start with the basics: check whether a global address is visible, whether DNS works, and whether ping6 reaches Google. These are three key checkpoints to understand what might be wrong. IPv6 is not difficult if you follow the instructions. Once you configure it correctly, you will likely not need to revisit it for a long time. FAQ What is IPv6 and should I enable it? IPv6 (Internet Protocol version 6) is the successor to IPv4, designed to overcome IPv4’s limitation of available addresses. IPv6 provides a vastly larger address space, built-in security features (like mandatory IPsec support), more efficient routing, and better support for modern networking needs, such as mobile devices and IoT. Should you enable it?Yes, in most cases, you should. Many ISPs, websites, and applications already support IPv6, and enabling it allows your device to use both IPv4 and IPv6 (dual stack). This can improve compatibility with services that are IPv6-only. Unless you are in a specialized environment where IPv6 causes conflicts, it is generally safe and recommended to enable it. 2. How do you configure IPv6? Configuration can be done in two ways: Automatically (DHCPv6 or SLAAC):Most modern networks assign IPv6 addresses dynamically. By default, enabling IPv6 in your adapter settings will usually be enough for your system to obtain an address, gateway, and DNS automatically. Manually (Static):You can configure IPv6 manually by entering: IPv6 address (e.g., 2001:db8::100), Subnet prefix length (commonly 64), Default gateway (router address), DNS servers (such as Google’s 2001:4860:4860::8888 and 2001:4860:4860::8844). On Windows, this can be done via the network adapter properties (GUI) or PowerShell commands like: New-NetIPAddress -InterfaceIndex <index> -IPAddress <IPv6> -PrefixLength 64 -DefaultGateway <gateway> 3. Does enabling IPv6 make Wi-Fi faster? Not directly. Enabling IPv6 doesn’t inherently increase your Wi-Fi speed. However, in some cases: If a website or service is optimized for IPv6, connecting via IPv6 can reduce latency by skipping NAT (Network Address Translation) that is often used in IPv4. Some content delivery networks (CDNs) may serve data more efficiently over IPv6. So while your raw Wi-Fi speed won’t change, enabling IPv6 may improve reliability and response times in certain scenarios. 4. How to fix “IPv6 connectivity: no internet access”? If you see this message, it usually means your device has an IPv6 address but cannot reach the internet using IPv6. Possible fixes: Restart Router & Device: Sometimes a simple reboot resolves temporary network issues. Check ISP Support: Not all ISPs provide IPv6. If your ISP doesn’t, you’ll see "no internet access" even though IPv6 is enabled. In that case, IPv4 will still work. Update Network Drivers: Outdated drivers can cause connectivity issues. Reset IPv6 Configuration (Windows):netsh int ipv6 reset  Then restart your computer. Manually Set DNS Servers: Add IPv6-compatible DNS, e.g., Google’s: 2001:4860:4860::8888 2001:4860:4860::8844 Disable and Re-enable IPv6: In some cases, toggling IPv6 off and back on in your network adapter settings clears conflicts. Check Router Configuration: Ensure your router has IPv6 enabled and configured correctly (some routers require DHCPv6 or prefix delegation from the ISP). If IPv6 still doesn’t connect but IPv4 works fine, and your ISP doesn’t provide IPv6, you can safely leave it enabled (your device will fall back to IPv4). Frequently Asked Questions (FAQ) How to enable and configure IPv6 on Ubuntu?  On modern Ubuntu versions (using Netplan), you configure this in your YAML file found in /etc/netplan/. Open the file (e.g., sudo nano /etc/netplan/00-installer-config.yaml). Under your network interface, add dhcp6: true or a static address like addresses: [2001:db8::2/64]. Apply changes: sudo netplan apply. How to enable and configure IPv6 on Windows 10/11?  IPv6 is usually enabled by default, but you can verify it in the Network Adapter settings: Go to Settings > Network & Internet > Advanced network settings. Select More network adapter options (or "Change adapter options"). Right-click your active connection (Ethernet or Wi-Fi) and select Properties. Ensure the box next to Internet Protocol Version 6 (TCP/IPv6) is checked. How to configure IPv6 on a router?  While interfaces vary by manufacturer (TP-Link, ASUS, Netgear), the general steps are: Log in to the admin panel (typically 192.168.0.1 or 1.1). Navigate to Advanced > IPv6 or WAN Settings. Set the "Internet Connection Type" to match your ISP (commonly Native, DHCPv6, or SLAAC). Enable "IPv6 LAN" so your devices can receive addresses. How do I test if IPv6 is working?  The simplest test is to visit a verification site like test-ipv6.com. Alternatively, in the terminal/command prompt, try pinging Google's IPv6 address: Windows: ping -6 google.com Linux: ping6 google.com Should I disable IPv4 if I enable IPv6? No.  The internet is currently in a transition phase (Dual Stack). Many websites and legacy applications still rely entirely on IPv4. You should run both protocols simultaneously to ensure full connectivity.

The internet is gradually transitioning to IPv6, and an increasing number of websites, applications, and devices are adopting it. But having an IPv6 address alone isn’t enough. To make everything work properly, you need to configure DNS correctly—both on the server side and on your own computer. Without DNS, no connection will work: the browser simply won’t know where to send the request. This is especially critical for IPv6. If you forget to set the necessary DNS records, your site will become invisible to many users, and even content that used to open just fine may stop working on client devices. Choose your server now! How to Check if Your ISP Supports IPv6 This guide is relevant only if your internet provider supports IPv6. Linux-based OS Run the following command: ip -6 addr show If you see interface addresses starting with 2xxx: or 3xxx:, then your provider supports IPv6. macOS Use the command: ifconfig If your ISP assigns an IPv6 address, it will look something like this: Windows Open Command Prompt by pressing Win + R, then type cmd. Enter the following command: ipconfig You should see output like this: What Is DNS for IPv6, and Why Is It Important? DNS is like the internet’s address book. When a user types a website address, the browser doesn’t know where to go—it needs an IP address. DNS translates human-readable addresses into a numeric IP address that devices and networks can use. You need to configure DNS for IPv6 in two places: 1. On the Server (where your website or service is hosted) This enables browsers to find your site via IPv6. If your domain’s DNS zone doesn’t contain an AAAA record with the server’s IPv6 address, browsers won’t even know that they can use the new protocol to access your site. As a result, the site may load slowly or not at all for users with IPv6-only access. 2. On the Client Side (your computer or router) Your computer also needs to know which DNS server to use in order to resolve site addresses into IPv6 format. If your computer or router doesn’t have access to a DNS server that supports IPv6, it won’t open the site, even if your ISP supports IPv6. You need to set up DNS for IPv6 so that the internet continues working quickly, reliably, and without interruptions under the new protocol. Without proper configuration, IPv6 might be available—but not functional. The Best Public IPv6 DNS Servers To ensure stable and fast performance, your device must know which DNS server to query. Usually, the router handles this: it receives the settings from your ISP and distributes them to the network. But if your ISP doesn’t support IPv6 or their DNS is unstable, you can manually specify public DNS servers that support IPv6. These are free, reliable addresses accessible from anywhere in the world: Name Primary IPv6 DNS Address Secondary IPv6 DNS Address Google DNS 2001:4860:4860::8888 2001:4860:4860::8844 Cloudflare 2606:4700:4700::1111 2606:4700:4700::1001 Quad9 2620:fe::fe 2620:fe::9 OpenDNS 2620:119:35::35 2620:119:53::53 All of these services: support IPv6 without additional setup, respond quickly to queries worldwide, protect against fake and malicious sites (especially Quad9 and OpenDNS). When Should You Set DNS Manually? Follow the instructions below if any of the following apply: Your device does not automatically receive DNS server settings. Your ISP does not support IPv6 at the DNS level. Websites load slowly or return “address not found” errors. The next sections explain how to manually configure DNS servers. It only takes a few minutes and results in a stable, error-free internet connection. Configuring DNS IPv6 on Windows If you have internet access but websites won’t load, Windows might not know which DNS server to use for IPv6. You can fix this easily by setting the correct addresses manually. This method works for both Windows 10 and 11—the interface is nearly identical. Open Network Connections: Press Win + R, type ncpa.cpl, and hit Enter. A window with all connections (Ethernet, Wi-Fi, etc.) will open. Find your active connection. It’s usually called “Local Area Connection” or “Wireless Network”.  Right-click on it → select Properties. Choose Internet Protocol Version 6 (TCP/IPv6). In the list of components, find this line and click the Properties button. Enter the DNS servers manually: Check Use the following DNS server addresses. Type in: Preferred: 2001:4860:4860::8888 Alternate: 2001:4860:4860::8844 Save your settings. Click OK → OK, then close the window. Windows will now use the specified DNS servers for IPv6 connections. Configuring IPv6 DNS in Linux DNS configuration in Linux depends on the edition you're using (desktop or server) and the network management tool used (NetworkManager, systemd-networkd, or manual configuration). To ensure everything works correctly with IPv6, you need to determine who is responsible for the network and DNS in your system and then choose the appropriate configuration method. How to Find Out What Your Distribution Uses Open a terminal and run: nmcli device If the command returns a list of interfaces and their statuses, you’re using NetworkManager. If nmcli is not installed, try: networkctl If you see interfaces with the status routable, configured,  you're using systemd-networkd. Ubuntu Desktop, Fedora, Manjaro — Using NetworkManager If you use a graphical environment (GNOME, KDE, Xfce) and see a network icon in the panel — most likely you're using NetworkManager. Via GUI: Go to Settings → Network → Select active connection → IPv6 In the DNS section: Switch the mode to “Manual” or “Advanced” Enter DNS addresses, e.g.: 2001:4860:4860::8888 and 2001:4860:4860::8844 Save and restart the connection Via terminal: nmcli connection modify eth0 ipv6.dns "2001:4860:4860::8888 2001:4860:4860::8844" nmcli connection modify eth0 ipv6.ignore-auto-dns yes nmcli connection up eth0 Replace eth0 with your actual interface name (check it by running nmcli device). Ubuntu Server (18.04+, 20.04+, 22.04+) — Using Netplan On Ubuntu server editions, netplan is used to generate configuration for systemd-networkd. Open the configuration file, for example: sudo nano /etc/netplan/01-netcfg.yaml Add IPv6 addresses in the nameservers section. Be sure to strictly follow YAML formatting — use spaces only, no tabs. Usually, indentations are multiples of 4 spaces. In the addresses field, insert the IPv6 address with /64. In the gateway6 field, insert the gateway — drop the last group of your IPv6 address and replace it with 1 to get the gateway address.  network: version: 2 ethernets: eth0: dhcp4: true dhcp4-overrides: use-dns: false dhcp6: false addresses: - 2001:0db8:a::0370/64 gateway6: 2001:0db8:a::1       match: macaddress: <insert your machine’s MAC address> nameservers: addresses: - 2001:4860:4860::8888 - 2001:4860:4860::8844 Apply the changes: sudo netplan apply After applying the changes, verify that the correct DNS servers are in use. If the DNS Servers field displays incorrect servers, they are likely being automatically delivered via DHCP. Disable this as follows: Ensure correct permissions on the YAML file: sudo chmod 600 /etc/netplan/01-netcfg.yaml Delete the old resolv.conf and create a symlink: sudo rm -f /etc/resolv.conf sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf If you get the error “Unable to resolve host”, add the hostname to /etc/hosts: HOSTNAME=$(hostname) sudo sed -i "/127.0.1.1/d" /etc/hosts echo "127.0.1.1 $HOSTNAME" | sudo tee -a /etc/hosts Enable systemd-resolved (if it’s not already): sudo systemctl enable systemd-resolved --now Apply configuration and restart services: sudo netplan apply sudo systemctl restart systemd-networkd sudo systemctl restart systemd-resolved Recheck the result: resolvectl status resolvectl dns At this point, DHCP-based DNS should be fully disabled. Modern Systems with systemd-resolved If your system uses systemd-resolved directly (e.g., Arch Linux, or Ubuntu with systemd), you can define DNS via the config file. Open the configuration file: sudo nano /etc/systemd/resolved.conf Add the following lines: [Resolve] DNS=2001:4860:4860::8888 2001:4860:4860::8844 FallbackDNS=2606:4700:4700::1111 Restart the service: sudo systemctl restart systemd-resolved Manual Configuration via resolv.conf — If Nothing Else Works Sometimes, it's easiest to make changes directly in /etc/resolv.conf, especially in minimal systems or containers. Open the file: sudo nano /etc/resolv.conf Add the lines: nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844 Keep in mind that the system often overwrites this file. To preserve settings: sudo chattr +i /etc/resolv.conf Configuring IPv6 DNS on a Router If you've already configured IPv6 DNS on your server and PC, but the site still won't open via the new protocol, check your router settings. The router distributes the internet and tells devices where to send DNS queries. If no IPv6-enabled DNS servers are set on the router, your home devices may still use the old protocol — even if the ISP has switched to IPv6. Where to Find IPv6 DNS Settings It depends on the model, but the typical path is: Router settings → Internet / WAN → IPv6 → DNS. If there is a separate DNS tab, go to it. Some models hide these parameters in Advanced sections. Example: TP-Link Router Go to the router’s interface: 192.168.0.1 or tplinkwifi.net Enter your login and password Go to Advanced → IPv6 Enable IPv6 — it’s usually off by default In WAN connection settings, check Configure the DNS server manually Enter your selected IPv6 DNS addresses, e.g.: 2001:4860:4860::8888 2001:4860:4860::8844 Save changes and reboot the router Example: Keenetic Router Go to my.keenetic.net From the menu, select Internet → Connection Go to the DNS Servers tab Check Manual Enter IPv6 addresses (e.g., Google DNS) Apply changes and reboot the router What to Do If DNS Doesn’t Accept IPv6 Check whether your router supports IPv6 (not all older models do). Make sure your ISP has assigned a global IPv6 address (and not just fe80::). Try updating your router’s firmware — this often resolves the issue. How to Test DNS over IPv6 Testing DNS over IPv6 is easy — both in a browser and via the terminal. It takes just a few minutes and quickly helps identify where the problem is: in the DNS, the network, or IPv6 itself. In the Browser The simplest method is to open a testing site: test-ipv6.com The page will show: Whether there is an IPv6 connection. Which protocol is used by default (IPv4 or IPv6). Whether DNS over IPv6 is working. Whether popular websites have AAAA records. If everything is green, it’s working fine. If there’s an error, the site will tell you what the issue is. In the Terminal (Linux, macOS) Check the AAAA DNS record: dig AAAA google.com If the response includes an IPv6 address (e.g., 2a00:1450:4009::200e), then DNS over IPv6 is working. Check which DNS servers are being used: resolvectl status This shows active interfaces and DNS servers (including IPv6 ones). Check whether traffic goes through IPv6: ping6 google.com Or: curl -6 https://ifconfig.co If the command executes and shows an IPv6 address, then IPv6 connectivity is active. Solving Common Issues Below is a cheat sheet for resolving problems frequently encountered when configuring IPv6 DNS: Symptom Problem Solution Websites open, but slowly. ping6 works, but ping is faster. The browser tries IPv6 first, then falls back to IPv4. The DNS server responds too slowly. Often, the ISP's default DNS is the culprit. Switch to a fast public DNS server. See "Configuring IPv6 DNS in Windows" or "Configuring IPv6 DNS in Linux". ping6 google.com → “Name or service not known” The DNS client is not receiving IPv6 responses: either the server addresses are incorrect or IPv6 is disabled on the interface. Check if IPv6 is active using ip -6 addr. Make sure resolvectl status shows an IPv6 DNS server. If not, set one manually (see Windows or Linux setup guides). Internet stops working after netplan apply. There’s a syntax error in the YAML file or the gateway is missing. Check the file using netplan try. If there’s an error, roll back and reapply the changes carefully. Watch for typos and fix indentation — use two spaces per level. No active connections in Ubuntu GUI. Netplan uses systemd-networkd, while the GUI expects NetworkManager. Either edit Netplan for a server setup, or install NetworkManager and change renderer: NetworkManager in the config file. nslookup -type=AAAA site.com in Windows shows “Non-existent domain”. The router does not have IPv6 DNS set, or its firmware does not support the protocol. Log in to the router's admin panel → “IPv6” → “DNS” → enter Cloudflare or Google DNS. Update firmware if the “IPv6” section is completely missing. Docker container ignores IPv6 DNS. Docker daemon uses its own resolv.conf copied at startup. Add the DNS address to /etc/docker/daemon.json, or pass it when launching the container: docker run --dns 2606:4700:4700::1111 alpine systemd-resolved continuously caches a SERVFAIL error. An upstream DNS server failed; the failed response is cached. Clear the cache and change DNS: sudo resolvectl flush-caches sudo systemd-resolve --set-dns=2001:4860:4860::8888 --interface=eth0 A site with HSTS loads via HTTPS only over IPv4. The certificate has only an A record; there's no AAAA record — the browser doesn’t trust it. Issue a certificate that validates both IP versions. For Let’s Encrypt:   sudo certbot --preferred-challenges http -d site.com -d '*.site.com' ping6 to a local host is OK, but gives “Network unreachable” to the internet. The ISP assigned a prefix but no gateway (gateway6 is not set). Manually add a gateway: gateway6: 2a03:6f01:1:2::1 Apply the changes: sudo netplan apply IPv6 address is present, but DNS queries go to 192.168.0.1.  The router distributes IPv4 DNS via DHCPv6 Option 23; the system gives them higher priority. Manually set IPv6 DNS with the highest priority: sudo resolvectl dns-priority eth0 0 dig @2606:4700:4700::1111 google.com works, but dig google.com doesn't. systemd-resolved listens on 127.0.0.53, but a local firewall blocks outbound DNS packets. Allow outbound traffic on port 53 (UDP and TCP) or disable UFW: sudo ufw allow out 53 Compare your symptom with the first column and check the brief diagnosis in the second column. Execute the command(s) in the third column and verify the result. If the issue isn’t resolved, return to the DNS setup steps. Choose your server now! Conclusion The transition to IPv6 is slow, but inevitable. More and more ISPs are issuing only IPv6 addresses, more hosting providers are operating with Dual Stack, and more services are checking for IPv6 support by default. And if DNS is misconfigured, connections fail, websites won’t load, and users will leave for services that work. The good news? It all takes 5–10 minutes: Add an AAAA record in your hosting panel; Set reliable public DNS servers on your server, router, and client devices; Check the result — and forget about the issue. IPv6 is not about the future — it’s about ensuring your website, service, or home network works reliably right now. And a properly configured DNS is your ticket into this new Internet. And if you’re looking for a reliable, high-performance, and budget-friendly solution for your workflows, Hostman has you covered with Linux VPS Hosting options, including Debian VPS, Ubuntu VPS, and VPS CentOS. Frequently Asked Questions (FAQ) How to configure IPv6 DNS?  On most Linux systems, you edit the /etc/resolv.conf file (or your specific network manager config like Netplan). Add a nameserver line followed by the IPv6 address. For example: nameserver 2001:4860:4860::8888. Which DNS is best for IPv6?  Google Public DNS and Cloudflare are popular choices for speed and reliability. Google: 2001:4860:4860::8888 and 2001:4860:4860::8844 Cloudflare: 2606:4700:4700::1111 and 2606:4700:4700::1001 What does DNS 8.8.8.8 and 8.8.4.4 do?  These are Google's Public DNS addresses for IPv4. They translate domain names (like https://www.google.com/search?q=google.com) into IP addresses. The IPv6 equivalents are 2001:4860:4860::8888 and 2001:4860:4860::8844. What is the slash (/) in IPv6?  The slash indicates the Prefix Length (CIDR notation). It tells you how many bits of the address are used for the network ID. For example, in /64, the first 64 bits identify the network, and the rest identify the specific device. What is 2000::/3 in IPv6?  This block represents the Global Unicast Addresses. Essentially, this is the pool of public IPv6 addresses meant to be routable on the public internet. What does 10.0.0.0/8 mean? This is an IPv4 private network range (Class A). The /8 means the first 8 bits (10) are fixed for the network, leaving the remaining 24 bits for millions of devices within that private network. It is not an IPv6 address.

Wireproxy is a WireGuard client that acts as a SOCKS5/HTTP proxy server or tunnel. It is particularly useful when you need to connect to certain websites through a WireGuard peer but do not want or cannot configure a new network interface for various reasons. In this article, we will cover how to create a SOCKS5 proxy using Wireproxy, as well as how to connect to it via the FoxyProxy extension for the Firefox browser. Main reasons why Wireproxy might be the preferred choice: Using WireGuard as a traffic proxy. No need for administrator privileges to modify WireGuard settings. Wireproxy provides full isolation from the device’s network interfaces, allowing it to be used without administrative configuration. Key Features of Wireproxy Static TCP routing for both client and server. SOCKS5/HTTP proxy support (currently only CONNECT is supported). Developers are working on additional features, including UDP support in SOCKS5 and static UDP routing. And if you’re looking for a reliable, high-performance, and budget-friendly solution for your workflows, Hostman has you covered with Linux VPS Hosting options, including Debian VPS, Ubuntu VPS, and VPS CentOS. Installing Wireproxy Wireproxy supports multiple operating systems, including Linux, macOS, and Windows. There are two main installation methods: Building the project from source using Go. Downloading a precompiled version for your platform. Building from source ensures the latest code, while a precompiled version offers stability and convenience. Installing the Precompiled Version (Windows) Go to the GitHub releases page and download the archive for your operating system. For Windows, download wireproxy_windows_amd64.tar.gz. Extract the archive and place wireproxy.exe in a convenient location, e.g., create a wireproxy folder on your desktop. Open the Windows Command Prompt or PowerShell and navigate to the folder using: cd Desktop\wireproxy Verify the utility works correctly: wireproxy.exe -v Building from Source Using Go (Linux) Prerequisites Ensure Go version 1.20 or higher is installed: go version If Go is not installed, use this Ubuntu 22.04 installation guide. Build process Clone the Wireproxy repository: git clone https://github.com/octeep/wireproxy cd wireproxy Run the build process: make After the build completes, verify: ./wireproxy -v Configuring Wireproxy After installing Wireproxy, the next step is configuring the utility. You need a WireGuard configuration file. You can create a new server and set up WireGuard manually, e.g., following this Hostman guide. Alternatively, use the Marketplace section when creating a server and select Wireguard-GUI. A typical WireGuard configuration file looks like this: [Interface] PrivateKey = [Your_Private_Key] Address = 10.0.0.2/32 DNS = 8.8.8.8 [Peer] PublicKey = [Server_Public_Key] Endpoint = [Server_IP:Port] AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 20 Place the WireGuard configuration file in the wireproxy folder you created earlier. In this example, the file is named wg.conf. Creating the Wireproxy Configuration In the wireproxy directory, create wp.conf for the SOCKS5 proxy configuration: WGConfig = ./wg.conf [Socks5] BindAddress = 127.0.0.1:25344 Username = hostman Password = hostman WGConfig specifies the path to your WireGuard config. BindAddress defines the local proxy address and port. Username and Password are optional login credentials for the proxy. Testing the Configuration Linux: ./wireproxy -c wp.conf -n Windows: wireproxy.exe -c wp.conf -n This checks that the configuration is correct without starting the proxy. Running Wireproxy Linux: ./wireproxy -c wp.conf Windows: wireproxy.exe -c wp.conf For background execution, use the -d flag: Linux: ./wireproxy -c wp.conf -d Windows: wireproxy.exe -c wp.conf -d Connecting to Wireproxy via Browser Extension To use Wireproxy in a browser, specialized proxy management extensions can be used. In this example, we will configure FoxyProxy in Firefox, though similar steps apply to other browsers, e.g., Chrome with Proxy SwitchyOmega. Installing and Configuring FoxyProxy in Firefox Install FoxyProxy from FoxyProxy for Firefox. Click the FoxyProxy icon and select Options to open settings. Click Add to create a new proxy configuration. Set Proxy Type to SOCKS5. Enter 127.0.0.1 as Proxy IP and 25344 as Port. If a username and password were set in Wireproxy, enter them in Username and Password. Click Save to store the configuration. Click the FoxyProxy icon again and select the newly created configuration to connect to the proxy. Visit any IP check service online to confirm that the IP address has changed. This verifies that your traffic is routed through Wireproxy. FoxyProxy supports patterns to apply proxy usage only to specific sites. Open the FoxyProxy menu and select Options. Click Patterns in your existing connection. Enable patterns by clicking the FoxyProxy icon and selecting Use Enable Proxies By Patterns and Order. After this, the proxy will only be used for websites specified in your patterns. Conclusion In this article, we covered the installation and configuration of Wireproxy, a tool for creating SOCKS5/HTTP proxies via WireGuard. Wireproxy’s standout feature is its ability to operate in user space, simplifying setup and usage, especially for users without administrative privileges. We also demonstrated integrating Wireproxy with browser extensions for convenient proxy management.