IPv6 was introduced more than twenty years ago, but the debate surrounding it continues to this day. Some administrators enable support for the new protocol by default and consider this standard practice for any modern server. Others disable IPv6 immediately after installing the system - sometimes for security reasons, and sometimes to simplify network configuration.
This issue most often arises when configuring VPS, dedicated servers, Docker infrastructure, and enterprise Linux systems - especially if the project itself operates exclusively over IPv4 and does not yet benefit from the additional advantages of IPv6.
And as with any other issue, there’s no one-size-fits-all answer here, since it all depends on the server’s specific tasks, the services running on it, and the structure of the network around it. In some cases, disabling IPv6 helps eliminate unnecessary complexity, while in others it can lead to unexpected problems. In this article, let’s explore when such a step actually makes sense, what consequences it might have, and how to properly disable IPv6 on Ubuntu Server if you decide to do so.
What Is IPv6 and Why Is It Needed
IPv6 is a networking protocol that emerged as a replacement for IPv4. The reason was quite simple: available IPv4 addresses were becoming increasingly scarce, while the number of devices on the internet continued to grow by the hour. We wrote about this in a separate article.
The thing is, IPv4 uses 32-bit addressing, which is enough for about 4.3 billion addresses - a number the protocol’s creators thought would be more than enough for all time (how naive!). With IPv6, an address consists of 128 bits, so the available address space expands to virtually inexhaustible proportions - at least that’s what we think right now :)
For server infrastructure, using IPv6 offers several useful benefits, such as:
- direct use of public IP addresses without intermediate NAT;
- more efficient operation of large networks;
- simplification of certain routing schemes;
- compatibility with modern services and providers;
- future-proofing without worrying about address shortages.
And indeed, many major internet companies have been using IPv6 for a long time. Among them are Google, Cloudflare, Meta, and Microsoft. More and more telecom operators and ISPs are assigning IPv6 to customers by default, especially on mobile networks.
But there’s a catch: just because a system supports IPv6 doesn’t mean a specific server actually needs it. Many projects have been running exclusively on IPv4 for years without encountering any limitations at all. That’s precisely why the question of disabling IPv6 still comes up regularly.
When does it make sense to disable IPv6, and when is it better to leave it enabled?
IPv6 itself does not cause problems. Most reasons for disabling it are related to specific infrastructure, network settings, or the characteristics of the software being used.
Let’s take, for example, a standard VPS hosting a corporate website, internal services, and a database. The provider assigns only IPv4 addresses, there are no AAAA DNS records, and all traffic follows the standard routing scheme. In this configuration, IPv6 can remain enabled for years but go virtually unused.
That’s why administrators often disable it to simplify the system.
One common reason is related to network security. A lot of attention is usually paid to configuring the firewall for IPv4, while IPv6 is sometimes overlooked. As a result, the server ends up being well-protected for one protocol but partially exposed for the other. This is especially common for older servers that have undergone several migrations and updates without a thorough configuration audit.
Sometimes problems arise due to software. Some older applications still do not function very reliably in Dual Stack mode, when both IPv4 and IPv6 are available simultaneously. This can be found among outdated VPN solutions, enterprise systems, industrial software, and in-house services created back in the era when IPv4 dominated. Sometimes, disabling IPv6 resolves the issue in literally just a few minutes.
There’s also a more practical reason: troubleshooting. When a server uses two network stacks at once, troubleshooting becomes much more difficult. An application might first attempt to establish a connection via IPv6, wait for a timeout, and then switch to IPv4. As a result, the user only sees a slow-loading website or API, even though the real cause lies much deeper.
For internal services, the situation is often even simpler. If a server operates within a corporate network, serves a test environment, or is used for internal company tasks, IPv6 may not offer any tangible benefits. Extra functionality means extra configuration, which also requires maintenance.
That said, disabling IPv6 cannot be considered a universal recommendation, as there are many scenarios where it’s better to leave it enabled. For example, if your ISP provides full IPv6 support, your project targets an international audience, or actively uses modern cloud services and CDNs. Many major platforms have long regarded IPv6 as a standard part of their infrastructure, rather than an optional feature.
There is another important factor to consider. In a number of countries, IPv6 traffic already accounts for a significant portion of total internet traffic. Therefore, for public websites, SaaS projects, online stores, and other services with a broad audience, disabling IPv6 may limit the resource’s accessibility for some users.
Based on this, the decision is quite straightforward: if IPv6 is actually in use or may be needed in the near future, then keep it enabled. If the protocol is not in use, complicates system maintenance, and offers no practical benefit, then disabling it is entirely justified.
What to Check Before Disabling IPv6
Before disabling IPv6, you should make sure that the server is not actually using this protocol. Sometimes IPv6 turns out to be enabled in places where the administrator doesn’t even expect it, such as via DNS, network interfaces, or specific services.
Therefore, first check whether IPv6 is enabled on the system at all. You can do this with the command:
sysctl net.ipv6.conf.all.disable_ipv6
If the command returns 0, it means that IPv6 is active:
net.ipv6.conf.all.disable_ipv6 = 0
If it returns 1, the protocol is already disabled:
net.ipv6.conf.all.disable_ipv6 = 1
After that, it’s a good idea to check whether your server has been assigned IPv6 addresses:
ip -6 addr
And while you’re at it, check the routing table:
ip -6 route
Of course, the presence of addresses and routes doesn’t necessarily mean that IPv6 is actually being used, but it does show that the system is ready to operate using this protocol.
The next step is to check DNS. If AAAA records have been published for the domain hosted on your server, some users may be able to connect to the site via IPv6. To check, run the following command:
dig AAAA yourdomain.com
If the record exists, you probably shouldn’t disable IPv6 without preparation, as you may block access for some existing users.
You should pay special attention to network services. Even if you haven’t specifically configured IPv6, some applications automatically open IPv6 sockets upon startup.
You can check this as follows:
ss -tulpn | grep tcp6
or:
netstat -tulpn | grep tcp6
The list often includes SSH, Nginx, Apache, Docker Proxy, server control panels, and other network services.
If such services are already accepting connections via IPv6, simply disabling the protocol could lead to unexpected consequences. This is especially true for servers that have been running in production for a long time and have accumulated many additional components over that period.
Therefore, before changing the network configuration, it’s helpful to answer three questions:
- Does the server have IPv6 addresses?
- Are there AAAA records in DNS?
- Are applications listening on IPv6 ports?
This is usually enough to determine how safe it is to disable the protocol on a specific system.
Temporarily Disabling IPv6 and Verifying the Result
If the decision to disable IPv6 has already been made, it’s best to implement it in test mode first. This approach allows you to test the server’s operation without making permanent changes to the system configuration. To do this, you can use sysctl.
Run the following commands:
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1
The settings take effect immediately. After that, new IPv6 connections will no longer be established, and the server will continue to operate via IPv4.
You can verify the result with the following command:
sysctl net.ipv6.conf.all.disable_ipv6
If the response displays the value 1, IPv6 is disabled.
If desired, you can also check the status of IPv6 addresses on the interfaces:
ip -6 addr
And verify whether any services remain that continue to open IPv6 sockets:
ss -tulpn | grep tcp6
Temporarily disabling IPv6 is convenient because it does not affect the system’s permanent configuration. And if, after testing, it turns out that applications, websites, and network services are working normally, then you can proceed to completely disable IPv6.
After rebooting the server, the settings we configured above will automatically revert to their previous values. This is precisely why this method is typically used as an intermediate step before making permanent changes.
Methods for Completely Disabling IPv6 on Ubuntu Server
After verifying the system via a temporary disable, you can proceed to a permanent configuration. In Ubuntu, there are several options for this. They differ in the extent of their impact on the system and the requirements for restarting the server.
Disabling IPv6 via sysctl
The most common method is to modify the sysctl parameters.
To do this, open the file:
sudo nano /etc/sysctl.conf
and add the following lines to the end of the file:
net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1
Apply the changes:
sudo sysctl -p
You can verify the result as follows:
cat /proc/sys/net/ipv6/conf/all/disable_ipv6
If the command returns the value 1, it means the settings have been applied successfully, and for most servers, this is sufficient.
Disabling IPv6 via Netplan
Sometimes the goal is not to completely disable IPv6, but simply to prevent the network interface from obtaining IPv6 addresses. On systems using Netplan, this can be done through the network configuration.
Example of a network configuration file to disable the ability to obtain IPv6 addresses via DHCP:
network: version: 2 ethernets: eth0: dhcp4: true dhcp6: false
After modifying the configuration, run:
sudo netplan apply
This option disables obtaining addresses via DHCPv6, but the IPv6 stack itself continues to function on the system. Therefore, it is typically used when you need to change network settings rather than completely disable IPv6.
Disabling IPv6 via GRUB
There is also a more drastic option, such as disabling IPv6 at the Linux kernel level before network services even start.
To do this, open the file:
sudo nano /etc/default/grub
Find the line:
GRUB_CMDLINE_LINUX_DEFAULT=“quiet splash”
And add the parameter to disable IPv6:
GRUB_CMDLINE_LINUX_DEFAULT=“quiet splash ipv6.disable=1”
After saving, update the bootloader configuration and reboot the server:
sudo update-grub sudo reboot
This method disables IPv6 during the kernel boot phase and is considered the most radical option.
Which method to choose
If we briefly compare all three approaches, the picture looks like this:
| Method | Reboot Required | Scope of Disabling |
|---|---|---|
| Sysctl | No | Suitable for most use cases |
| Netplan | No | Disables IPv6 address assignment |
| GRUB | Yes | Completely disables IPv6 in the kernel |
In most cases, configuring via sysctl is sufficient. Netplan is suitable for managing network interface settings. The GRUB option is typically used when IPv6 support must not be loaded into the system at all.
How to verify that IPv6 is truly disabled
Let’s review briefly. After making changes, it’s helpful to quickly verify that IPv6 is indeed no longer active on the system.
Check whether any IPv6 addresses remain on the network interfaces:
ip -6 addr
Check the routing table:
ip -6 route
Make sure services are no longer listening on IPv6 ports:
ss -lnpt | grep tcp6
For an additional check, you can try running an IPv6 ping:
ping6 google.com
If the protocol is completely disabled, this command will fail. This means that IPv6 is no longer in use at either the network or application level.
IPv6 and Docker
If the server is used to run Docker containers, there’s another consideration.
In its default configuration, Docker typically operates over IPv4, which is sufficient for most projects. However, Docker supports IPv6, so with the appropriate configuration, containers can obtain their own IPv6 addresses and use separate routes.
As a result, the network topology becomes more complex, additional routes are introduced, the number of firewall rules increases, and moving containers between different servers and environments sometimes requires additional verification of network settings. In a corporate infrastructure, this can also raise issues related to internal security policies.
Of course, Docker itself will continue to function regardless. This is more about additional points of control that the administrator must monitor.
Therefore, in infrastructures built entirely around IPv4, IPv6 is often disabled not only on the host system but also in Docker networks. This approach simplifies maintenance and makes the network configuration more predictable. This is especially true on small VPS instances and servers where containers are run for typical tasks and IPv6 support is simply not needed.
FAQ
Is a server without IPv6 more secure?
Disabling IPv6 alone does not make a server more secure. It all depends on firewall settings, network rules, and access controls. If IPv6 is configured correctly and subject to the same restrictions as IPv4, it does not pose any additional risk.
Can IPv6 be disabled on a VPS?
Yes. In most cases, IPv6 can be disabled using the operating system’s own tools without any restrictions from the provider. Exceptions are rare and usually involve specialized cloud platforms or non-standard network architectures.
Is it necessary to disable IPv6 on Ubuntu 24.04?
There’s no specific need to do so. Ubuntu 24.04 fully supports IPv6 and works correctly with it right out of the box. The decision depends on the server’s tasks and the specifics of the infrastructure. If IPv6 isn’t being used, it can be disabled to simplify the configuration.
Does Docker work without IPv6?
Yes. Most Docker containers use only IPv4 and do not experience any limitations. For typical web projects, APIs, databases, and internal services, IPv6 support is usually not required.
Can IPv6 be re-enabled?
Yes. To do this, simply undo any previous changes made to sysctl, Netplan, or GRUB, then apply the new configuration, and reboot the server if necessary. Returning to the original settings usually takes a few minutes.
Conclusion
IPv6 has long since ceased to be an experimental technology and is gradually becoming a standard part of Internet infrastructure. Many ISPs, cloud platforms, and major online services are already actively using it in their day-to-day operations.
That said, the need for IPv6 depends heavily on the specific server. If a project uses modern cloud services, targets an international audience, or already handles IPv6 traffic, it’s hardly worth disabling the protocol without a compelling reason.
However, the opposite situation is also quite common. Internal services, test environments, small VPS instances, and corporate systems often operate exclusively via IPv4, and in such cases, disabling IPv6 helps simplify network configuration somewhat and reduce the number of settings that need to be maintained.
There is no one-size-fits-all rule here. Best practice is to first check whether IPv6 is enabled on the server, then assess the consequences of disabling it, and only then make any changes. This approach is almost always more reliable than blindly following outdated recommendations or generic instructions found online.
