Fedora 29 Server on Intel NUC, running docker-1.13.1-62.git9cb56fd.fc29.x86_64
Containers are pihole:latest (the end goal) and debian:latest (as a sanity check).
Summary: The pihole container fails to start with errors about the autodetected host IP address being invalid; if I remove the injected environment variable for IPv6 the container starts.
Detail:
First I posted and issue in the pihole forum [1] the question I was asked is if docker daemon is setup for IPv6. And I can’t yet answer that question definitively.
I’ve read this …
https://docs.docker.com/config/daemon/ipv6/
… which says I need to both modify
/etc/docker/daemon.json
and also add
--ipv6
to
/usr/lib/systemd/system/docker.service
and then reload and restart. But after doing that, the pihole isn’t working. So to sanity check, the following is based on host (intel nuc) and the container is actually the generic debian container.
Host:
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether b8:ae:ed:77:ea:51 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.250/24 brd 10.0.0.255 scope global dynamic noprefixroute enp3s0
valid_lft 604187sec preferred_lft 604187sec
inet6 2601:282:700:8c78:3cef:4672:2da9:af30/64 scope global dynamic noprefixroute
valid_lft 228262sec preferred_lft 228262sec
inet6 fe80::91f1:7594:6bae:99ea/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: wlp2s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 8a:91:2d:9c:69:3e brd ff:ff:ff:ff:ff:ff
36: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:c4:b0:b5:60 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
For connection 36, I’m expecting to see some kind of inet6 connection. It seems like there’s no inet6 bridge in place between host and container, where there is for IPv4 as inet 172.17.0.1
This documen suggests I should have an inet6 listing in the docker0 bridge link shown by ip a
but it’s not there. So I don’t actually know if the daemon really is correctly using daemon.json configuration file; or if --ipv6 is being honored when the daemon is starting up.
Docker Documentation – 4 May 18
Inside of the docker container:
$ sudo docker run debian ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
37: eth0@if38: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.2/16 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:2/64 scope link tentative
valid_lft forever preferred_lft forever
Looks like the container’s lo
and eth0
devices have ipv4 and ipv6. But if the docker0 bridge on the host has no inet6 address at all, it seems this is not getting bridged correctly. Anyway I’m totally lost at this point. Thanks.
The two containers are from docker.io and the pihole thread is at https://discourse.pi-hole.net/t/error-serveripv6-environment-variable-doesnt-appear-to-be-a-valid-ipv6-address/14949/3
Only two URLS for new users so I was prevented from including them in the original post.
This is not exactly surprising, but I think it further suggests the daemon itself really isn’t enabling IPv6. I just can’t figure out why not.
$ sudo docker network ls
NETWORK ID NAME DRIVER SCOPE
65a37ba45572 bridge bridge local
6ff4b8292e0a host host local
3cfd2e6b77bc none null local
$ sudo docker network inspect 65a37ba45572
"Name": "bridge",
"Id": "65a37ba45572770a56243343a02d118797a09ae10a5cae0a2a80a2a01687342a",
"Created": "2018-12-13T18:48:30.321557843-07:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
"Internal": false,
"Attachable": false,
"Containers": {
"75ebd4868f4c9e079677e54e2de45732b712aac9fc0865569d15689aeb1a6829": {
"Name": "festive_kare",
"EndpointID": "388196c7002b8c8c114add3a74193fd7a3b6f346c06192ae62fbf5a0127a8589",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
"af86b2eb2583016090e98e95202a2d24da6d232efb47097ce86b72319ac93106": {
"Name": "pihole",
"EndpointID": "c1bfe30bd43d34c9d92171e3377bb71d3841b42ab7c795c28df0952c36ea4bfb",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
"Labels": {}
$ sudo docker network inspect 6ff4b8292e0a
"Name": "host",
"Id": "6ff4b8292e0aba1516484007b5190d7c1ad8d8578e3c036556f51ac0e4584944",
"Created": "2018-12-07T18:26:24.306965799-07:00",
"Scope": "local",
"Driver": "host",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": []
"Internal": false,
"Attachable": false,
"Containers": {},
"Options": {},
"Labels": {}
I’ve read this …
Enable IPv6 support | Docker Docs
… which says I need to both modify /etc/docker/daemon.json
and also add --ipv6
to /usr/lib/systemd/system/docker.service
and then reload and restart.
I think you also need to specify which IPv6 network to use in daemon.json, at least if you want to use IPv6 on the default bridge (docker0). The IPv6 network should be routed to the docker host and specified in daemon.json as “fixed-cidr-v6”.
/etc/docker/daemon.json example:
"ipv6": true,
"fixed-cidr-v6": "2001:0db8:1234:5678:9abc::1/80"
BTW busybox is a small image that supports IPv6, which I use for troubleshooting.