> But at the same time, if I have v6 on, it causes delays in name resolution and sometimes I just can't connect to a site until I disable v6.

That sounds like your ISP does not actually support IPv6, eg. doesn't have the full Internet routing table for v6. I've seen this happen.

DNS v4/v6 resolutions can also hang with glibc because of a well known bug with Happy Eyeballs when ISPs that fuck up outgoing DNS packets (eg. messed up stateful NAT/DPI). "options single-request-reopen" in /etc/resolv.conf is a workaround. See https://bugzilla.redhat.com/show_bug.cgi?id=505105.

I would contact your ISP, or at least publically shame them. This is not how IPv6 Internet should work (source: we provide IPv4/v6 as an ISP and take care to prevent issues like this).

Even if the ISP does everything right, there are a lot of small sites with broken IPv6 setups caused by incorrect server and DNS configurations. While my ISP appears to provide a solid IPv6 setup, I've ran into quite a few issues with sites either:

- Serving different content on IPv4 vs. IPv6, e.g. just showing Apache2's "It Works" page

- Serving some subresources behind a reverse proxy on IPv4 only (and 404ing on IPv6)

- Forgetting IPv6 AAAA Records after a server change

Trying to debug this as a user is annoying and even if I identified the issue before leaving the site, working with sites to get it fixed has been an issue. I quickly ran into the "Works for me" issue, when the administrators (and a majority of their users) ran on IPv4 only networks.

Ultimately I just disabled IPv6 on all my systems because it ends being more trouble than it's worth.

It's AT&T (UVerse). If they can't get it right, I don't have much hope for anyone else.

Also, I don't even use my ISPs name servers, I use Cloudflare or Google, so I don't think it's that unless the ISP is somehow munging the packet in transit, which I suppose is possible.

Honestly I think it is all due to issues with the v6 stack in MacOS.

But my point is, I shouldn't have to be a network engineer to make v6 work. I should be able to turn on my computer and just have it work.

> Also, I don't even use my ISPs name servers, I use Cloudflare or Google, so I don't think it's that unless the ISP is somehow munging the packet in transit, which I suppose is possible.

That's exactly the problem. You send out two v4 DNS UDP packets one after another (one for A, another for AAAA), both go via your ISPs CGNAT, the CGNAT gets confused, one of the packets gets dropped. I've seen this exact behavior when talking to 8.8.8.8 on Orange in Poland (and they do DS-Lite). It didn't occur with the ISP's DNS, because a) they were also on v6 b) they weren't getting CGNATed.

> But my point is, I shouldn't have to be a network engineer to make v6 work. I should be able to turn on my computer and just have it work.

By disabling IPv6 you're letting shit ISPs get away with this. Your ability to debug this and to figure out it's the ISP's issue should be used to voice your concerns, and not just let this slide.

You should know from your own background that AT&T doesn't quite have a history of excellence in the Internet realm.

Oh yes of course what I meant was they are a huge ISP and have lots of customers, and if it doesn't "just work" for them, then what chance does anyone have of v6 taking off?

Counterpoint: if they fix their shit, the chance of global v6 adoption increases dramatically.

I've never had any issues with IPv6 on Comcast, and I've been using it almost since day one. AT&T is not a company you should ever hold up as some kind of good example of network engineering.

I was never able to get ipv6 to work when I was on AT&T, couldn't even get addresses assigned. When I got on Cox at my new house it worked out of the box. So some ISPs get it right.

> I would contact your ISP, or at least publically shame them. This is not how IPv6 Internet should work

Maybe this is true. But as the other guy said. There is zero benefit in moving to v6 so there isn't any point in taking the time to investigate.

> It only causes problems for me with absolutely no gain. There isn't a single website I can't reach [..]

With RIRs running out of addresses, that's about to change (well, realistically, maybe in 1-2 years).

As techs, I think it's our responsibility to push this forward and keep the Internet free and decentralized.

> With RIRs running out of addresses, that's about to change

I doubt it. Websites that want to be reachable will find a way to be reachable.

> As techs, I think it's our responsibility to push this forward and keep the Internet free and decentralized

I agree, but there is only so much I'm willing to sacrifice for that effort. I've tried to use v6 for at least two weeks on three separate occasions. I do that about once a year. That's the level of sacrifice I'm willing to make for this effort.

My hope is that one year it goes so smoothly I forget to switch back.

For web servers it will be CGNAT in reverse. One overloaded IPv4 load balancer trying to keep up with too many servers behind it. But you'll be able to use its IPv6 address directly.

One benefit I've found of having IPv6 enabled is that it allows me to use certain sites (particularly gmail) while my PC is connected to my work network via a VPN.

Edit: I should point out that I had no idea my machine was using IPv6 until I wondered why I was able to use Gmail and not other sites (such as HN).

I disable v6 on any linux install unless I specifically plan on using it. The fact that it can easily be accessible over lan and over the internet due to how good the auto addressing and link local addresses work is a concern.

Please don't do this. Any firewall will work for security concerns, and RFC4941 support will work for privacy concerns.

I haven't seen a consumer CPE that both supports v6 and doesn't firewall off incoming v6 connections, and I haven't seen any operating system in years that doesn't enable RFC4941 by default.

I will continue to do this. Like I said,if it is planned use it will be enabled and specific firewall rules will be implemented to allow safe use. Not everyone has same requirements.minimizing attack surface ,reducing admin overhead and being explicit about configuration items are some of my needs. V4 is no different, i almost never enable dhcp and might even disable ARP. V4 happens to just be configured explicitly by default.