Metalink is not working well with ipv6 only machines, are there any alternatives?

Hey for my fedora.repo I am using metalink:

[fedora]
name=Fedora $releasever - $basearch
#baseurl=http://download.example/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/
metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
enabled=1
countme=1
metadata_expire=7d
repo_gpgcheck=0
type=rpm
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
skip_if_unavailable=False

For my /etc/dnf/dnf.conf I have it set to ipv6 only.

[main]
ip_resolve=6

However when running dnf I still get error spam relating to mirrors near me not resolving to ipv6 addresses:

>>> Curl error (6): Could not resolve hostname for http://mirror.cs.princeton.edu/pub/mirrors/fedora/linux/releases/43/Everything/aarch64/os/repodata/repomd.xml [Could not resolve host: mirror.cs.princeton.edu
>>> Curl error (6): Could not resolve hostname for http://mirror.uoregon.edu/fedora/linux/releases/43/Everything/aarch64/os/repodata/repomd.xml [Could not resolve host: mirror.uoregon.edu] - http://mirror.uore
>>> Curl error (6): Could not resolve hostname for http://mirror.cs.princeton.edu/pub/mirrors/fedora/linux/releases/43/Everything/aarch64/os/repodata/5717f03894a6e3eafb8fb078c8d183e3b703de7a5f375f66333d0594f15
>>> Curl error (6): Could not resolve hostname for http://mirror.cs.princeton.edu/pub/mirrors/fedora/linux/releases/43/Everything/aarch64/os/repodata/99c57cbe3029af9f7665c7acb36829177c5e4f2472dbdbaeaa5e2204d0c
>>> Curl error (6): Could not resolve hostname for http://mirror.uoregon.edu/fedora/linux/releases/43/Everything/aarch64/os/repodata/5717f03894a6e3eafb8fb078c8d183e3b703de7a5f375f66333d0594f150e9e3-filelists.x
>>> Curl error (6): Could not resolve hostname for http://mirror.uoregon.edu/fedora/linux/releases/43/Everything/aarch64/os/repodata/99c57cbe3029af9f7665c7acb36829177c5e4f2472dbdbaeaa5e2204d0c06ed2-comps-Every

It seems that the ipv6 endpoint for metalink, is returning mirrors that don’t have AAAA records.

This is something that the fedora metalink would need to fix, but in the meantime what’s the best approach to working around this? This is a AWS box in the us-east-2 region.

Not all systems around the world use IPv6. If you limit your access to IPv6 only then you miss all the many thousands of sites that are still using IPv4 and/or have routing through paths using ipv4 only.

If you were to re-enable IPv4 then those missing sites probably would suddenly appear.
This is just one example

first using ipv6 only

$ dig -6 mirror.uoregon.edu
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused

; <<>> DiG 9.18.43 <<>> -6 mirror.uoregon.edu
;; global options: +cmd
;; no servers could be reached

then using both ipv4 and ipv6

$ dig mirror.uoregon.edu

; <<>> DiG 9.18.43 <<>> mirror.uoregon.edu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46387
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;mirror.uoregon.edu.		IN	A

;; ANSWER SECTION:
mirror.uoregon.edu.	300	IN	A	184.171.124.180

;; Query time: 92 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Fri Dec 26 19:55:44 CST 2025
;; MSG SIZE  rcvd: 63

Notice for that site there is only an A record and only an IPv4 address

Yes just like not all systems around the world use ipv6, not all systems around the world use ipv4.

How do I get my system, which only uses ipv6, to only connect to fedora mirrors, that support ipv6?

“Just use ipv4” is not a solution.

Using just IPv4 is not the solution, but allowing both 4 & 6 would be.

Its not a matter of “allowing” its a matter of some systems simply don’t have ipv4 addresses.

I’m not intentionally blocking ipv4 traffic to make things difficult, the box simply doesn’t possess an ipv4 address.

You do not have to have an ipc4 address to access ipv4 sites on the internet. You merely have to allow your system to access both protocols.

If you have only ipv6 address access that means at some point in the path your internet access allows conversion from 6 to 4. A simple traceroute for me shows almost all the different gateways in the path are using ipv4 between me and the uoregon.edi site.

However, dns on your system must also be able to access ipv4 in order to work fully and properly

Remove that limitation and things should then work properly.

I get the same error removing that config.

Did you remove it then reboot before testing?

Yes, I did.

Things are working completely fine. DNF throws some errors but it’s able to pick up a ipv6 supporting mirror and continue about its business quite quickly. I’m just trying to smooth out a wrinkle here.

If you have ipv6 only, you need some kind of remote NAT that can translate to IPv4 and back. See for example List of IPv6 transition mechanisms.

Due to shortage of IPv4 addresses, some IPS will provide Dual-Stack Lite which would provide a local address for example 10.x.x.x or 192.168.x.x which will be natted to a IPV6 to a remote system which will reverse the nat to IPv4. This is rather complicated, but increasingly necessary to access IPv4 only remote systems.

mirrormanager (the application fedora uses to provide metalinks/manage mirrors) doesn’t have support for ipv6 only. ;(

There’s this: IPv6-only mirrors and clients are not properly supported · Issue #306 · fedora-infra/mirrormanager2 · GitHub to add support, but it seems to have stalled out. Perhaps you could provide your input there and get it moving again?

I am not in a position to do anything. If the ISP doesn’t offer dual stack, then you have to live with it or chose another ISP.

Sorry I wasn’t clear, I was asking @paulcdejean to comment on that issue.

The problem is that mirrormanager (our application) doesn’t have any way currently to know that someone requested a metalink over ipv6 and wants only ipv6 mirrors. It could do this by seeing that the request was over ipv6 or using some kind of argument passed to it.

Thank you!