Monday 16th June 2025
My plan to have an IPv6 only infrastructure was almost jeopardized when I realized that I had to use an IPv4 address for the DNS server on Docker, an unresolved issue that has been open since 2017 and still nothing has been done about it! A few months later and it actually works now!
This post was originally titled “Goodbye Docker! Hello Podman!” but I was apparently to bold with that statement. However, the previous caveat pushed me to evaluate other alternatives. Hello Podman!
How Podman compares to Docker
Note that this is by no means a detailed comparison between docker and podman, but addresses the most common features when managing containers.
Similarities
Podman and Docker are both open source container managers. One thing to remember is that there is nothing as a “docker container”. Docker is just managing containers, the same goes for Podman. That means that all container applications that works with docker, should also work with Podman.
In fact, Podman uses the same default container repository as Docker, hub.docker.com (In my opinion, there should be a common repository at hub.container.com or hub.containers.com, but those domains are already taken by a shipping container company and the other by a packaging company, shocking I know).
Podman is even compatible with docker compose!
Not only that but the CLI commands and outputs commands are almost identical to Docker. That means that Podman was actually much easier to adapt to than I expected.
Differences
However, the underlying structure, especially how Podmans network stack work, is very different. There are claims that Podman is more secure than Docker. There may be some truth in that statement but there is only one thing I care about at the moment:
Does Podman support IPv6 DNS servers? Yes it does!
Does Podman support IPv6 flawlessly? Well… no. It has some caveats of it’s own, so pick your poison.
One big challenge with Podman is that it doesn’t seem to have any equivalent to Docker Swarm. For high-availability setups, you have to learn Kubernetes. Which is probably the most scalable solution, but very time-consuming.
Podman and Docker example
Down below is a creation of a simple test container. As Podmans default network doesn’t support IPv6, it has been tweaked to use a different default network. Otherwise both Docker and Podman configuration are left at their defaults.
Docker Example:
sudo docker run -d --name webserver -p 8080:80 quay.io/libpod/banner
sauna@sauna-vm1:~$ sudo docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1695b0aac35c quay.io/libpod/banner "nginx -g 'daemon of…" About a minute ago Up About a minute 0.0.0.0:8080->80/tcp, [::]:8080->80/tcp webserver
Podman Example:
sudo podman run -d --name webserver -p 8081:80 quay.io/libpod/banner
sauna@sauna-vm1:~$ sudo podman container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c8e00297d7af quay.io/libpod/banner:latest nginx -g daemon o... About a minute ago Up About a minute 0.0.0.0:8081->80/tcp webserver
Both commands are run as superuser. At first glance they look identical, but then I realized that IPv6 port forwarding was not enabled on Podman, even if IPv6 is running inside the container:
sauna@sauna-vm1:~$ sudo podman exec webserver netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 :::80 :::* LISTEN
This is because IPv6 port-forwarding on the default network driver for rootful containers is not supported. If you enable routing, you can reach the container directly on it’s IPv6 address instead.
If you run the container as a rootless however, IPv6 port forwarding works:
sudo podman container rm webserver --force
podman container run -d --name webserver -p 8081:80 webserver
sauna@sauna-vm1:~$ curl [::1]:8081
___ __
/ _ \___ ___/ /_ _ ___ ____
/ ___/ _ \/ _ / ' \/ _ `/ _ \
/_/ \___/\_,_/_/_/_/\_,_/_//_/
Difference between Rootful and Rootless Containers
Unlike Docker, Podman supports two different ways of running containers:
Rootful - Requires sudo privileges and are launched whenever executing commands as root (i.e. sudo podman run…)
Default Network type for Rootful is netavark
Rootless - These are user-based containers that doesn’t require root privileges. These have some limitations when choosing network type.
Default Network type for Rootless is slirp4netns.
Source: https://github.com/containers/podman/blob/main/docs/tutorials/basic_networking.md
Conclusion

So who does IPv6 best? (Or who is the least crappy alternative). It depends. I’m going to cover more of Podman network details in a later post. One limitation doesn’t necessarily ruin everything, as there might be alternative solutions. One day I will dig deeper into the different Podman network modes for example.