On Tue, Mar 28, 2017 at 1:50 PM, Sven Joachim <svenj...@gmx.de> wrote:
> On 2017-03-28 13:24 -0500, Matt Zagrabelny wrote: > > > I'm hitting an IPv6 snafu. > > > > I've got a dual stack host and when doing various apt-y things I attempt > to > > connect to: > > > > # apt update > > 0% [Connecting to ftp-chi.osuosl.org (2600:3402:200:227::2) > > > > but it hangs and doesn't seem to complete its connection. > > Apparently ftp-chi.osuosl.org works for me, can you reach other IPv6 > sites? > Well... % ping ftp-chi.osuosl.org PING ftp-chi.osuosl.org(ftp-chi.osuosl.org (2600:3402:200:227::2)) 56 data bytes ^C --- ftp-chi.osuosl.org ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3052ms Not there. % ping google.com PING google.com(ja-in-x8b.1e100.net (2607:f8b0:4001:c0c::8b)) 56 data bytes 64 bytes from ja-in-x8b.1e100.net (2607:f8b0:4001:c0c::8b): icmp_seq=1 ttl=41 time=24.4 ms 64 bytes from ja-in-x8b.1e100.net (2607:f8b0:4001:c0c::8b): icmp_seq=2 ttl=41 time=24.0 ms ^C --- google.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 24.097/24.259/24.421/0.162 ms Yep. % ping ftp.us.debian.org PING ftp.us.debian.org(debian.gtisc.gatech.edu (2610:148:1f10:3::89)) 56 data bytes 64 bytes from debian.gtisc.gatech.edu (2610:148:1f10:3::89): icmp_seq=1 ttl=51 time=30.8 ms 64 bytes from debian.gtisc.gatech.edu (2610:148:1f10:3::89): icmp_seq=2 ttl=51 time=31.0 ms ^C --- ftp.us.debian.org ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 30.844/30.926/31.009/0.194 ms Yep. > > If I look at my sources lists: > > > > % grep http /etc/apt/sources.list.d/*.list | sed -e 's/.*http:\/\///' | > uniq > > ftp.us.debian.org/debian/ experimental main > > ftp.us.debian.org/debian/ jessie main contrib non-free > > ftp.us.debian.org/debian/ sid main contrib non-free > > ftp.us.debian.org/debian/ stretch main contrib non-free > > > > I don't have an /etc/apt/sources.list file. To my observation, my host > > should only be connecting ftp.us.debian.org. > > That's correct, but there are many machines behind ftp.us.debian.org. DNS queries return all the possible entries (even for round robin.) The resolver chooses one. > > > Which has the following v6 addresses: > > > > % dig ftp.us.debian.org aaaa +short > > 2610:148:1f10:3::89 > > 2620:0:861:1:208:80:154:15 > > > > So, where does the above ftp-chi.osuosl.org (2600:3402:200:227::2) > coming > > from? > > >From DNS round robin, see https://en.wikipedia.org/wiki/Round_robin_DNS. > > The entries in the RR were returned in the above dig command. Those are the only two AAAA records for ftp.us.debian.org. 2600:3402:200:227::2 was not part of the round robin entries. Here is 10,000 queries for the AAAA records of ftp.us.debian.org: % for f in `seq 1 10000`; do dig ftp.us.debian.org aaaa +short done | sort | uniq 2610:148:1f10:3::89 2620:0:861:1:208:80:154:15 I (always) get the same two addresses. Looking at the v4 systems for ftp.us.debian.org: % dig ftp.us.debian.org +short | sort 128.30.2.26 128.61.240.89 208.80.154.15 64.50.233.100 64.50.236.52 % for host in `dig ftp.us.debian.org a +short | sort`; do echo "$host => $(dig -x $host +short)" done 128.30.2.26 => mirror-0.csail.mit.edu. 128.61.240.89 => debian.gtisc.gatech.edu. 208.80.154.15 => sodium.wikimedia.org. 64.50.233.100 => ftp-nyc.osuosl.org. 64.50.236.52 => ftp-chi.osuosl.org. and the v6 systems for ftp.us.debian.org: % for host in `dig ftp.us.debian.org aaaa +short | sort`; do echo "$host => $(dig -x $host +short)" done 2610:148:1f10:3::89 => debian.gtisc.gatech.edu. 2620:0:861:1:208:80:154:15 => sodium.wikimedia.org. Curiously, when running various apt commands my system does seem to want to connect to: % dig aaaa ftp-nyc.osuosl.org. +short 2600:3404:200:237::2 % dig aaaa ftp-chi.osuosl.org. +short 2600:3402:200:227::2 Even though those systems are not listed in the round robin set for the AAAA records of ftp.us.debian.org. I'm puzzled. -m
