Re: IPv6 in Debian
* before A DNS lookup (it might be that the implementation of RFC3484 as described in the libc6 change 2006-05-18 David Woodhouse as found in /usr/share/doc/libc6/changelog.gz might have solved this particular problem) Partly. It fixed the issue of clients trying to connect to IPv6 addresses first on hosts with no IPv4. It didn't fix the issue of waiting for records -- the IPv6 addresses are still returned to the client, albeit at the end of the list. Then there's software that binds to the first port it gets and is difficult to teach not to do so. [2] Sorry, but I'm afraid I don't understand what you mean. The reference you give is speaking about a different issue. I would guess that less than one in a thousand users have direct access to an IPv6 network. Getting connectivity to IPv6 is still non-trivial (based on my own personal experience). $ sudo apt-get install miredo $ sleep 10 $ ping6 -c5 www.kame.net Juliusz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
On Wed, 01 Aug 2007, Wouter Verhelst wrote: Sure. While we're at it, can we also have a question enable UTF-8? Oh, We already do. We ask which locale to select, and anything that tries for UTF-8 in a non-UTF-8 locale better know what it is doing (it is often correct do to it, but you need to know HOW to do it). And there are a LOT of bugs in that UTF-8 support thing. Really. Probably worse than IPv6 in an IPv4 system behaviour... and perhaps enable laptop support might be nice as well, as could be enable udev -- my personal pet peeve. Enable laptop support is done, we have a laptop-detect script to know what to do at runtime. As for udev, if we had the vast majority of our users *not* needing udev, then yes, it would make sense to ask about it in the installer. Sorry for the sarcasm, but while this type of thing might work, it just doesn't scale; and if we go ahead adding such a question to the There is not much that is as fundamental as IPv4/IPv6 support nowadays, as far as the system itself goes, and the breakage it can cause due to external issues (not just bugs in applications). Besides, just disabling ipv6 is a very blunt way to fix stuff. If It is a work-around. But it is *also* an optimization. And an optimization *makes sense* when you know a damn huge majority of your users has no use for IPv6 at all at this moment, and won't have any for the next two or three years. loading the ipv6 module causes problems in some cases, then these are bugs; we should aim to fix those bugs, and that aim should be part of the release goals, rather than having the idea that just dropping ipv6 entirely if there *might* be problems is a great way to work around issuees. Who said anything about dropping IPv6, or about not considering any failure to properly handle IPv6 as the release-critical bug it is? I want easy selection of a system optimized for IPv4, or optimized for IPv6. That's about it. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
On Wed, Aug 01, 2007 at 10:41:58AM -0300, Henrique de Moraes Holschuh wrote: Can we have a enable IPV6 yes/no question in the installer? That fixes all problems in one go. Then tweak the system's defaults for the answer. Sure. While we're at it, can we also have a question enable UTF-8? Oh, and perhaps enable laptop support might be nice as well, as could be enable udev -- my personal pet peeve. Sorry for the sarcasm, but while this type of thing might work, it just doesn't scale; and if we go ahead adding such a question to the installer, I'll bet Lars' tattoo on the fact that other people will come ahead and ask for their pet peeve to be configurable at install time. Besides, just disabling ipv6 is a very blunt way to fix stuff. If loading the ipv6 module causes problems in some cases, then these are bugs; we should aim to fix those bugs, and that aim should be part of the release goals, rather than having the idea that just dropping ipv6 entirely if there *might* be problems is a great way to work around issuees. -- Lo-lan-do Home is where you have to wash the dishes. -- #debian-devel, Freenode, 2004-09-22 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
On Mon, Jul 30, 2007 at 07:52:47PM +0200, Tomas Pospisek wrote: Hallo Release Team, I've read in the release goals: RELEASE GOALS = * full IPv6 support Advocate: Martin Zobel-Helas and wrote to Martin Zobel-Helas who redirected me here. My experience with IPv6 in Debian is foremost that it's a pita. Debian enables IPv6 by default. * before A DNS lookup Long time ago I was seeing the behaveour described in [0][1] with Debian. Since then I tweaked my own box a lot to get IPv6 out of my way and can not reproduce it any more. Is before A DNS lookup still a problem on Debian or has it been fixed? Sorry, but there shouldn't be a problem. before A is the recommended way of resolving a domain name. Not doing so would make us not RFC-compliant, which is not the way to go IMO. If you're having problems contacting a host because your machine tries to connect to a v6 host which is unavailable, then that means there is a configuration problem either locally (because you've configured your host to think it has a route to the global v6 net when in reality it doesn't) or remotely on the server (when it publishes an record for a v6 IP which is unavailable). Alternatively, there's a bug in the particular piece of software you're using; in that case, please report it. In all other cases, your machine should do the resolving, try to connect, _immediately_ get a no route to host, and fall back to v4. I don't see the problem? [...] * Software that binds to the first socket found Then there's software that binds to the first port it gets and is difficult to teach not to do so. [2] That's a bug in that software. All software should be able to be told to bind to a specific address. [...] * Limited usefulnes of IPv6 I would guess that less than one in a thousand users have direct access to an IPv6 network. Getting connectivity to IPv6 is still non-trivial (based on my own personal experience). Actually, in Japan and Korea there are users that don't have v4 access anymore. It is indeed quite academic in Europe at this point, but that doesn't make it universally useless. -- Lo-lan-do Home is where you have to wash the dishes. -- #debian-devel, Freenode, 2004-09-22 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
On Tue, Jul 31, 2007 at 11:13:42AM +0200, Wouter Verhelst wrote: In all other cases, your machine should do the resolving, try to connect, _immediately_ get a no route to host, and fall back to v4. I don't see the problem? Issues imposed by high latency, high packet loss or slow DNS servers are likely to be doubled by the double DNS query. Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 3221 2323190 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
On Mon, Jul 30, 2007 at 07:52:47PM +0200, Tomas Pospisek wrote: * Software that binds to the first socket found Then there's software that binds to the first port it gets and is difficult to teach not to do so. [2] There is nothing like a first socket. Software either binds to any address or to a specific address. Some software may lookup the first ip, this is rather broken. * The cost of disabling IPv6 Once the kernel has loaded the ipv6 module, one can not get it rmmod'ed (or not easily - I have not figured out how to do this remotely on a hosted server). Which means: It is not possible. * Limited usefulnes of IPv6 I would guess that less than one in a thousand users have direct access to an IPv6 network. Getting connectivity to IPv6 is still non-trivial (based on my own personal experience). Less than one in thousand servers uses Fiberchannel, should we drop support for them? * ask the user at install time whether he wants IPv6 on * disable IPv6 by default and make it easy to re-enable * make IPv6 *easy* to disable Some arches already have ipv6 compiled in. Bastian -- One does not thank logic. -- Sarek, Journey to Babel, stardate 3842.4 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
On Mon, Jul 30, 2007 at 11:26:20AM -0700, Mike Bird wrote: I would add only one point to Tomas Pospisek's excellent analysis. Without diligent precautions, IPv6 is horribly insecure. You thought your firewall protected you, but now apt-get dist-upgrade will open your protected apps to the outside world. No. You need to configure ipv6 connectivity also. And a packetfilter which works as drop something, accept the rest are known as problematic anyway. Bastian -- Earth -- mother of the most beautiful women in the universe. -- Apollo, Who Mourns for Adonais? stardate 3468.1 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
On Tue, Jul 31, 2007 at 11:13:42AM +0200, Wouter Verhelst wrote: before A is the recommended way of resolving a domain name. Not doing so would make us not RFC-compliant, which is not the way to go IMO. Could this ipv6 primer be taken to a more appropriate list, please? -devel, perhaps? -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
On Mon, Jul 30, 2007 at 07:52:47PM +0200, Tomas Pospisek wrote: * ask the user at install time whether he wants IPv6 on Without arguing for or against ipv6, asking user at install time is the worst solution. 1) it adds a extra step in installer for everyone 2) most endusers won't understand the question anyway and will just select OK In other words, it's a usability disaster. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
* Mike Hommey ([EMAIL PROTECTED]) [070730 22:55]: IPv6 enabled by default in a IPv4-only environment is a PitA. And this is probably impossible to fix. We could (by default / sensible probing / ...) blacklist the ipv6-module. I'm though not sure if this is the right thing to do. Cheers, Andi -- http://home.arcor.de/andreas-barth/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
Andreas Barth [EMAIL PROTECTED] wrote: Hi, The release goal includes BTW all that strange things. Up to now, IPv6 crept somehow into Debian, without anyone coordinating. As these days, Well, there has been a somewhat coordinated effort a couple of years ago, with a webapp tracking the state of every Debian package wrt IPv6 support. I don't know if that page still exists, but if it does, everybody should start looking at it again. That was something like 4 or 5 years ago, that's what made me write the IPv6 support for SANE. JB. -- Julien BLACHE - Debian GNU/Linux Developer - [EMAIL PROTECTED] Public key available on http://www.jblache.org - KeyID: F5D6 5169 GPG Fingerprint : 935A 79F1 C8B3 3521 FD62 7CC7 CD61 4FD7 F5D6 5169 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
Hallo Release Team, I've read in the release goals: RELEASE GOALS = * full IPv6 support Advocate: Martin Zobel-Helas and wrote to Martin Zobel-Helas who redirected me here. My experience with IPv6 in Debian is foremost that it's a pita. Debian enables IPv6 by default. * before A DNS lookup Long time ago I was seeing the behaveour described in [0][1] with Debian. Since then I tweaked my own box a lot to get IPv6 out of my way and can not reproduce it any more. Is before A DNS lookup still a problem on Debian or has it been fixed? It causes a plethora of problems among which are long delays on connections, failing DNS lookups or plain no internet etc. In case Debian still does before A lookups then that's a very high barrier to entry for Debian newbie users, which will probably and rightly plain drop Debian when encountering the problem. (it might be that the implementation of RFC3484 as described in the libc6 change 2006-05-18 David Woodhouse as found in /usr/share/doc/libc6/changelog.gz might have solved this particular problem) * Software that binds to the first socket found Then there's software that binds to the first port it gets and is difficult to teach not to do so. [2] * The cost of disabling IPv6 Once the kernel has loaded the ipv6 module, one can not get it rmmod'ed (or not easily - I have not figured out how to do this remotely on a hosted server). Which means: a) fiddling with the /etc/mod* mess (I still don't really get it what is why loaded under which circumstances and when in which order) to disable IPv6 (nota bene by setting alias net-pf-10 off which in itself contains no semantic value for the unintiated) b) rebooting c) unless it works loop back to a) * Limited usefulnes of IPv6 I would guess that less than one in a thousand users have direct access to an IPv6 network. Getting connectivity to IPv6 is still non-trivial (based on my own personal experience). If a solution makes the life of a a promille of the userbase better at the expense of a sizeable part of the rest of the userbase (again see [0] for the technical environments of such problem groups), then the question of the apropriatenes of the solution should be taken into consideration. So before pushing IPv6 even further into Debian I ask you to consider whether the foundation that is laid today is sane enough or whether it should be improved with priority. I can think of these alternatives - there may well be other or better ones: * ask the user at install time whether he wants IPv6 on * disable IPv6 by default and make it easy to re-enable * make IPv6 *easy* to disable Please don't judge this memorandum based on the fact that the problem in my specific case might sit in front of the keyboard, and instead please take into account that a default instalation should *just* run in the most common cases without the need to tweak - that is without the need to switch off something as exotic as IPv6. Greets, (I'm not subscribed to debian-release@lists.debian.org, please Cc: me in case), *t [0] https://bugs.launchpad.net/ubuntu/+source/netcfg/+bug/24828 [1] http://lists.debian.org/debian-devel/2000/12/msg01922.html [2] http://www.google.com/search?q=dccproc+socket(UDP)%3A+Address+family+not+supported+by+protocol -- Tomas Pospisek http://sourcepole.com - Linux Open Source Solutions -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
I would add only one point to Tomas Pospisek's excellent analysis. Without diligent precautions, IPv6 is horribly insecure. You thought your firewall protected you, but now apt-get dist-upgrade will open your protected apps to the outside world. By all means make IPv6 easy to use if you wish, but never never never enable IPv6 by default. --Mike Bird [ [EMAIL PROTECTED] cc per request ] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
This one time, at band camp, Tomas Pospisek said: Hallo Release Team, I've read in the release goals: RELEASE GOALS = * full IPv6 support Advocate: Martin Zobel-Helas and wrote to Martin Zobel-Helas who redirected me here. My experience with IPv6 in Debian is foremost that it's a pita. Debian enables IPv6 by default. * before A DNS lookup This is pretty standard behavior, really. I haven't seen any real problems because of it, but I can imagine it being an issue. It is easily solved by blacklisting, however. * Software that binds to the first socket found Then there's software that binds to the first port it gets and is difficult to teach not to do so. [2] All the hits on that page are for dccproc. Are there others that are that broken? I don't see any bug reports from you about it, or actually any bug reports about this issue. Can you report it if it's a problem? * The cost of disabling IPv6 Once the kernel has loaded the ipv6 module, one can not get it rmmod'ed (or not easily - I have not figured out how to do this remotely on a hosted server). Which means: http://www.google.com/search?q=disabling+ipv6+linux The first hit gives you explicit instructions on how to do it. * Limited usefulnes of IPv6 It is getting more and more common, and most of the world doesn't live in an ipv4 saturated country like those in Anglo North America and Europe. This one time, at band camp, Mike Bird said: I would add only one point to Tomas Pospisek's excellent analysis. Without diligent precautions, IPv6 is horribly insecure. You thought your firewall protected you, but now apt-get dist-upgrade will open your protected apps to the outside world. Not particularly, unless you actually have an addressable machine. And if you have given a machine a public IP address, surely you've thought about this and taken security precautions? -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - signature.asc Description: Digital signature
Re: IPv6 in Debian
On Mon, Jul 30, 2007 at 07:52:47PM +0200, Tomas Pospisek wrote: Hallo Release Team, I've read in the release goals: RELEASE GOALS = * full IPv6 support Advocate: Martin Zobel-Helas and wrote to Martin Zobel-Helas who redirected me here. My experience with IPv6 in Debian is foremost that it's a pita. Debian enables IPv6 by default. * before A DNS lookup [...] * Software that binds to the first socket found [...] Both of those problems seem to be problems in specific pieces of software. I suggest you file bugs against those packages and tag them with the ipv6 tag. * The cost of disabling IPv6 I don't think that should be needed, and the software behaving wrong should get fixed instead. So before pushing IPv6 even further into Debian I ask you to consider whether the foundation that is laid today is sane enough or whether it should be improved with priority. I think the point of adding better ipv6 support is actually fixing those pieces of software that don't behave properly, in either an ipv4-only or ipv6-only world. They should be written that they should work with any protocol. Please don't judge this memorandum based on the fact that the problem in my specific case might sit in front of the keyboard, and instead please take into account that a default instalation should *just* run in the most common cases without the need to tweak - that is without the need to switch off something as exotic as IPv6. I've never actually had a problem on ipv4-only hosts. It would be nice if you could describe your problems in more detail. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
On Mon, Jul 30, 2007 at 09:23:29PM +0100, Stephen Gran [EMAIL PROTECTED] wrote: * The cost of disabling IPv6 Once the kernel has loaded the ipv6 module, one can not get it rmmod'ed (or not easily - I have not figured out how to do this remotely on a hosted server). Which means: http://www.google.com/search?q=disabling+ipv6+linux The first hit gives you explicit instructions on how to do it. No, it tells you how to disable *at next boot*. Tomas is right, there is no way to disable ipv6 once the module has been loaded. Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
On Mon, Jul 30, 2007 at 10:33:10PM +0200, Kurt Roeckx [EMAIL PROTECTED] wrote: I've never actually had a problem on ipv4-only hosts. It would be nice if you could describe your problems in more detail. The typical problem, which is what Tomas was pointing at with request being done before A requests, is that if the ipv6 module is loaded and you are in a ipv4-only environment, you still get a link local ipv6 address, and applications (glibc, actually) think (quite rightfully, from their PoV) that you are using ipv6. Then you end up doing requests, which adds delay to getting the ipv4 connection, and in the event they end up with some data (for the few sites that have entries), you even try to connect to an impossible to reach ipv6 address. IPv6 enabled by default in a IPv4-only environment is a PitA. And this is probably impossible to fix. Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
On Mon, Jul 30, 2007 at 10:53:06PM +0200, Mike Hommey wrote: On Mon, Jul 30, 2007 at 10:33:10PM +0200, Kurt Roeckx [EMAIL PROTECTED] wrote: I've never actually had a problem on ipv4-only hosts. It would be nice if you could describe your problems in more detail. The typical problem, which is what Tomas was pointing at with request being done before A requests, is that if the ipv6 module is loaded and you are in a ipv4-only environment, you still get a link local ipv6 address, and applications (glibc, actually) think (quite rightfully, from their PoV) that you are using ipv6. It seems that even having lo ::1 is enough for glibc to think that you ipv6 connectivity, which clearly looks wrong to me. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
On Mon, 30 Jul 2007, Kurt Roeckx wrote: On Mon, Jul 30, 2007 at 07:52:47PM +0200, Tomas Pospisek wrote: Hallo Release Team, I've read in the release goals: RELEASE GOALS = * full IPv6 support Advocate: Martin Zobel-Helas and wrote to Martin Zobel-Helas who redirected me here. My experience with IPv6 in Debian is foremost that it's a pita. Debian enables IPv6 by default. * before A DNS lookup [...] * Software that binds to the first socket found [...] Both of those problems seem to be problems in specific pieces of software. I suggest you file bugs against those packages and tag them with the ipv6 tag. * The cost of disabling IPv6 I don't think that should be needed, and the software behaving wrong should get fixed instead. So before pushing IPv6 even further into Debian I ask you to consider whether the foundation that is laid today is sane enough or whether it should be improved with priority. I think the point of adding better ipv6 support is actually fixing those pieces of software that don't behave properly, in either an ipv4-only or ipv6-only world. They should be written that they should work with any protocol. I was trying to say that I had been bitten by the libc's name resolver does by default an name lookup before it does an A lookup before and am asking whether that's still a problem as [1] suggest that it was for Ubuntu at least until Dec 06 and whether someone can confirm it. As told I can not reproduce it on my systems any more since I removed ipv6 as soon as it started causing me trouble and as such cannot file a bug report against libc. Regarding dccproc you might[2] be right, however my suggestion for consideration is not whether or not to enhance applications to be able to deal with the new ipv6 support in libc and the kernel, but whether it's worth breaking those apps by default. You can not build systems that can deal with all and any unforseen fundamental chang in their environments. And arguably ipv6 is such a change (since it breaks applications). So arguing that applications don't behave properly or behave wrong is IMHO not correct. They break with ipv6 but not without. ipv6 is a new fundamental property of the system to deal with that came after the apps. One could also ask the question the other way around: how come ipv6 is allowed to break apps and network configurations? Or one could ask why does Debian break perfectly well running systems by enabling a new feature? You're right that it'd be good if the apps would get improved so that they gracefully deal with ipv6 too. But the question for me is: how high is the price? Does it mean that the part of the users that plug in the Debian install CD and happen to sit behind a ISP's DNS server that doesn't care about ipv6 will have multi-second lookup delays? Does it mean that one has to tweak every second daemon? IPv6 is set as a release goal. Is having Debian CDs work out of the box for the average user plugging into an everyday ISP also a release goal? Is not having to tweak every second daemon to somehow work with ipv6 [2] also a release goal? (Note that since most admins don't have a use for ipv6 they'll rather switch off ipv6 which as I said is not easy either.) All I want to emphasize is: release team and ipv6 supporters be careful what you're pushing for. Please keep your goals in perspective. Please don't judge this memorandum based on the fact that the problem in my specific case might sit in front of the keyboard, and instead please take into account that a default instalation should *just* run in the most common cases without the need to tweak - that is without the need to switch off something as exotic as IPv6. I've never actually had a problem on ipv4-only hosts. It would be nice if you could describe your problems in more detail. The (concrete!) problems are described in the references I sent: [0] https://bugs.launchpad.net/ubuntu/+source/netcfg/+bug/24828 [1] http://lists.debian.org/debian-devel/2000/12/msg01922.html [2] http://www.google.com/search?q=dccproc+socket(UDP)%3A+Address+family+not+supported+by+protocol Also have a look at: http://bugs.debian.org/343140 And if you do also at RFC3484 wrt #343140. *t -- Tomas Pospisek http://sourcepole.com - Linux Open Source Solutions -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian Click to flag this post
On Mon, Jul 30, 2007 Kurt Roeckx wrote: On Mon, Jul 30, 2007 at 10:53:06PM +0200, Mike Hommey wrote: On Mon, Jul 30, 2007 at 10:33:10PM +0200, Kurt Roeckx [EMAIL PROTECTED] wrote: I've never actually had a problem on ipv4-only hosts. It would be nice if you could describe your problems in more detail. The typical problem, which is what Tomas was pointing at with request being done before A requests, is that if the ipv6 module is loaded and you are in a ipv4-only environment, you still get a link local ipv6 address, and applications (glibc, actually) think (quite rightfully, from their PoV) that you are using ipv6. It seems that even having lo ::1 is enough for glibc to think that you ipv6 connectivity, which clearly looks wrong to me. Note that Ubuntu *does* seem have a patch for this particular problem: https://bugs.launchpad.net/ubuntu/+source/netcfg/+bug/24828 *t -- Tomas Pospisek http://sourcepole.com - Linux Open Source Solutions -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
Hi, this thread is completely off topic on -release, please take it to [EMAIL PROTECTED] Thanks, Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
On Jul 30, 2007 Stephen Gran wrote: This one time, at band camp, Tomas Pospisek said: Hallo Release Team, I've read in the release goals: RELEASE GOALS = * full IPv6 support Advocate: Martin Zobel-Helas and wrote to Martin Zobel-Helas who redirected me here. My experience with IPv6 in Debian is foremost that it's a pita. Debian enables IPv6 by default. * before A DNS lookup This is pretty standard behavior, really. I haven't seen any real problems because of it, but I can imagine it being an issue. It is easily solved by blacklisting, however. * Software that binds to the first socket found Then there's software that binds to the first port it gets and is difficult to teach not to do so. [2] All the hits on that page are for dccproc. Are there others that are that broken? I don't see any bug reports from you about it, or actually any bug reports about this issue. Can you report it if it's a problem? It *can* be solved by tweaking the deamon's config in this particular case. * The cost of disabling IPv6 Once the kernel has loaded the ipv6 module, one can not get it rmmod'ed (or not easily - I have not figured out how to do this remotely on a hosted server). Which means: http://www.google.com/search?q=disabling+ipv6+linux The first hit gives you explicit instructions on how to do it. The first hit I get there is the Linux IPv6 Howto. I had a cursory look on it and grepped it and didn't find any reference on how to rmmod ipv6, which is crucial since I'm not that eager to reboot previously perfectly working servers. * Limited usefulnes of IPv6 It is getting more and more common, and most of the world doesn't live in an ipv4 saturated country like those in Anglo North America and Europe. Ack. To put that into perspective - how big is that community in comparison? *t -- Tomas Pospisek http://sourcepole.com - Linux Open Source Solutions -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
[I move this to the ipv6 list, I think this has little to do with the -release list] On Tue, Jul 31, 2007 at 12:29:37AM +0200, Tomas Pospisek wrote: I was trying to say that I had been bitten by the libc's name resolver does by default an name lookup before it does an A lookup before and am asking whether that's still a problem as [1] suggest that it was for Ubuntu at least until Dec 06 and whether someone can confirm it. As told I can not reproduce it on my systems any more since I removed ipv6 as soon as it started causing me trouble and as such cannot file a bug report against libc. It still queries both and A records as soon as 1 ipv6 is configured, which you'll always get for lo's ::1. It appears this is not a problem for me because the nameserver I use properly supports IPv6. You can not build systems that can deal with all and any unforseen fundamental chang in their environments. And arguably ipv6 is such a change (since it breaks applications). So arguing that applications don't behave properly or behave wrong is IMHO not correct. They break with ipv6 but not without. ipv6 is a new fundamental property of the system to deal with that came after the apps. As far as I know, all applications that break are those that are supposed to have ipv6 support, but the ipv6 support is broken. It seems that some get a delay they shouldn't because of external (to Debian) factors. This is most likely only a problem for people who only have ipv4 connectivity. And we should do something about that. I've never actually had a problem on ipv4-only hosts. It would be nice if you could describe your problems in more detail. The (concrete!) problems are described in the references I sent: [0] https://bugs.launchpad.net/ubuntu/+source/netcfg/+bug/24828 [1] http://lists.debian.org/debian-devel/2000/12/msg01922.html This seems to be about extra queries which seem to cause delays for people with broken nameservers. I think the rfc4472 referenced in the ubuntu bug report is something we should get glibc to implement. It basicly suggests not do do lookups in case you're not sure you have ipv6 connectivity. This would basicly disable ipv6 by default, and atleast was the behaviour I was expecting when you use AI_ADDRCONFIG. [2] http://www.google.com/search?q=dccproc+socket(UDP)%3A+Address+family+not+supported+by+protocol Which just seems like a broken application. Anyway, there are other type of applications that have a problem, and that are those that fail to work if you disable ipv6 by disabling the ipv6 module. Kurt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IPv6 in Debian
[EMAIL PROTECTED] wrote: The typical problem, which is what Tomas was pointing at with request being done before A requests, is that if the ipv6 module is loaded and you are in a ipv4-only environment, you still get a link local ipv6 address, and applications (glibc, actually) think (quite rightfully, from their PoV) that you are using ipv6. Then you end up doing requests, which adds delay to getting the ipv4 connection, and in the event they end up with some data (for Hardly measurable. And anyway, even if the Ubuntu patch does not change this then you can do it yourself with /etc/gai.conf. the few sites that have entries), you even try to connect to an impossible to reach ipv6 address. Yes, which immediately fails because you have no rule for it, so it does not matter. IPv6 enabled by default in a IPv4-only environment is a PitA. And this is probably impossible to fix. I call bullshit. I have had since many years IPv6-enabled systems which often have only IPv4 connectivity and they work fine without specific configurations. -- ciao, Marco -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]