massive-dynamics-staff team mailing list archive
-
massive-dynamics-staff team
-
Mailing list archive
-
Message #00080
[Bug 241305] Re: security.ubuntu.com not accessible in IPv6 (AAAA record missing in the DNS)
This problem appears again for me:
$ host security.ubuntu.com
security.ubuntu.com has address 91.189.91.14
security.ubuntu.com has address 91.189.91.24
security.ubuntu.com has address 91.189.92.201
security.ubuntu.com has address 91.189.91.23
security.ubuntu.com has address 91.189.91.13
security.ubuntu.com has address 91.189.92.200
security.ubuntu.com has address 91.189.91.15
security.ubuntu.com has address 91.189.88.153
security.ubuntu.com has address 91.189.88.152
security.ubuntu.com has IPv6 address 2001:67c:1560:8001::13
security.ubuntu.com has IPv6 address 2001:67c:1562::16
security.ubuntu.com has IPv6 address 2001:67c:1562::15
security.ubuntu.com has IPv6 address 2001:67c:1360:8c01::18
security.ubuntu.com has IPv6 address 2001:67c:1562::17
security.ubuntu.com has IPv6 address 2001:67c:1560:8001::11
security.ubuntu.com has IPv6 address 2001:67c:1562::14
security.ubuntu.com has IPv6 address 2001:67c:1360:8c01::19
The first IPv6 server in the list (2001:67c:1560:8001::13) does not respond at all:
$ curl -v [2001:67c:1560:8001::13]
* Rebuilt URL to: [2001:67c:1560:8001::13]/
* Trying 2001:67c:1560:8001::13...
* connect to 2001:67c:1560:8001::13 port 80 failed: No route to host
* Failed to connect to 2001:67c:1560:8001::13 port 80: No route to host
* Closing connection 0
curl: (7) Failed to connect to 2001:67c:1560:8001::13 port 80: No route to host
I tried that from two different IPv6 networks, same result.
The other IPv6 hosts return different results for /, I'm not sure if this is intended but it doesn't look good:
2001:67c:1562::16 -> Apache2 Ubuntu Default Page
2001:67c:1562::15 -> Index of /
2001:67c:1360:8c01::18 -> Index of /
2001:67c:1562::17 -> Apache2 Ubuntu Default Page
2001:67c:1560:8001::11 -> Apache2 Ubuntu Default Page
2001:67c:1562::14 -> It works!
2001:67c:1360:8c01::19 -> Index of /
All in all this issue is very annoying since IPv6 is in wide spread use
now and it keeps people from installing security updates.
--
You received this bug notification because you are a member of IPv6 Task
Force, which is subscribed to a duplicate bug report (493754).
https://bugs.launchpad.net/bugs/241305
Title:
security.ubuntu.com not accessible in IPv6 (AAAA record missing in the
DNS)
Status in Ubuntu Website:
Fix Released
Status in update-manager package in Ubuntu:
Invalid
Bug description:
Dear,
The apt source list for security update is by default configured to
security.ubuntu.com.
When you have a system using only IPv6 (and having not access to IPv4 via NAT-PT),
security.ubuntu.com is only reachable in IPv4.
It would be wise to configure an AAAA record to security.ubuntu.com to at least
point to one of the many mirrors supporting IPv6 connectivity.
That would avoid system running natively in IPv6 to lack by default the security
update.
Thanks a lot,
Kind regards
PS : I checked this as being a security vulnerability but this is more a configuration issue
on the Ubuntu network infrastructure than a real security vulnerability:
A DNS AAAA request :
dig -t AAAA security.ubuntu.com
; <<>> DiG 9.4.1-P1 <<>> -t AAAA security.ubuntu.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26872
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;security.ubuntu.com. IN AAAA
;; AUTHORITY SECTION:
ubuntu.com. 3600 IN SOA ns1.canonical.com. hostmaster.canonical.com. 2008061805 10800 3600 604800 3600
;; Query time: 134 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jun 19 15:17:39 2008
;; MSG SIZE rcvd: 98
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-website/+bug/241305/+subscriptions
