[Bug 291453] web.geo.freebsd.org seems to be returning bad ipv6 addresses for AU source addresses

Sun, 07 Dec 2025 03:11:12 -0800 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=291453

            Bug ID: 291453
           Summary: web.geo.freebsd.org seems to be returning bad ipv6
                    addresses for AU source addresses
           Product: Documentation
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Website
          Assignee: [email protected]
          Reporter: [email protected]

This is kindof an obscure problem.

When I browse to www or docs with ipv6, the DNS lookups for geo.freebsd.org are
returning ipv6 addresses that ultimately end up at
https://monitor.pao.freebsd.org/ which in turn presents a "Sign in to
monitor.pao.freebsd.org:443" form instead of the regular freebsd.org web site.

If I force ipv4 then geo. returns all valid ipv4 addresses.

This is what I see when I "dig @gns1.freebsd.org web.geo.freebsd.org aaaa":

web.geo.freebsd.org. 150 IN AAAA 2620:11c:5001:1099:1337::20
web.geo.freebsd.org. 150 IN AAAA 2001:5a8:601:4b::50:3
web.geo.freebsd.org. 150 IN AAAA 2001:4f8:ffff:6::50:1

I'm suspicious of the 2001:4f8:ffff:6::50:1 entry as "curl -6 -v" shows it as
monitor.pao.freebsd.org which gives the login page:

* Host www.freebsd.org:443 was resolved.
* IPv6: 2001:4f8:ffff:6::50:1, 2001:5a8:601:4b::50:3,
2620:11c:5001:1099:1337::20
* IPv4: (none)
* Trying [2001:4f8:ffff:6::50:1]:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /opt/local/share/curl/curl-ca-bundle.crt
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 / x25519 /
RSASSA-PSS
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=monitor.pao.freebsd.org
* start date: Nov 11 20:17:36 2025 GMT
* expire date: Feb 9 20:17:35 2026 GMT
* subjectAltName does not match hostname www.freebsd.org

This has been happening at least for the last couple of days and I presume it's
somewhat local to geo location for my AU-base DNS queries as otherwise I'm sure
if it was happening globally, it would have been noticed by now.

I'm not at all familiar with the freebsd.org infrastructure, but I'm assuming
gns1.freebsd.org are GSLBs which are returning inappropriate ipv6 addresses
when I query from my location.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to