Bug#961296: mirrors: apt not working on an IPv6 only host with a ipv6 only (local) resolver
Hi, Am 24.05.2020 um 23:50 schrieb Marco d'Itri: > On May 24, Max Grobecker wrote: > >> This is a growing problem and > [citation needed] There is no chance to get a reasonable amount IPv4 addresses anymore, if you are new on the market. [1] In Germany, for example, this is not only true for new providers. Even some long-established providers are using CGNAT on their residential connections to safe IPv4 addresses which then can be "sold" to business customers that demand public IPv4 space. So, many providers are tending to use CGNAT. On those connections, you have no IPv4 address - there is only IPv6 available and some sort of IPv6-to-IPv4 tunneling or translation mechanism. These are not very reliable, unfortunately. A burst of DNS queries of a DNS resolver, which is behind this NAT, can then lead to the problem, that not all your UDP queries are working properly. Queries made over IPv6 are working well usually, because these packets are simply routed and don't need to pass some sort of fancy NAT or XLAT or AFTR [2] mechanisms. Running your own DNS resolver (for whatever reason) behind a CGNAT tends to be unrealiable, depending on how much load and packet rate the provider's NAT/XLAT/AFTR router has to handle. [1] https://www.ripe.net/manage-ips-and-asns/ipv4/ipv4-run-out?pk_vid=b4e6c3add231af651590838678f7957f [2] Address Family Translation Router >> if Fastly is not able to fix it, you >> maybe should stop making "deb.debian.org" the default mirror. > Or maybe you should use a different mirror, if the current default does > not work for you. This is one of the reasons why we have many. OK, I was a bit harsh in the first place. But Debian as a customer should simply bring this topic to Fastly. Yes, we or Debian can't fix the whole internet. But why don't we try? Fastly prove they are able to do IPv6 (since they are delivering the mirror traffic over IPv6) and I guess, they have sort of interest in delivering stable and _fast_ service. Not or not reliably resolving Fastly domains is the opposite of stable and fast ;-)
Bug#961296: mirrors: apt not working on an IPv6 only host with a ipv6 only (local) resolver
On May 24, Max Grobecker wrote: > This is a growing problem and [citation needed] > if Fastly is not able to fix it, you > maybe should stop making "deb.debian.org" the default mirror. Or maybe you should use a different mirror, if the current default does not work for you. This is one of the reasons why we have many. -- ciao, Marco signature.asc Description: PGP signature
Bug#961296: mirrors: apt not working on an IPv6 only host with a ipv6 only (local) resolver
On Fri, 22 May 2020 22:28:29 +0200 Marco d'Itri wrote: > On May 22, Jens Link wrote: > Way too much is broken if you use a resolver with no IPv4 connectivity. > We cannot fix the Internet right now, sorry. But at least, Debian as a customer, could open a ticket at Fastly asking them to support IPv6 on their DNS servers in 2020. That's no black magic, nor is it in any way untested to use IPv6 on at least one DNS server. I understand that Fastly does sponsor this service. But this does not mean you need to accept a service, which is unusable in the case you don't have IPv4. This is a growing problem and if Fastly is not able to fix it, you maybe should stop making "deb.debian.org" the default mirror.
Bug#961296: mirrors: apt not working on an IPv6 only host with a ipv6 only (local) resolver
Package: mirrors Severity: important Tags: ipv6 -- System Information: Debian Release: 10.4 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) When trying to setup a IPv6 only Debian stable) VM with a localy installed resolver apt (update / install /...) fails. deb.debian.org is a CNAME for debian.map.fastly.net. There are no records for fastly.net so any DNS querys from an IPv6 only resolver will not work.
