[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IPv6 in Debian

On Tue, 2007-07-31 at 00:29 +0200, Tomas Pospisek wrote:
> I was trying to say that I had been bitten by the "libc's name resolver 
> does by default an AAAA name lookup before it does an A lookup" before and 
> am asking whether that's still a problem as [1] suggest that it was for 
> Ubuntu at least until Dec 06 and whether someone can confirm it. As told I 
> can not reproduce it on my systems any more since I removed ipv6 as soon 
> as it started causing me trouble and as such cannot file a bug report 
> against libc.

From reading this thread, and the Ubuntu bug:


in some detail it seems that the *primary* problem occurring where IPv6
is enabled is due to a combination of circumstances:

  1) glibc does queries for AAAA records where "IPv6 enabled"
     is only localhost or link local addresses.

  2) many cheap routers / DSL modems / ... are broken, and
     *ignore* AAAA queries entirely, rather than returning a
     negative response.

To have problems with having the IPv6 module loaded *both* these
circumstances need to be true.

The first problem would appear to be solvable with the patch that
Tolleff wrote for glibc, ensuring that the AAAA queries don't occur
unless you are actually using the IPv6.  It seems quite an elegant
approach, in fact, but perhaps I have misread it.  The patch is here:


no doubt this, or something like it, will make it's way into the
upstream code.

You can perhaps identify whether #2 is a problem for you personally
(without enabling IPv6), by doing AAAA queries against your router, your
ISP, and so on until you identify which one doesn't respond.  You can,
of course, still do AAAA queries over IPv4, so you should get a response

  dig @ AAAA andrew.mcmillan.net.nz

where you replace with the actual IP address of your router.

If you get a timeout response from your router, but not from your ISP,
then you should perhaps look for new firmware from the manufacturer.

In recent glibc installations the second problem *can* also be worked
around by editing /etc/gai.conf to give the highest priority to IPv4
responses.  This will mean that the call to the resolver will return
when it receives the IPv4 address, without waiting to see if a higher
priority address may yet be received.

> And arguably ipv6 is such a change (since it breaks applications). So 
> arguing that applications don't "behave properly" or "behave wrong" is 
> IMHO not correct. They break with ipv6 but not without. ipv6 is a new 
> fundamental property of the system to deal with that came after the apps.

I think that IPv6 is something which is older than most applications,
though support for it is taking considerable time to roll out.  As
others have pointed out there are many circumstances where IPv6 is
normal, and *disabling* it will also annoy people.

> Or one could ask why does Debian break perfectly well running systems by 
> enabling a new feature?

When I upgrade a system from Sarge to Etch I don't blindly expect
everything to work.  Minor upgrades, sure, but major ones?  It would be
nice, but I'll watch closely just to be sure.

> You're right that it'd be good if the apps would get improved so that they 
> gracefully deal with ipv6 too.
> But the question for me is: how high is the price? Does it mean that the 
> part of the users that plug in the Debian install CD and happen to sit 
> behind a ISP's DNS server that doesn't care about ipv6 will have 
> multi-second lookup delays? Does it mean that one has to tweak every 
> second daemon?

No it doesn't.  What it *does* mean is that sometimes the problems with
a particular approach don't become obvious until they hit a wider
audience.  Etch is released now, and we can't change the way it works
for *exactly* the reasons that you want us to: it would unexpectedly
break working systems.  And it would be even worse, because we *promise*
not to make such changes during a stable release series.

What we *can* do, is uncover the problems, file bugs, identify solutions
and apply them in order to make the next major release a better product.
I certainly don't want to have Lenny *not* support IPv6 by default.
That would be a step backwards.

On the other hand I certainly don't want Lenny's IPv6 support to
inconvenience people behind broken DNS resolver infrastructure, no
matter how tempting it might be to say "Someone Else's Problem".

It seems to me that the patch Tolleff has written should remove that
inconvenience, so the effects of problem #2 will become invisible
(except to the poor people in such situations who try and actually use
IPv6 :-)

So rather than berating the release team about the goals for something
that has already happened, why not file a bug and attach the solution?

> Also have a look at:
> http://bugs.debian.org/343140
> And if you do also at RFC3484 wrt #343140.

The particular problem described at the start of this bug is mitigated
by the /etc/gai.conf mechanism which is already in Debian since at least
April.  The bug report itself seems to have wandered off to never-never
land of discussing the exact meanings of various specifications.

					Andrew McMillan.

Andrew @ Catalyst .Net .NZ  Ltd,  PO Box 11-053, Manners St,  Wellington
WEB: http://catalyst.net.nz/            PHYS: Level 2, 150-154 Willis St
DDI: +64(4)803-2201      MOB: +64(272)DEBIAN      OFFICE: +64(4)499-2267
    Facts do not cease to exist because they are ignored.           
                          -- Aldous Huxley, "Proper Studies", 1927

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: