Bug#678232: Support IPv6 dual-stack access for Debian's websites
On 06/20/2012 10:30 PM, Peter Palfrader wrote:
> On Wed, 20 Jun 2012, Guo Yixuan wrote:
>
>> 1. Some Debian machine have IPv6 address, but their public aliases
>> don't. For example, lists.debian.org seems to be an alias of
>> bendel.debian.org, but:
>
> lists's AAAA record probably just got lost when moving to a new machine
> a while back. Fixed.
Thanks.
>> 2. Important sites should have IPv6, such as
>> www.debian.org.(www.debian.org had an IPv6 address about one year ago,
>> why it's removed?)
>
> www.debian.org is different depending on where in the world you are.
>
> For clients in North America it used to be two webservers, one at
> UBC-ECE in Vancouver, and one at MIT in Cambridge, MA. Only UBC-ECE has
> IPv6 but the webserver there died.
>
> When we set up a new one clients in North America should get AAAA
> records for www.debian.org again - all other regions already have that.
After some digging, I get this:
$ dig @geo1.debian.org www.debian.org A
; <<>> DiG 9.8.1-P1 <<>> @geo1.debian.org www.debian.org A
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8588
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 3, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.debian.org. IN A
;; ANSWER SECTION:
www.debian.org. 300 IN A 86.59.118.148
www.debian.org. 300 IN A 128.31.0.51
www.debian.org. 300 IN A 200.17.202.197
www.debian.org. 300 IN A 82.195.75.97
;; AUTHORITY SECTION:
www.debian.org. 28800 IN NS geo2.debian.org.
www.debian.org. 28800 IN NS geo3.debian.org.
www.debian.org. 28800 IN NS geo1.debian.org.
;; Query time: 355 msec
;; SERVER:
2001:41b8:202:deb:216:36ff:fe40:3905#53(2001:41b8:202:deb:216:36ff:fe40:3905)
;; WHEN: Thu Jun 21 21:03:04 2012
;; MSG SIZE rcvd: 153
$ dig @geo1.debian.org www.debian.org AAAA
; <<>> DiG 9.8.1-P1 <<>> @geo1.debian.org www.debian.org AAAA
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58299
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.debian.org. IN AAAA
;; ANSWER SECTION:
www.debian.org. 300 IN AAAA 2001:41b8:202:deb:1a1a:0:52c3:4b61
www.debian.org. 300 IN AAAA 2001:858:2:2:214:22ff:fe0d:7717
;; AUTHORITY SECTION:
www.debian.org. 28800 IN NS geo3.debian.org.
www.debian.org. 28800 IN NS geo1.debian.org.
www.debian.org. 28800 IN NS geo2.debian.org.
;; Query time: 359 msec
;; SERVER:
2001:41b8:202:deb:216:36ff:fe40:3905#53(2001:41b8:202:deb:216:36ff:fe40:3905)
;; WHEN: Thu Jun 21 21:03:20 2012
;; MSG SIZE rcvd: 145
So there are both A and AAAA records on the authoritative server:
geo1.debian.org (geo2 and geo3 have the same records).
However some DNS servers seem to have bug, maybe they fail to handle
complex records?
$ dig @8.8.8.8 www.debian.org A
; <<>> DiG 9.8.1-P1 <<>> @8.8.8.8 www.debian.org A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42476
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.debian.org. IN A
;; ANSWER SECTION:
www.debian.org. 300 IN A 128.31.0.51
;; Query time: 258 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Jun 21 21:06:48 2012
;; MSG SIZE rcvd: 48
$ dig @8.8.8.8 www.debian.org AAAA
; <<>> DiG 9.8.1-P1 <<>> @8.8.8.8 www.debian.org AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35861
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.debian.org. IN AAAA
;; Query time: 198 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Jun 21 21:06:30 2012
;; MSG SIZE rcvd: 32
So the culprit for missing www.debian.org's AAAA is specific DNS servers
(quite strange ...).
I gathered some info about commonly used servers' ipv6 availability, (by
a script calling ping/ping6).
ping/ping6 summary:
v4 v6 hostname
Yes No alioth.debian.org
Yes Yes bugs.debian.org
Yes Yes buildd.debian.org
Yes Yes dsa.debian.org
Yes No git.debian.org
Yes No incoming.debian.org
Yes Yes lintian.debian.org
Yes Yes lists.debian.org
Yes Yes packages.debian.org
Yes Yes patch-tracker.debian.org
Yes No planet.debian.org
Yes Yes popcon.debian.org
Yes Yes qa.debian.org
Yes No search.debian.org
Yes No wiki.debian.org
Yes Yes www.debian.org
So current situation is pretty good, with only a few servers don't have
v6. Among them I especially hope alioth and git (wagner and vasks) to
have v6, is this easy to do?
(My university's network has expensive/slow v4 vs cheap/fast v6, which
is a good environment to encourage v6 migration. :)
Cheers,
Guo Yixuan
Reply to: