Bug#636292: MD5Sum mismatch is due to multiple DNS queries!
On Tue, Aug 02, 2011 at 09:10:40AM +0800, email@example.com wrote:
> I think I have a very good idea of what is causing all those MD5Sum
> mismatch errors during apt-get update.
> ( http://article.gmane.org/gmane.linux.debian.user.mirrors/1368 )
> You see during a single apt-get update, there will be TWO (2) queries
> made to the DNS server for each ONE (1) line in a sources.list file.
I'm not sure what you mean. I do see 2 queries, but's it's for
the A (ipv4) and AAAA (ipv6) record:
19:03:20.575070 IP localhost.35750 > localhost.domain: 41865+ A? ftp.be.debian.org. (35)
19:03:20.575688 IP localhost.domain > localhost.35750: 41865 1/4/7 A 18.104.22.168 (281)
19:03:20.575885 IP localhost.35750 > localhost.domain: 48866+ AAAA? ftp.be.debian.org. (35)
19:03:20.576190 IP localhost.domain > localhost.35750: 48866 1/4/7 AAAA 2a01:300:11:4:2e0:81ff:fe63:cdb2 (293)
There are no other queries, and this is perfectly normal. There
is nothing wrong with this.
Even with multiple lines in the sources.list file I only see those
(tested with apt 0.8.15.4, I doubt 0.8.15.5 behaves differently.)
As far as I know the issues with hash sum mismatches is either one
- They use an old version of the mirror script that didn't exclude
InRelease in the first stage. As a result the InRelease file
was already updated while the Packages/Sources file isn't for
a long time. This has been a problem since ftp-master started
generating those InRelease file, which was just after the
- There is always a delay between updating the Release file and
the Packages and Sources file, and the error should go away
after a short time.
- ftp-master generated broken files for some reason. It sometimes
happen but not that often.
So I suggest you make sure that all the mirrors that you see
an issue with have updated their mirror script, since I think
that's the biggest issue at the moment.
This was fixed with this commit in archvsync:
Author: Joerg Jaspert <firstname.lastname@example.org>
Date: Tue Feb 22 22:32:13 2011 +0100
update rsync_options1 to also exclude the newish InRelease files in the first run
Signed-off-by: Joerg Jaspert <email@example.com>
This is part of the 80387 version that you can find in
project/ftpsync/ on the Debian mirrors. 80387 was released
the next day.
If they are using this script to update the mirror, you should
be able to see the version in project/trace/
If there is no version in that file (only a date) they're probably
using an even older script that's also broken.
If they're not using that script or the latest version of it, you
will very likely see the hash sum issues during the mirror sync.
An other issue might be that you're behind some broken transparent
proxy and your connection gets directed to a different servers for
each file you get. As far as I know apt will only open 1
connection to the server and requests all files over that single
connection, so this really shouldn't happen.