Bug#1017899: apt - Considers hard DNS errors as transient, prolongs fallback
Package: apt
Version: 2.5.2
Severity: important
Moin
apt considers all hard DNS errors (NXDOMAIN), aka
EAI_NONAME from getaddrinfo, as transient and retries.
Example response from the http method:
| 400 URI Failure
| Transient-Failure: true
| FailReason: ResolveFailure
| Message: Could not resolve 'test.example.com'
| URI: https://test.example.com/debian/dists/experimental/InRelease
Responsible code seems to be methods/connect.cc:ConnectToHostname.
So if you use apt-transport-mirror, specifying a non-resolving name just
forces a retry, four time, before it can go to the backup mirror. This
means an additional five seconds is added to every download.
It get's a bit complicated, as a SERVFAIL response from DNS seems to
provoke an EAI_NONAME error as well, as can be easily checked with
dnssec-failed.org. But as SERVFAIL only gets out if the DNS resolver
already hit an unrecoverable error during it's one retries or something
like broken signatures, retrying is also not really useful.
Back story:
For the cloud images we think about specifying something like this via
apt-transport-mirror if the user does not define anything different:
| https://vendor.deb.debian.cloud priority:1
| https://deb.debian.org
This will force a fallback to deb.debian.org if the other one does not
work. This is meant to be used only if hell breaks loose, so is a last
resort fallback. However just killing the DNS records for the first
listed one does produce a lot of retries because of the described
behaviour.
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.19.0-trunk-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages apt depends on:
ii adduser 3.123
ii debian-archive-keyring 2021.1.1
ii gpgv 2.2.35-3
ii libapt-pkg6.0 2.5.2
ii libc6 2.34-3
ii libgcc-s1 12.1.0-8
ii libgnutls30 3.7.7-2
ii libseccomp2 2.5.4-1+b1
ii libstdc++6 12.1.0-8
ii libsystemd0 251.3-1
Versions of packages apt recommends:
ii ca-certificates 20211016
Versions of packages apt suggests:
pn apt-doc <none>
pn aptitude | synaptic | wajig <none>
ii dpkg-dev 1.21.9
ii gnupg 2.2.35-3
pn powermgmt-base <none>
-- no debconf information
Reply to: