The geo.freebsd.org domain has no ipv6 nameservers. This breaks pkg update for v6 -only hosts that use local_unbound without forwarders. Steps to reproduce impact: 1. Install an IPv6-only FreeBSD host with local_unbound and start with an empty /etc/resolv.conf (for instance if installed from local media) so that /var/unbound/forward.conf gets unpopulated. 2. Attempt "pkg" operations on the new system. 3. Fail. Even if there is (and there is!) v6 connectivity to the servers holding the pkg data, we can never reach them. DNS infrastructure analysis: $ dig org. NS +short | while read NS ; do dig $NS AAAA +short ; done 2001:500:48::1 2001:500:40::1 2001:500:f::1 2001:500:e::1 2001:500:b::1 2001:500:c::1 $ dig freebsd.org NS +short ns5.he.net. ns2.he.net. ns3.he.net. ns4.he.net. $ for ns in 2 3 4 5 ; do dig ns${ns}.he.net. AAAA +short ; done 2001:470:200::2 2001:470:300::2 2001:470:400::2 2001:470:500::2 $ dig geo.freebsd.org. NS +short gns1.freebsd.org. gns2.freebsd.org. $ for ns in 1 2 ; do dig gns${ns}.freebsd.org. AAAA +short ; done $ for ns in 1 2 ; do dig gns${ns}.freebsd.org. A +short ; done 96.47.72.24 213.138.116.75 $
Looks like gdnsd is not listening on IPv6. I'll try to figure out why. This is probably not intentional.
Trying to enable IPv6 support breaks with: # fatal: Failed to bind() UDP DNS socket to [::]:53 I'll need to look into this in more detail when I have a little more brainspace. Assign this bug to me. Keep clusteradm in Cc:.
Good that there is work going on! Please remember that there need to be AAAA glue records in freebsd.org as well as AAAA records in geo.freebsd.org. /Måns, former ccTLD DNS admin.
Thanks for the reminder. :) We actually have commented out glue records in the FreeBSD.org zone already. As soon as I can convince gdnsd to listen on IPv6, I'll uncomment those. I hope to get around to this somewhen this week ... but no promises.
(In reply to Philip Paeps from comment #4) I had a similar problem with a jail not wanting to bind to IPv6 address. If you have things like: ip6.addr = "2001:db8:2:10f::f/64" then you may want to do net.inet6.ip6.dad_count=0 on a host. I initially found this here: https://forums.freebsd.org/threads/iocage-ipv6-jail-network-services-cant-bind-to-address.52096/
I just took a look at gdnsd, since the problem seems to remain. There are fixes in gdnsd 3.5.1 for what looks to be exactly this issue. I can't tell which version is on gns[12].freebsd.org, but I can see that 3.5.1 is in ports. Maybe a update is what it takes.
Oh! That does look interesting. I'll see if I can upgrade the gns[12].freebsd.org machines and whether the IPv6 support works for us. Thanks for the pointer (and for keeping our feet close to the fire)!
I have installed gdnsd3 on gns1.freebsd.org and added its AAAA record to the DNS. I will monitor this for a couple of days. If nothing breaks, I'll do the same on gns2.freebsd.org.
*** Bug 247503 has been marked as a duplicate of this bug. ***
Since gns1.freebsd.org has been behaving well, I installed gdnsd3 on gns2.freebsd.org too and added its AAAA record to the freebsd.org zone. IPv6++. :-)
Yes, it works! Thanks.