Bug 254756 - geo.freebsd.org domain has no ipv6 nameservers
Summary: geo.freebsd.org domain has no ipv6 nameservers
Status: Open
Alias: None
Product: Services
Classification: Unclassified
Component: Core Infrastructure (show other bugs)
Version: unspecified
Hardware: Any Any
: --- Affects Some People
Assignee: Philip Paeps
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-04 07:29 UTC by Måns Nilsson
Modified: 2021-04-12 08:46 UTC (History)
4 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Måns Nilsson 2021-04-04 07:29:57 UTC
The geo.freebsd.org domain has no ipv6 nameservers. This breaks pkg update for v6 -only hosts that use local_unbound without forwarders.

Steps to reproduce impact: 

1. Install an IPv6-only FreeBSD host with local_unbound and start with an empty /etc/resolv.conf (for instance if installed from local media) so that /var/unbound/forward.conf gets unpopulated. 

2. Attempt "pkg" operations on the new system. 

3. Fail. 

Even if there is (and there is!) v6 connectivity to the servers holding the pkg data, we can never reach them. 

DNS infrastructure analysis: 

$ dig org. NS +short | while read NS ; do dig $NS AAAA +short ; done  
2001:500:48::1
2001:500:40::1
2001:500:f::1
2001:500:e::1
2001:500:b::1
2001:500:c::1
$ dig freebsd.org NS +short 
ns5.he.net.
ns2.he.net.
ns3.he.net.
ns4.he.net.
$ for ns in 2 3 4 5 ; do dig ns${ns}.he.net. AAAA +short ; done 
2001:470:200::2
2001:470:300::2
2001:470:400::2
2001:470:500::2
$ dig geo.freebsd.org. NS +short 
gns1.freebsd.org.
gns2.freebsd.org.
$ for ns in 1 2 ; do dig gns${ns}.freebsd.org. AAAA +short ; done 
$ for ns in 1 2 ; do dig gns${ns}.freebsd.org. A +short ; done 
96.47.72.24
213.138.116.75
$
Comment 1 Philip Paeps freebsd_committer 2021-04-04 07:44:33 UTC
Looks like gdnsd is not listening on IPv6.  I'll try to figure out why.  This is probably not intentional.
Comment 2 Philip Paeps freebsd_committer 2021-04-04 08:09:33 UTC
Trying to enable IPv6 support breaks with:

# fatal: Failed to bind() UDP DNS socket to [::]:53

I'll need to look into this in more detail when I have a little more brainspace.

Assign this bug to me.  Keep clusteradm in Cc:.
Comment 3 Måns Nilsson 2021-04-04 17:40:10 UTC
Good that there is work going on! 

Please remember that there need to be AAAA glue records in freebsd.org as well as AAAA records in geo.freebsd.org. 

/Måns, former ccTLD DNS admin.
Comment 4 Philip Paeps freebsd_committer 2021-04-05 02:34:16 UTC
Thanks for the reminder. :)

We actually have commented out glue records in the FreeBSD.org zone already.  As soon as I can convince gdnsd to listen on IPv6, I'll uncomment those.

I hope to get around to this somewhen this week ... but no promises.
Comment 5 Evgeniy Khramtsov 2021-04-12 08:46:36 UTC
(In reply to Philip Paeps from comment #4)

I had a similar problem with a jail not wanting to bind to IPv6 address.
If you have things like:

ip6.addr = "2001:db8:2:10f::f/64"

then you may want to do

net.inet6.ip6.dad_count=0

on a host.

I initially found this here: https://forums.freebsd.org/threads/iocage-ipv6-jail-network-services-cant-bind-to-address.52096/