[Bug 241305] Re: security.ubuntu.com not accessible in IPv6 (AAAA record missing in the DNS)
Henk Jan Agteresch
henkjan at agteresch.nl
Thu Jan 26 07:47:26 UTC 2012
At uds-p there was a IPv6 healthcheck session,
"Status of IPv6 support for Ubuntu core services like archive.ubuntu.com, archive.canonical.com, ntp.ubuntu.com, geoip.ubuntu.com, ... so we can have a perfectly working install in an IPv6 only environment"
http://summit.ubuntu.com/uds-p/meeting/19580/foundations-p-ipv6/
According to the blueprint on
https://blueprints.launchpad.net/ubuntu/+spec/foundations-p-ipv6 there
is some WIP on ipv6.archive.ubuntu.com to make archives available over
ipv6. Unfortunately security.ubuntu.com isnt mentioned.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-manager in Ubuntu.
https://bugs.launchpad.net/bugs/241305
Title:
security.ubuntu.com not accessible in IPv6 (AAAA record missing in the
DNS)
Status in “update-manager” package in Ubuntu:
Invalid
Bug description:
Dear,
The apt source list for security update is by default configured to
security.ubuntu.com.
When you have a system using only IPv6 (and having not access to IPv4 via NAT-PT),
security.ubuntu.com is only reachable in IPv4.
It would be wise to configure an AAAA record to security.ubuntu.com to at least
point to one of the many mirrors supporting IPv6 connectivity.
That would avoid system running natively in IPv6 to lack by default the security
update.
Thanks a lot,
Kind regards
PS : I checked this as being a security vulnerability but this is more a configuration issue
on the Ubuntu network infrastructure than a real security vulnerability:
A DNS AAAA request :
dig -t AAAA security.ubuntu.com
; <<>> DiG 9.4.1-P1 <<>> -t AAAA security.ubuntu.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26872
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;security.ubuntu.com. IN AAAA
;; AUTHORITY SECTION:
ubuntu.com. 3600 IN SOA ns1.canonical.com. hostmaster.canonical.com. 2008061805 10800 3600 604800 3600
;; Query time: 134 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jun 19 15:17:39 2008
;; MSG SIZE rcvd: 98
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/241305/+subscriptions
More information about the foundations-bugs
mailing list