[Bug 241305] Re: security.ubuntu.com not accessible in IPv6 (AAAA record missing in the DNS)

Fri Jan 23 09:06:42 UTC 2015

This again appears to be broken, for both security.ubuntu.com and
us.archive.ubuntu.com, at least.

Exactly as Jens had noted above - this is (also) an issue with AAAA
records being provided, but not accessible.  Though security.ubuntu.com
appears to be in ever-so-slightly better shape than security.ubuntu.com.

Some current DNS lookups as of this writing:

security.ubuntu.com     has AAAA address 2001:67c:1360:8c01::18
security.ubuntu.com     has AAAA address 2001:67c:1562::17
security.ubuntu.com     has AAAA address 2001:67c:1562::13
security.ubuntu.com     has AAAA address 2001:67c:1562::15
security.ubuntu.com     has AAAA address 2001:67c:1360:8c01::19
security.ubuntu.com     has AAAA address 2001:67c:1562::16
security.ubuntu.com     has AAAA address 2001:67c:1562::14

us.archive.ubuntu.com   has AAAA address 2001:67c:1562::14
us.archive.ubuntu.com   has AAAA address 2001:67c:1562::16
us.archive.ubuntu.com   has AAAA address 2001:67c:1562::13
us.archive.ubuntu.com   has AAAA address 2001:67c:1562::17
us.archive.ubuntu.com   has AAAA address 2001:67c:1562::15

None of the 2001:67c:1562:: addresses are responding by IPv6, either
over ping or HTTP.  The two 2001:67c:1360:8c01:: addresses for
security.ubuntu.com are properly responding, however.

Please investigate and resolve.  Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-manager in Ubuntu.
https://bugs.launchpad.net/bugs/241305

Title:
  security.ubuntu.com not accessible in IPv6 (AAAA record missing in the
  DNS)

Status in The ubuntu.com website project:
  Fix Released
Status in update-manager package in Ubuntu:
  Invalid

Bug description:
  Dear,

  The apt source list for security update is by default configured  to
  security.ubuntu.com.

  When you have a system using only IPv6 (and having not access to IPv4 via NAT-PT),
  security.ubuntu.com is only reachable in IPv4. 

  It would be wise to configure an AAAA record to security.ubuntu.com to at least
  point to one of the many mirrors supporting IPv6 connectivity.

  That would avoid system running natively in IPv6 to lack by default the security
  update.

  Thanks a lot,

  Kind regards

  PS : I checked this as being a security vulnerability but this is more a configuration issue
  on the Ubuntu network infrastructure than a real security vulnerability:

  A DNS AAAA request :

  dig -t AAAA security.ubuntu.com

  ; <<>> DiG 9.4.1-P1 <<>> -t AAAA security.ubuntu.com
  ;; global options:  printcmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26872
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

  ;; QUESTION SECTION:
  ;security.ubuntu.com.           IN      AAAA

  ;; AUTHORITY SECTION:
  ubuntu.com.             3600    IN      SOA     ns1.canonical.com. hostmaster.canonical.com. 2008061805 10800 3600 604800 3600

  ;; Query time: 134 msec
  ;; SERVER: 127.0.0.1#53(127.0.0.1)
  ;; WHEN: Thu Jun 19 15:17:39 2008
  ;; MSG SIZE  rcvd: 98

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-website/+bug/241305/+subscriptions