Pessimistic estimates say that the problem we suspect (a DNS proxy that
cannot handle AAAA queries) affects about 0.5% of the global userbase.
50% of those can easily be fixed with a firmware upgrade of their
router, which is usually a very good idea anyway.
I'm sure there are regions with higher rates if a large provider gave
out broken systems, but generally saying that all Ubuntu 9.10
installations are affected and everyone has to purchase new routers is
pure FUD.
For the record, this bug can easily be tested with the following tools
$ time dig -t a noc.sixxs.net +nofail | grep -e status -e A -e time
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26324
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0
;noc.sixxs.net. IN A
;; ANSWER SECTION:
noc.sixxs.net. 85356 IN A 213.197.29.32
;; AUTHORITY SECTION:
;; Query time: 1 msec
real 0m0.025s
user 0m0.016s
sys 0m0.004s
$ time dig -t aaaa noc.sixxs.net +nofail | grep -e status -e AAAA -e time
You are only affected _if_ the first query is fast, but the second query
is very slow and/or shows something else than NOERROR in the first line
(SERVFAIL or REFUSED for example). If the DNS query is fine you should
not be affected.
Pessimistic estimates say that the problem we suspect (a DNS proxy that
cannot handle AAAA queries) affects about 0.5% of the global userbase.
50% of those can easily be fixed with a firmware upgrade of their
router, which is usually a very good idea anyway.
I'm sure there are regions with higher rates if a large provider gave
out broken systems, but generally saying that all Ubuntu 9.10
installations are affected and everyone has to purchase new routers is
pure FUD.
For the record, this bug can easily be tested with the following tools
$ time dig -t a noc.sixxs.net +nofail | grep -e status -e A -e time
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26324
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0
;noc.sixxs.net. IN A
;; ANSWER SECTION:
noc.sixxs.net. 85356 IN A 213.197.29.32
;; AUTHORITY SECTION:
;; Query time: 1 msec
real 0m0.025s
user 0m0.016s
sys 0m0.004s
$ time dig -t aaaa noc.sixxs.net +nofail | grep -e status -e AAAA -e time
; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14731 1:1:210: dcff:fe20: 7c7c
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0
;noc.sixxs.net. IN AAAA
;; ANSWER SECTION:
noc.sixxs.net. 85342 IN AAAA 2001:838:
;; AUTHORITY SECTION:
;; Query time: 4 msec
real 0m0.024s
user 0m0.012s
sys 0m0.004s
You are only affected _if_ the first query is fast, but the second query
is very slow and/or shows something else than NOERROR in the first line
(SERVFAIL or REFUSED for example). If the DNS query is fine you should
not be affected.