[intrepid] IPv6 unusable

Bug #249824 reported by Bernhard Schmidt on 2008-07-18
60
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Intrepid Ibex Backports
Undecided
Unassigned
bind9 (Gentoo Linux)
Fix Released
High
bind9 (Mandriva)
Invalid
High
bind9 (Ubuntu)
Medium
LaMont Jones
Intrepid
Undecided
Unassigned

Bug Description

Binary package hint: bind9

dig (from dnsutils 1:9.5.0.dfsg.P1-2~build1) in intrepid cannot use IPv6 transport apparently

berni@schleppi:~$ dig -6 -t aaaa lrz-muenchen.de @dns1.lrz-muenchen.de
dig: can't find IPv6 networking

The machine has working IPv6 connectivity

berni@schleppi:~$ ping6 dns1.lrz-muenchen.de
PING dns1.lrz-muenchen.de(dns1.lrz-muenchen.de) 56 data bytes
64 bytes from dns1.lrz-muenchen.de: icmp_seq=1 ttl=61 time=1.69 ms
64 bytes from dns1.lrz-muenchen.de: icmp_seq=2 ttl=61 time=2.50 ms
64 bytes from dns1.lrz-muenchen.de: icmp_seq=3 ttl=61 time=2.35 ms
^C
--- dns1.lrz-muenchen.de ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2007ms
rtt min/avg/max/mdev = 1.691/2.184/2.508/0.356 ms

Debian testing (1:9.5.0.dfsg.P1-2) works just fine

mail:~# dig -6 -t aaaa lrz-muenchen.de @dns1.lrz-muenchen.de

; <<>> DiG 9.5.0-P1 <<>> -6 -t aaaa lrz-muenchen.de @dns1.lrz-muenchen.de
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25968
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;lrz-muenchen.de. IN AAAA

;; AUTHORITY SECTION:
lrz-muenchen.de. 86400 IN SOA dns1.lrz-muenchen.de. hostmaster.lrz-muenchen.de. 2008071717 21600 1800 3600000 86400

;; Query time: 28 msec
;; SERVER: 2001:4ca0:0:100:0:53:1:1#53(2001:4ca0:0:100:0:53:1:1)
;; WHEN: Fri Jul 18 11:47:27 2008
;; MSG SIZE rcvd: 85

Bernhard Schmidt (berni) wrote :

This bug is still there with 1:9.5.0.dfsg.P2-1ubuntu1. Rebuilding the source package on an IPv6 enabled box did not fix it.

In the buildlog at http://launchpadlibrarian.net/17069359/buildlog_ubuntu-intrepid-i386.bind9_1%3A9.5.0.dfsg.P2-1ubuntu1_FULLYBUILT.txt.gz you can see

checking for sin6_scope_id in struct sockaddr_in6... yes
checking for in6_pktinfo... no -- disabling runtime ipv6 support

According to a bug filed with Gentoo this is a problem with glibc 2.8 (http://bugs.gentoo.org/show_bug.cgi?id=227333). There is a patch to configure.in filed with this bug that fixes the problem (http://bugs.gentoo.org/attachment.cgi?id=157025). Unfortunately it requires rerunning autotools (debian/rules autofiles), which I did not get to work. I probably don't have all the necessary tools installed.

Bug #257909 and #259740 are most likely duplicates of this.

LaMont Jones (lamont) wrote :

this will be fixed in 1:9.5.0.dfsg.P2-1

Changed in bind9:
assignee: nobody → lamont
status: New → Fix Committed
Bernhard Schmidt (berni) wrote :

Not fixed in 1:9.5.0.dfsg.P2-1ubuntu2 (which should be based on 1:9.5.0.dfsg.P2-1, no?)

Bernhard Schmidt (berni) wrote :

Please reopen this bug, this is NOT fixed.

berni@pest:~$ dig www.heise.de @2001:a60:f001:1::69
dig: couldn't get address for '2001:a60:f001:1::69': address family not supported

berni@pest:~$ apt-cache show dnsutils | grep Version
Version: 1:9.5.0.dfsg.P2-1ubuntu2

Changed in bind9:
status: Fix Committed → Confirmed
Changed in bind9:
milestone: none → ubuntu-8.10
Changed in bind9:
status: Unknown → Fix Released
malaiwah (michel-belleau) wrote :

Here are my two cents, my IPV6 is correctly enabled, but BIND does not listens on the interface (I changed some bits for xxxxx in this output though):

root@newborn:~# cat /proc/net/if_inet6
00000000000000000000000000000001 01 80 10 80 lo
20014830xxxxxxxxxxxxxxxxxxxxxxx 05 40 00 80 sixxs
fe80000000000000021b21fffe22ccf3 02 40 20 80 eth0
fe800000000000000000000046262579 05 80 20 80 sixxs

root@newborn:~# netstat -an6
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::21 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 272 2001:xxxx:::22 2001:xxxx:50138 ESTABLISHED

But I found this post while searching for an answer: http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/ae84fcc0de3cb407/7b559fea0385cc07?lnk=raot

        I wonder if you are hitting this problem?
        --enable-getifaddrs=no should work around it.

        If that doesn't work run 9.4.2-P1.

case $host in
*-linux*)
        # Some recent versions of glibc support getifaddrs() which does not
        # provide AF_INET6 addresses while the function provided by the USAGI
        # project handles the AF_INET6 case correctly. We need to avoid
        # using the former but prefer the latter unless overridden by
        # --enable-getifaddrs=glibc.
        if test $want_getifaddrs = glibc
        then
                AC_CHECK_FUNC(getifaddrs, AC_DEFINE(HAVE_GETIFADDRS))
        else
                save_LIBS="$LIBS"
                LIBS="-L/usr/local/v6/lib $LIBS"
                AC_CHECK_LIB(inet6, getifaddrs,
                        LIBS="$LIBS -linet6"
                        AC_DEFINE(HAVE_GETIFADDRS),
                        LIBS=${save_LIBS})
        fi
        ;;
*)
        AC_CHECK_FUNC(getifaddrs, AC_DEFINE(HAVE_GETIFADDRS))
        ;;
esac

I will try re-building BIND 9.5.0 from source with this config change to know if this fixes it.

malaiwah (michel-belleau) wrote :

By the way, I'm on Intrepid on x86.

apt-get build-dep bind9
cd /usr/src
apt-get source bind9
cd bind9*
vim debian/rules
added --enable-getifaddrs=no to the configure line (do not forget \ )
debuild -us -uc
[...snip...]
dpkg -i ../bind9_9.5.0.dfsg.P2-1ubuntu2_i386.deb

root@newborn:/usr/src# !netstat
netstat -an6
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::21 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN

Oct 6 15:39:26 newborn named[16426]: starting BIND 9.5.0-P2 -u bind
Oct 6 15:39:26 newborn named[16426]: found 1 CPU, using 1 worker thread
Oct 6 15:39:26 newborn named[16426]: loading configuration from '/etc/bind/named.conf'
Oct 6 15:39:26 newborn named[16426]: no IPv6 interfaces found

Still does not bind on my IPV6 interface, so this fix does not work.

malaiwah (michel-belleau) wrote :

I checked this bug log again and I see that we still have the same problem as from the first post:

./configure still returns this ipv6 disabled warning when building in Intrepid.

checking for sin6_scope_id in struct sockaddr_in6... yes
checking for in6_pktinfo... no -- disabling runtime ipv6 support
checking for sockaddr_storage... yes

malaiwah (michel-belleau) wrote :

I'm rebuilding the package with the gentoo proposed patch and it seems to be in the good direction:

checking for sin6_scope_id in struct sockaddr_in6... yes
checking for in6_pktinfo... yes
checking for struct if_laddrreq... no

I patched the source with the patch, ran debian/rules autofiles and then re-copied the "config.sub" and "config.guess" files from the virgin source tree for ./configure to work correctly.

I'll try the builded package once it is compiled.

malaiwah (michel-belleau) wrote :

Useless, it still doesn't work even with my newly compiled version, patched with the Gentoo patch provided even though the configure log was a little bit better.

Oct 6 16:26:19 newborn named[3475]: loading configuration from '/etc/bind/named.conf'
Oct 6 16:26:19 newborn named[3475]: no IPv6 interfaces found
Oct 6 16:26:19 newborn named[3475]: listening on IPv4 interface lo, 127.0.0.1#53

ArchLinux bug reports has more informations about this bug.
Source: http://bugs.archlinux.org/task/11166

malaiwah (michel-belleau) wrote :

This bug is also reported for Mandriva, but no solution.
Source: https://qa.mandriva.com/show_bug.cgi?id=43966

malaiwah (michel-belleau) wrote :

Fedora 9 has the same problems, but still no clear solution. Looking at the Gentoo Patch from the first link, it kind of a hack.
Source: http://groups.google.com/group/comp.protocols.dns.bind/browse_thread/thread/ae84fcc0de3cb407?fwc=1

malaiwah (michel-belleau) wrote :

I wish I had tried this before:

dpkg -i libisc44_9.5.0.dfsg.P2-1ubuntu2_i386.deb

recompiled with --disable-getifaddrs (or --enable-getifaddrs=no) work no problem; I thought re-installing only the bind9 package was fine, but the changes (that are occuring in lib/unix/net.c when we disable getifaddrs) are only installed on the system when re-installing the libisc44 package.

My BIND9 server now listens over IPv6 connections under Intrepid.

Paul Mullen (mullen-paul) wrote :

I tried --disable-getifaddrs and it does not fix the problem with using IPv6 resolvers.

pmullen@ridcully:~/bind$ dig www.google.ie @2001:770:E00E:1::1
dig: couldn't get address for '2001:770:E00E:1::1': address family not supported

Changed in bind9:
status: Unknown → Confirmed

Based on the comment from the Archlinux bug the issue has been fixed upstream and will be distributed in the next release. See: http://bugs.archlinux.org/task/11166#comment33319

Quote:
> Comment by Gilles Bedel (gillux) - Wednesday, 15 October 2008, 06:49 GMT-4
> Upstream fixed it, finally.
>
> The bug (RT #18388) I opened 2 months and a half ago at the ISC is now closed.
> Their bugreports archives and their working repository are not publicy available,
> so you may not see it until the next bind release.

LaMont Jones (lamont) wrote :

I have added the fix into ubuntu as well, will be in the next upload.

Changed in bind9:
importance: Undecided → Medium
status: Confirmed → In Progress
LaMont Jones (lamont) on 2008-10-29
Changed in bind9:
status: In Progress → Fix Committed
Paul Mullen (mullen-paul) wrote :

Not sure if this is supposed to be fixed in Intrepid Final yet but resolving over IPv6 still does not work.

Tim Utschig (tim-tetro) wrote :

The apparmor profile needs to be updated. From /var/log/audit/audit.log (when auditd is installed, /var/log/kern.log otherwise, I think):

type=APPARMOR_DENIED msg=audit(1226338235.355:31): operation="inode_permission" requested_mask="::r" denied_mask="::r" fsuid=113 name="/proc/17804/net/if_inet6" pid=17805 profile="/usr/sbin/named"

Paul Mullen (mullen-paul) wrote :

I hate to keep saying this but all IPv6 only machines are completely broken, as they cannot do DNS lookups over IPv6. It also means that dual stack machines that have only IPv6 resolvers are broken.

Hi,

   I reproduce this bug on a Secondary DNS Server, ubuntu x86-64 8.10.
   Thinks were ok on 8.04 and after upgrade I get this message in the log :

Nov 18 13:36:11 ns1 named[32579]: no IPv6 interfaces found

while I'm on a machine with both ipv4 and ipv6 activated.

  Does anyone have an idea of when the fix will be available on apt-get upgrade ?
  Is there a mean to get the fix earlier to test it ?

  Note : I can provide some more info on my server or make some test if I'm asked to do so ;)

Thomas.

Hi,

 From Adam Track from the Bind mailing list, told me :

>I think BIND from Ubuntu distribution is not compiled as GNU source
>(with _GNU_SOURCE macro defined). It is needed to get IPv6 working.
>The best solution is to open ticket in Ubuntu bug tracker.
>
>Adam

Thomas.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bind9 - 1:9.5.0.dfsg.P2-4

---------------
bind9 (1:9.5.0.dfsg.P2-4) unstable; urgency=low

  * meta: fix typo in Depends: lsb-base. Closes: #501365

bind9 (1:9.5.0.dfsg.P2-3) unstable; urgency=low

  [LaMont Jones]

  * enable largefile support. Closes: #497040

  [localization folks]

  * l10n: Dutch translation. Closes: #499977 (Paul Gevers)
  * l10n: simplified chinese debconf template. Closes: #501103 (LI Daobing)
  * l10n: Update spanish template. Closes: #493775 (Ignacio Mondino)

bind9 (1:9.5.0.dfsg.P2-2) unstable; urgency=low

  [Kees Cook]

  * debian/{control,rules}: enable PIE hardening (from -1ubuntu1)

  [Nicolas Valcárcel]

  * Add ufw integration (from -1ubuntu2)

  [Dustin Kirkland]

  * use pid file in init.d/bind9 status. LP: #247084

  [LaMont Jones]

  * dig: add -DDIG_SIGCHASE to compile options. LP: #257682
  * apparmor profile: add /var/log/named

  [Nikita Ofitserov]

  * ipv6 support requires _GNU_SOURCE definition. LP: #249824

 -- Jamie Strandboge <email address hidden> Mon, 24 Nov 2008 12:41:22 +0000

Changed in bind9:
status: Fix Committed → Fix Released
carrerasg (carrerag) wrote :

Will this fix be backported to Intrepid?

Can anybody answer ?

I don't see the fix comming with "sudo apt-get update;sudo apt-get ugprade"

Thomas.

Yes, please. Do a backport to Intrepid. dnsutils is useless (in a network with only IP6 dns servers) on Intrepid without this fix.

lod (altoas) wrote :

It's stupid to leave broken IPv6 DNS on all Intrepid systems.. both client and servers...

Will anybody have the decency to answer ? any ubuntero here ?

I had to disable my secondary DNS server for dozens of .fr. domains because of this bug.

Some people are becoming upset and I totally agree with that.

Please, give an answer or a decent workaround.

Thanks

carrerasg (carrerag) wrote :

I finally just downloaded the the Bind9 source from Jaunty and built it myself. That's an option, not a good one in my opinion but at least it works. I think the only problem I had was that it downgraded one of my libs... can't remember exactly which one. ldap something or other I think.

On Tue, 2008-12-02 at 23:22 +0000, Manson Thomas wrote:
> Will anybody have the decency to answer ? any ubuntero here ?
>
> I had to disable my secondary DNS server for dozens of .fr. domains
> because of this bug.
>
> Some people are becoming upset and I totally agree with that.
>
> Please, give an answer or a decent workaround.

Sadly, I've found this to be the case more and more recently with bugs I
file with Ubuntu. I file bugs with complete full stack traces even and
all I get are "stab in the dark" "can you try this, or that, or the
other" guesses, if I get any response at all.

I've taken to skipping the filing of bugs at Launchpad and filing with
upstream -- for major packages such as gnome, evolution, mozilla, etc.
anyway. Not that responses upstream are any better.

It seems that everybody wants to work on the new, shiny, whizbang and
nobody wants to cleanup the mess the new, shiny, whizbang leaves in it's
trail.

b.

Matt LaPlante (cybrmatt) wrote :

I've built a patched version for intrepid and uploaded to my PPA:
deb http://ppa.launchpad.net/cybrmatt/ubuntu intrepid main
deb-src http://ppa.launchpad.net/cybrmatt/ubuntu intrepid main

Very preliminary testing looks positive. Will continue running it.

Debdiff is attached as well.

Thierry Carrez (ttx) wrote :

This bug has been fixed in the latest development version of Ubuntu - the Jaunty Jackalope.
If you need a fix for the bug in previous versions of Ubuntu, please do steps 1 and 2 of the SRU Procedure [1] to bring the need to a developer's attention.

[1]: https://wiki.ubuntu.com/StableReleaseUpdates#Procedure

Matt LaPlante (cybrmatt) wrote :

I believe parts 1 & 2 have been met sufficiently; if anyone disagrees, please correct me. We've clearly identified the problem, the scope, and the correction. A fix is available in the development release, and a patch is available here for the backport.

Subscribers, please test the proposed patch as thoroughly as possible to increase its chances of acceptance.

Adding ubuntu-sru, and nominating for Intrepid.

On Wed, 2008-12-03 at 15:29 +0000, Matt LaPlante wrote:
>
> Subscribers, please test the proposed patch as thoroughly as possible to
> increase its chances of acceptance.

I only needed the dnsutils package (for dig, host, etc.) but that worked
just great for me.

carrerasg (carrerag) wrote :

Thanks for providing the patched version Matt.

I've installed and the IPv6 issue appears to be fixed. I did notice one issue when I installed though, maybe this is only visible with an initial install. My permissions were set incorrectly on /var/cache/bind. I got the following error when bind started:

Dec 3 14:32:42 sadie named[15873]: the working directory is not writable

I changed that directory from 755 root.root to 775 root.bind and that seemed to take care of that. I had this problem when I installed the stable bind version too, but I had forgotten about it until now.
It's strange though because when I look at the details of the bind9 package in Adept the permissions for that directory look correct, so maybe it is something else going on with my machine.

Hi Matt,

  Thanks very very much for the backport to Intrepid, my life is getting better now ;)

  I've installed the patch on my production secondary DNS server and it successfully solved the issue.

  One question :

    I've you're patch repository in my /etc/apt/sources.list.
    When the patch will be generally available on intrepedid, what are the steps for me to return in the intrepid branch (without loosing the fix (or not for too long time)) ?

  Thanks again,
Thomas.

Matt LaPlante (cybrmatt) wrote :

My package version containing a tilde (1:9.5.0.dfsg.P2-1ubuntu3~ppa3) should work as a half-increment. It's higher than 1:9.5.0.dfsg.P2-1ubuntu2 (current), but should be lower than 1:9.5.0.dfsg.P2-1ubuntu3 (future/final). Assuming this version number or higher will be used by the final push, it will automatically supersede the ppa packages. Of course, you're also free to just remove my ppa from your sources list at any point and install a specific version via apt-get instead.

Thanks for this precision Matt !

Thomas.

jim0112 (james-leavers) wrote :

I can also confirm that Matt's patched versions of bind9 and dnsutils have resolved the problem for me using Intrepid - thanks!

Martin Pitt (pitti) wrote :

Accepted into intrepid-proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in bind9:
status: New → Fix Committed
MMlosh (mmlosh) wrote :

No problems spotted (packages from "deb http://ppa.launchpad.net/cybrmatt/ubuntu intrepid main")

For testing I've one machine with these packages and one with dnsutils from Debian Etch

I can confirm, that it works. When I try to force v6, then it uses address " ::ffff:<my IPv4 gateway address>#53", but that behavior can be intended...

Martin Pitt (pitti) wrote :

MMlosh [2008-12-08 14:47 -0000]:
> No problems spotted (packages from "deb
> http://ppa.launchpad.net/cybrmatt/ubuntu intrepid main")

Any chance you could test again the packages from intrepid-proposed,
to make sure it wasn't misbuilt or anything?

Thanks!

Bernhard Schmidt (berni) wrote :

bind9 from intrepid-proposed works fine for me on amd64

carrerasg (carrerag) wrote :

Bind9 from intrepid-proposed working good here too. No problems after running for about a day.

jim0112 (james-leavers) wrote :

Bind9 from intrepid-proposed is working fine for me.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bind9 - 1:9.5.0.dfsg.P2-1ubuntu3

---------------
bind9 (1:9.5.0.dfsg.P2-1ubuntu3) intrepid-proposed; urgency=low

  * Port LaMont Jones' IPv6 fix to Intrepid. (LP: #249824)

 -- Matt LaPlante <email address hidden> Tue, 02 Dec 2008 22:52:17 -0600

Changed in bind9:
status: Fix Committed → Fix Released
Steve Beattie (sbeattie) wrote :

This bug was found in the Intrepid development cycle; removing regression-potential and marking as regression-release.

Scott Kitterman (kitterman) wrote :

Marking invalid for backports since it's a bug fix that is (as is proper) being handled through SRU/Updates.

Changed in intrepid-backports:
status: New → Invalid
Changed in bind9:
status: Confirmed → Invalid
Changed in bind9 (Mandriva):
status: Invalid → Unknown
Changed in bind9 (Gentoo Linux):
importance: Unknown → High
Changed in bind9 (Mandriva):
importance: Unknown → High
Changed in bind9 (Mandriva):
status: Unknown → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.