[regression] all network apps / browsers suffer from multi-second delays by default due to IPv6 DNS lookups

Thank you for reporting this to Ubuntu. Could you please see if you have the same trouble with other browsers such as epiphany-webkit or midori?

Yes it does apply to other browsers.

This would appear to be more than a Firefox problem since other browsers are involved. I'm removing the Firefox 3.5 package from the bug and asking for reassignment to the appropriate package.

I've been struggling with this bug as well, for me it started with updates I installed on 3rd sept even though I had no problems like this in karmic earlier (at this point I installed updates from about two weeks back though). It affects all network apps (not just browsers). I originally filed a ticket with my ISP because I thought it was their DNS servers that were slow.

What I was seeing what 20-40 seconds page loads for certain webpages, when I set network.dns.disableIPv6 to true most pages loads with 1-3 seconds.

This is a problem with the DNS resolver.

This problem will occur for any DNS request which the DNS resolver does not support.
The proper solution is to fix the DNS resolver.

What happens:
 - Program is IPv6 enabled.
 - When it looks up a hostname, getaddrinfo() asks first for a AAAA record
 - the DNS resolver sees the request for the AAAA record, goes "uhmmm I dunno what it is, lets throw it away"
 - DNS client (getaddrinfo() in libc) waits for a response..... has to time out as there is no response. (THIS IS THE DELAY)
 - No records received yet, thus getaddrinfo() goes for a the A record request. This works.
 - Program gets the A records and uses those.

This does NOT only affect IPv6 (AAAA) records, it also affects any other DNS record that the resolver does not support.
Generally these resolvers are embedded into the "NAT boxes" that consumers have.

Working solution, as we are on Linux anyway: don't use the DNS resolver in the NAT box, but install eg pdns-recursor and use that.

Of course that does not fix the broken box, which might be the NAT box, or the resolvers at the ISP.
Some other people start using OpenDNS because those "work" (But that is not really true either: https://lists.dns-oarc.net/pipermail/dns-operations/2009-July/004217.html)

Note that the DNS queries go over IPv4 (transport), there is no IPv6 _connectivity_ involved here.

I'm not convinced, that this is a resolver bug. I'm running an IPv6 enabled system (aiccu tunnel with sixxs.net), so all IPv6 requests are answered by an IPv6 enabled DNS server. I'm still experiencing the same problems. Additional to that, this bug was introduced by Karmic and didn't happen before.

The 5 second lag occurs with the Livebox (used by Orange, 12 million broadband internet customers in Europe). Better fix this unless you want a number of users to tweak their config files to either disable ipv6 or disable box-based dns server, not something anybody enjoys doing.

I also suffer from this problem, it _is_ the DNS-resolver, like Jeroen analysed - there should really be a fix for Karmic RS..

@ Markus's #8 comment: as I mentioned "Note that the DNS queries go over IPv4 (transport), there is no IPv6 _connectivity_ involved here.".

You also state 'so all IPv6 requests are answered by an IPv6 enabled DNS server."; well, unless you configured IPv6 DNS resolver addresses in your /etc/resolv.conf then queries will still go over IPv4 (transport), even though they are AAAA queries. AICCU only provides IPv6 connectivity (transport) it does not configure DNS resolvers though.

@ Bernard's #9 comment: most likely your livebox contains one of these broken DNS resolvers. Happens a lot that CPEs have this issue. Try the below to check this out. Configuring resolv.conf with OpenDNS or other working DNS servers (eg the ones of your ISP directly, instead of the livebox) might solve your problem. Do also please realize that this problem ALSO occurs on other platforms than Linux, eg Windows, which is what the majority of people are using; what to use is a choice of the user afterall....

To verify this, do a:
for i in `cat /etc/resolv.conf | grep ^nameserver | cut -f2 -d' '`; do dig @$i www.microsoft.com AAAA; done

This should return quite quickly, even though no AAAA records for www.microsoft.com exist yet. Now, if you have a broken resolver somewhere along the way, these requests won't return quickly (unless they are locally or on-path cached as negative).

I have had the same problem, affecting all network activities. Particularly a problem when performing upgrades via aptitude. Problem completely solved by specifying Opendns as my DNS servers. I do not have this problem when running Jaunty, XP or Vista.

Just updated to karmic and experienced the same problem (1-3 second delays on dns lookup).
Switching off IPv6 dns support in firefox "fixes" the problem.

Do do that open up Mozilla or Firefox and type in 'about:config' in the address bar
Scroll down to "network.dns.disableIPv6", it's defaulted to a value of false, change it to true.

hope that helps.

That's a "fix" in Firefox, but the problem still exists in every other network app (evolution, aptitude, etc.)
So web browsing (which is what most users are doing anyway) is normal speed but everything else is behaving like you have dial-up.
After the final release, if the bug isn't fixed in every app people might start complaining to their isp or even drop ubuntu (or not upgrade to Karmic)

I also notice the same problem in kubuntu. I remember this happened before on my upgrade to intrepid.

This is still present in the today's build. I don't understand why this isn't prioritized as release critical, since it makes web browsing and other network-related tasks unbearably slow.

Right, I also stress the incredible delay in thunderbird, network apps on the shell, update manager and everything else network related due to ipv6 lookups without having an ipv6 ip again!

At the university, where I get ipv6 as well, everything works as usual but at home with ipv4 its hardly usable..

Please investigate into this bug, I provide myself for testing things on this topic..

regards, max

Temporary workaround can be found here:

http://ubuntuforums.org/archive/index.php/t-1281820.html

This proves that it has something to do with DNS resolving.

For everybody not reading the other comments, #7 actually explains what goes on....

Yes, indeed, probably the best solution is to use just install a local DNS resolver (pdns-resolver), which hits the roots/gtld's etc itself. This is not very friendly to the general Internet, but heck, with the largest DNS server doing short TTLs and based on geography it might not matter too much.

Thus kids, "apt-get install pdns-recursor" and edit your /etc/resolv.conf to point to 127.0.0.1 when you get hit by this issue.

I really think the opendns workaround is better at the time. But both solutions aren't good enough. You can't tell your grandmother to edit some config files because her internet is slow

I agree that this bug should be considered release critical, if not just applying the workaround. What could be added to network-manager is a feature for when you connect it tries to obtain an ipv6 dns and if it succeeds, it uses the network dns resolver or if it fails then it uses pdns-resolver (I just don't think that would work for this release, maybe in Lucid)

I have had a privoxy go-slow - several seconds on every lookup - since installing Karmic beta. Hadn't really noticed a problem in any other app but web browsing did sometimes feel sluggish.

In a brainwave just now I have tried disabling ipv6 (using grub method) and now privoxy is working beautifully. I have also noticed that web browsing feels snappier generally, so I think this was slowing -all- of my apps down by a large enough fraction for me to feel the difference now.

Just to reiterate: it's repeatable for me with privoxy. IPV6 on - privoxy massive latency. IPV6 off - privoxy works fine.

I have a Draytek so blaming the router isn't practical - these have a MASSIVE installed base. Whether it's strictly the router's fault or not, it would not be ubuntu of Ubuntu to get all academically correct about it, we need some sort of workaround that can be achieved by clicking buttons.

To be honest, only the advanced users would want IPv6 anyway, so why not have it off by default and make it very easy to switch on?

Should also say quite happy to test any other proposed workaround.

I have found that when I ping a site (for example, www.google.com) and I ping the url (www.google.com) it takes a while, but if I ping the IP address (63.251.179.13) then the lag is gone

¿Why I haven't delays with wireless connection and yes with wired?

@ Pconfig / #20

> You can't tell your grandmother to edit some config files because her internet is slow

Does your grandmother use Ubuntu then? If so, then just help her out in fixing the issue :)

@ Zack Evans / #23

> I have a Draytek so blaming the router isn't practical - these have a MASSIVE installed base

This problem also is in effect when the user has Windows and IPv6 enabled on that. The problem lies in the DNS resolver (which might not be the NAT box (what you call "router") but might be even your ISP, and thus you can avoid the problem by not using the DNS resolver in the NAT box. You might of course also try to upgrade your router, maybe they fixed the problem (you upgrade your Ubuntu and other things too, because they have issues, thus try that)

> To be honest, only the advanced users would want IPv6 anyway, so why not have it off by default and make it very easy to switch on?

Because in a few years or so you will have to enable IPv6 as there won't be any new hosts with IPv4 addresses. As such, better bite the apple today and fix those IPv6 issues, then wait till you really need it.

@ camper365 / #24

yes, that is correct, as when you ping www.google.com it has to lookup the hostname in DNS, while if you ping the address, it doesn't. DNS resolving (thus figuring out which address belongs to the requested hostname) is where the problem lies. See the hints about OpenDNS or pdns-recursor to solve it.

@ Ragnarel / #25

as per comment #11 try a:
  for i in `cat /etc/resolv.conf | grep ^nameserver | cut -f2 -d' '`; do dig @$i www.microsoft.com AAAA; done
when connected to wireless and when not connected to wireless. Or just for that matter, check if you are using the same nameservers when connected to wireless and wired, if they are different then you already got a small part of the answer.

Since we're running out of time, maybe we can just ship "network.dns.disableIPv6==true" as the Firefox default? I'd love a real fix for this bug but the RC is coming up very very soon now.

Is it possible, that some patch changed the usage order of the nameserver from /etc/resolv.conf?

My router does deliver a "dead" nameserver via DHCP [1], which was never a problem since Ubuntu used to question the first (local) nameserver. The local nameserver resolves any given request without a problem [2]. If I remove the dead nameserver from resolv.conf, I no longer have any problems resolving DNS queries.

So it *might* be a solution to just change the usage order of the DNS servers to solve this "bug". Please notice, that a lot of users never experienced this problem before Karmic, so it might be hard to blame their hardware for this, even if it might be technically true... :-)

[1] It's a SE515, which delivers 217.237.151.97, despite any configuration.
[2] dig @192.168.1.1 www.microsoft.com AAAA without any noticeable delay

There's at least enough information here to confirm the issue. I'll see if I can get someone to look at it.

This 100% fixed my problem!

1. In /etc/dhcp3/dhclient.conf add the following line:

prepend domain-name-servers 208.67.222.222,208.67.220.220;

2. In /etc/nsswitch.conf edit this line

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4

to this

hosts: files dns

I'm not sure which one of these did it to be honest, but it's fixed!

My results are a little different. At the moment I'm using a draytek router, and am indeed suffering slow resolution in all my apps. Running the snippet above:

for i in `cat /etc/resolv.conf | grep ^nameserver | cut -f2 -d' '`; do dig @$i www.microsoft.com AAAA; done

Is very quick though. I consistently have slow resolution when running updates, but the same command against archive.ubuntu.com is also very quick.

The router has something to do with it I'm sure, my router at home doesn't give me any trouble at all, but querying so directly like this is reproducibly fast, while querying indirectly through update-manager, is reproducibly slow.

For the what ultimately AND universally fixed/worked around the problem was the following:

edit /etc/sysctl.conf and add the following to the bottom:

#Disable IPv6
net.ipv6.conf.all.disable_ipv6=1

@ csulok / #32

What that does is avoid fixing the problem. You disable IPv6, and thus glibc plays smart and does not resolve AAAA records anymore.

Your DNS resolver though is still broken. You might not notice it now, but if for instance per next year DNSSEC gets turned on you will run into it again.... (and you will probably just disable DNSSEC....)

csulok, your trick didn't solve my problem.

2009/10/21 Jeroen Massar <email address hidden>:
> @ csulok / #32
>
> What that does is avoid fixing the problem. You disable IPv6, and thus
> glibc plays smart and does not resolve AAAA records anymore.
>
> Your DNS resolver though is still broken. You might not notice it now,
> but if for instance per next year DNSSEC gets turned on you will run
> into it again.... (and you will probably just disable DNSSEC....)
>
> --
> [karmic regression] all network apps / browsers suffer from multi-second delays by default due to IPv6 DNS lookups
> https://bugs.launchpad.net/bugs/417757
> You received this bug notification because you are a direct subscriber
> of a duplicate bug.
>

I'm experiencing these problems on my Dell Studio 1555 laptop with Karmic Beta. I hope it gets fixed soon!

I have two targets
07:02.0 Network controller: Broadcom Corporation BCM4318 [AirForce One 54g] 802.11g Wireless LAN Controller (rev 02)
00:19.0 Ethernet controller: Intel Corporation 82566DC Gigabit Network Connection (rev 02)

I work better using wifi than using wired connection.

@ Nech / #36

> I work better using wifi than using wired connection.

So, like I ask everybody else, check to see if there is a huge latency time difference when doing:

for i in `cat /etc/resolv.conf | grep ^nameserver | cut -f2 -d' '`; do dig @$i www.microsoft.com AAAA; done

Over the wired or wireless; quiker maybe is to check if you get a different set of DNS servers when connected over wired or wireless (just check if /etc/resolv.conf changes).

I think the problem is not DNS. Actually, when I visit different websites in a short period of time, then everything get saturated. Some websites not load, and other take up to 2 or 3 minutes to do so. I tried it using Google Chromium also, and the result was the same. Is a new instalation the karmic, and the upgrade just happened

Results of wireless
-----------------------
; <<>> DiG 9.6.1-P1 <<>> @80.58.0.33 www.microsoft.com AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49350
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.microsoft.com. IN AAAA

;; ANSWER SECTION:
www.microsoft.com. 2921 IN CNAME toggle.www.ms.akadns.net.
toggle.www.ms.akadns.net. 247 IN CNAME g.www.ms.akadns.net.
g.www.ms.akadns.net. 265 IN CNAME lb1.www.ms.akadns.net.

;; AUTHORITY SECTION:
akadns.net. 90 IN SOA internal.akadns.net. hostmaster.akamai.com. 1256289512 90000 90000 90000 180

;; Query time: 104 msec
;; SERVER: 80.58.0.33#53(80.58.0.33)
;; WHEN: Fri Oct 23 11:20:03 2009
;; MSG SIZE rcvd: 170

wired
-------
; <<>> DiG 9.6.1-P1 <<>> @80.58.0.33 www.microsoft.com AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1196
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.microsoft.com. IN AAAA

;; ANSWER SECTION:
www.microsoft.com. 2805 IN CNAME toggle.www.ms.akadns.net.
toggle.www.ms.akadns.net. 140 IN CNAME g.www.ms.akadns.net.
g.www.ms.akadns.net. 144 IN CNAME lb1.www.ms.akadns.net.

;; AUTHORITY SECTION:
akadns.net. 91 IN SOA internal.akadns.net. hostmaster.akamai.com. 1256289631 90000 90000 90000 180

;; Query time: 102 msec
;; SERVER: 80.58.0.33#53(80.58.0.33)
;; WHEN: Fri Oct 23 11:22:00 2009
;; MSG SIZE rcvd: 170

@ Nech / #38

As you have the same DNS server for both wired and wireless, most very likely _your problem_ is not a DNS issue* like what the others show here.

* = unless an upstream of your DNS server has the "drop unknown DNS records" problem and your resolver caches the negative answer correctly, which will cause any subsequent query, like the ones above, to be quick again.

To solve your problem, I guess you'll have to take a peek with Wireshark...

My problem goes away if I disable IPv6. If I boot with IPv6 though, so I have the problem, DNS lookups from the command line happen quickly.

for i in `cat /etc/resolv.conf | grep ^nameserver | cut -f2 -d' '`; do dig @$i www.microsoft.com AAAA; done

is practically instant. (I have also tried it with some other hostnames to check it is not cacheing hiding the problem.)

I should add I did not have this problem in Jaunty, and no equipment has changed, only the upgrade to Karmic.

So, as I type, with IPv6 enabled, Privoxy is grinding, everything else seems OK.

If I reboot with IPv6 off, Privoxy and everything else will be OK. DNS AAAA lookups seem OK whether enabled or disabled.

So is there some other subtle interaction between Privoxy and IPv6?

@ Zack Evans #40

I quickly looked at the Privoxy 3.0.12 IPv6-patch included in Debian (and probably the same thing in Ubuntu) and it seems that it is quite incomplete and has quite a number of broken assumptions. One of the primary brokeness is actually documented in the patch with: /* TODO: Allow multihomed hostnames */ indeed, that also means that if a host has multiple A and/or AAAA records, it will only try to use the first one, which might actually be an IPv6 address (which is generally preferred). As an example www.google.com has generally 4 IPv4 IP addresses (A records) and as that Privoxy patch only supports 1 address per hostname, it will only use one of those. If that single address is then IPv6, it will try IPv6.

If your IPv6 connectivity is then broken (which might also be the problem for other hosts) then of course it will take quite some time for that to timeout....

I would say: file a bug report against privoxy as clearly the patch that is included can various websites which have multiple addresses to only have the use of one address. and of course only IPv6 or IPv4 is then supported by it... in other words: BROKEN.

With the above in mind, people who have problems with "IPv6" should perform two tests:
 - ip ro sho |grep default
   ^---- if you have a default route somewhere then of course it will be used, thus check where it goes and if that makes sense for you.
 - for i in `cat /etc/resolv.conf | grep ^nameserver | cut -f2 -d' '`; do dig @$i www.microsoft.com AAAA; done
  ^-- if this has huge latency then your DNS resolver (or one above it) is broken. Do test this also with different hostnames then just www.microsoft.com, try especially hostnames that you didn't check in a while as they might be cached somewhere.

I've also been hit by this bug on a new Karmic install. Had no problems with Jaunty on the same hardware.

Tried csulok's work-around from post #32, which didn't work. Disabling IPV6 in Firefox does work (but only for Firefox, of course). Changing my IPV4 settings to use Open DNS works universally, but seems like a rather unpleasant kludge to use as a permanent fix.

@PhilGil in #42: disabling IPV6 did not fix the problem for you? sounds strange. Did you run "sysctl -p /etc/sysctl.conf" after having set net.ipv6.conf.all.disable_ipv6 in /etc/sysctl.conf?

Well, after a bit more testing, the fix in #32 only partially works. For example, it works for browsers but not for apt-get, wget or lftp.

It would certainly be good if this were somehow addressed before stable release.

Is there any chance of that at all at this point?

That's good question James!

Hi there i had those problems too. It seems to work after i disables all iptables modules.
I think this bug caused by wrong-not good iptables policy .

As I'm a regular desktop user, and i sit behind router I find it ok to remove iptables.

rmmod iptable_filter
rmmod x_tables
rmmod ip_tables

worked for me :)

I am surprised that this isn't release critical. Probably the biggest reason people get on the computer is to use the internet and if people associate Ubuntu with slow internet, no matter how fast you make it boot, they won't want to use it. Even if it is just a workaround that is applied to the final release, it still should be done.

I have not used launchpad before and am not sure of the procedures. This bug has been nominated as a confirmed and high bug in the Network Manager but has not been confirmed or assigned an urgency under Linux (Ubuntu). This means it does not appear as a high urgency problem when you search the bugs for Karmic which I would have expected it to. Could it be that this problem is getting overlooked?

I am affected by this problem too, and I can't help but wonder why this bug isn't blocking release. It makes Ubuntu Karmic practically unusable for me (and most likely everyone else who is affected).

Post #30 directions seems to be the common advice given to fix the issue and fixed it for me (thanks Dodge V83). Still I agree this a major problem and Notwork Manager is the biggest pile of crap software that comes with gnome and I have no idea why they don't toss the shiiteware out like they should. A much better alternative I hear is wicd. To install type

sudo apt-get install wicd

Ack don't use wicd if you have a netbook and use the ath5k driver (still very beta nice way to put it) as suspend and resume hose up the ath5k driver (pretty sure Network Manager handles this by doing an rmmod and modprobe). These network issues are precisely why Windows is owning Linux on the netbooks. I got mine running fine but not everyone has a CS degree. Most people just want it to work out of the box. Oh well maybe next version.

Next version? This should have delayed the release at least long enough for ipv6 not to be seeded on the LiveCD. People may consider the slow internet on the livecd to be caused by the fact that you're running from a cd, but when they install it they expect it to be full speed, which should be faster than Windows. I know that ipv6 needs to replace ipv4 soon, but if trying to do it slows down the internet, and Windows isn't doing the same thing, then it is considered an Ubuntu problem and not an isp or DNS resolver problem (whether it is or not). A lot of people are willing to take any fault with Linux to an extreme and say that is why you shouldn't use it (even if it isn't true). This will make people like that go nuts because they have found a problem with Ubuntu that isn't in Windows, completely disregarding all of the problems in Windows that aren't in Ubuntu. I have not seen Windows 7, but I have heard that it is a lot to compete against and if Ubuntu has slow internet, people won't even bother looking at it. You can't say that a fix is to go this bug report and look at comment #30. If there is a workaround, it should be applied before it is installed.

I agree it is a pretty serious issue for many and by no way mean to imply windows is anything but a well polished turd. All in all the upgrade to 9.10 on my netbook (Samsung NC10) was largely seemless (a few minor issues including this one that took maybe an hour to resolve but again I am a tech geek that loves the command line) and is much snappier than any windows as well as even 9.04. But for Joe Q Public this issue would be a showstopper. I agree this needs to be resolved asap as networking is always one of those issues that scare non techies (and with crappy drivers like ath5k and imho not so good Network Manager they should be scared). We are on the same page.

I too am surprised this did not block the release. Can we appeal to a higher power? I'm not too familiar with the development process of Ubuntu but surely there's some IRC channel or mailing list where we can get the attention of somebody with "connections".

i'm adding this comment, because it might help some who think that they problem with the connection is related to this ipv6 bug (i thought the same)

on my laptop, the ethernet card picked up the connection to the local router, but browsing didn't work. (but it opened google pages as is realized later)
wifi connection was fine, with browsing and everything
i tried every workaround in this thread, but none of them worked

after a half day of struggle i ended up searching for driver bugs, and ran into this thread
http://ubuntuforums.org/showthread.php?p=2545109

and voilà, setting MTU from automatic to 1400 in Network Manager, eth0 settings, did the trick!

i hope it helps at least some of you

I seem to be suffering from the same problem. On my desktop with wired ethernet connection I seem to have a problem with DNS:
- I get a timeout when I ping a host, e.g. ping google.com
- I cannot resolve the address when I do host google.com
- I can resolve the address when I do host google.com ip_of_my_dns
- the info field of the network-manager reports the correct dns servers
- it works as expected after I have restarted network-manager

I have no problems on my laptop which is connected wirelessly to the same router and thus is using the same settings.

ok, it looks like I am suffering from a different problem: reported Bug #465757

If you're hit by this bug just in karmic, while it does work in Jaunty, could you please try this:

Open /etc/resolv.conf and reorder the nameserver lines (first to last, etc.). Do not restart, do not reconnect, just have a look if this solves your problem.

This bug affects me too but I found a simple work around. Edit your settings in network manager and put your routers IP address as the last one in the DNS servers box. Find your providers primary and secondary DNS server IP addresses and ensure they are listed first. Once you make the change you need to disable networking and then re enable it for the change to take effect. Browsing is speedy now! I hope this helps everyone get going for now but I also hope the bug gets fixed because there is no reason your router should not be able to be listed first.

Hi, Tim Coffey

I dont know how but this seems to solve my problem.

I can confirm that Markus Thielmann's suggestion (#59) solved the problem for me. Thank you.

Of course it fixes the problem, this as the problem lies in the DNS resolver that is inside the DSL/cable/etc modem.

Thus by entering/using OTHER dns servers, preferably the ones from your ISP, otherwise the ones from the OpenDNS or similar providers, you bypass the DNS resolver in the modem, and thus the device that would otherwise drop DNS queries for AAAA records.

#63 Jeroen Massar,

I do not think the problem is with the DNS resolver in the modem because other PC's do not have this problem and this PC did not have the problem until an upgrade to Karmic. I think the problem is how Karmic interacts with the modem.

#64 Tim Coffey,

Just try the following: dig @<dns server that is broken> www.bingabongobango.com AAAA

That will take quite a long time to return.

The problem is that when you install Karmic, you get IPv6, because of that, programs that are IPv6-capable will start asking for AAAA records As the DNS Server is broken it will not reply to the request. Thus it looks like things are slow.

If the other PCs are using that DNS server, but not asking for AAAA records, then all will be fine and you won't notice the slowness indeed.

The quickest way I found to work around this issues outside of firefox was to use the opendns solution found at:
https://store.opendns.com/setup/device/ubuntu/

This allowed me to use aptitude to download software and updates. This is the easiest solution for joe user and grandmothers to get started with Karmic without editing conf files. Eventually, there may be a better and more permanent solution for all users.

Joeren: Well, my suggestion was to *switch* the nameserver entries, not to replace them. I already suspected that Karmic changed the order of the DNS requests, in fact asking the last nameserver in /etc/resolv.conf first, while Jaunty asks the first nameserver.

While changing the order again wouldn't solve any problem here, but people with a single broken DNS server wouldn't notice the change as a regression, since it worked for them in Jaunty and it might still work for them with Windows.

Joeren: BTW, man resolv.conf states: "If there are multiple servers, the resolver library queries them in the order listed.", which seems not the case for karmic.

I disabled ipv6 in firefox, and lspci indicates ipv6 is turned off in
karmic. The problem still persists in the case that I'm using a linksys
router as the DNS relay. If the router is removed from the DNS list,
everything speeds up.

Before anyone tells me to get a new router, this problem didn't occur in
Jaunty, just Karmic, and I've done everything possible to confirm that
IPV6 is disabled on my machine. So it's one of two things:

1) Karmic uses a different library than Jaunty to do DNS lookups, and
that library has introduced some kind of bug (I'm guessing it's a
sequence of queries, not just one since it takes a few minutes of very
slow surfing before the router gives up entirely)

2) Karmic is lying about ipv6 being disabled and is insisting on using
it anyway.

I attempted to report this as a separate bug because I completely
eliminated IPV6 from being the culprit, but here we are.

The procedure in #59 helped my problem - I was having the same issues, DNS lookup was delayed horribly under Karmic but was spot-on under Jaunty.

I have the same problem. Firefox, Thunderbird, Synaptic, etc are all very slow and surprisingly disabling IPv6 in Firefox doesn't speed it up either, contrary to what others are reporting.

I have the same problem with 2 desktops and a laptop. I've tried the laptop wirelessly on 3 different networks and the severe slowdown continues. The workaround below fixes the slowdown by disabling IPv6 on bootup (it's worked on all 3 computers):

start a Terminal session and type:

gksu gedit /etc/default/grub ....then change

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"

to

GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash"

then

sudo update-grub

Reboot and network speed should be back to normal.

I hope that a fix for this disconcerting bug is provided ASAP. Thanks.

@jorden.sc: I had already done this manually in menu.lst, I now also tried the above - but even though I let update-grub even generate a new menu.lst, the ipv6 param is missing!!!!
I had to add it manually again.

Also, disabling ipv6 this way does solve my firefox DNS problem (I reenabled ipv6 in the firefox prefs), BUT my Ruby on Rails (2.3.4) plus apache and passenger development environment now takes MUCH longer to respond than before. Now my normally much slower laptop (with an identical dev. environment) suddenly is much faster than my PC. Some network lib is still causing a pause before each request - and it is not the apache/passenger side.

It is my mysql connection!! How do I know: On my laptop the vmware-internal network host-only network did not work any longer after the 9.10 upgrade. So I moved the mysql server from the laptop's Windows into the Ubuntu inside Vmware and gave it some more RAM. It now works as before. On my PC - also running Windows and Ubuntu inside VMware - I left the database on Windows and Rails connects over the network, there I don't use host-only networking (the "global" network adapter is always on, unlike on the laptop where I often work without offline any network attached to the laptop).

When I test this command :
for i in `cat /etc/resolv.conf | grep ^nameserver | cut -f2 -d' '`; do dig @$i www.microsoft.com AAAA; done
The response is instantaneous. But when I do this lookup :
for i in `cat /etc/resolv.conf | grep ^nameserver | cut -f2 -d' '`; do dig @$i www.speakeasy.net AAAA; done
This is very slow, and the delay is there.
Notice that I have no IPv6 connectivity, and that the IPv6 stack is activated, as the default.
This is the delay that we are talking about. And I think this is a misbehaviour from the involved authoritative DNS servers :
http://www.ietf.org/rfc/rfc4074.txt
The explanation is that the DNs server should return an error when there is no AAA record. But in this case it returns nothing. It doesn't follow the RFC. So the resolver wait for the answer, and then time out.
I think that the fact of changing one DNS server to another resolved the problem is due to the fact that the newly configured DNS servers does cache the "no response" state", or something like that. Just a thought. Don't know enough sfuss about it.

One solution is to wait for the involved DNS to update and support AAA records. But it may happen in years.
Another solution is : Disable AAA address resolution when there is no IPv6 routable address configured on any interface, or when Network manager has his IPv6 parameters set to "ignore" (which is the default in Karmic, and is a new feature that is not present in Jaunty ). The getaddrinfo() function is the one that should not ask for AAAA records when there is no IPv6 connectivity.
It seems that the Red hat team has already encountered this problem :
http://kbase.redhat.com/faq/docs/DOC-17904

The wrapper library seems to be a solution for that. What do you think of all this ?

The solution is to use a working DNS server.

A couple of ways to accomplish this:
 - use your ISP DNS servers directly
 - use OpenDNS or a similar provider
 - local caching resolver: put 127.0.0.1 as the nameserver (/etc/resolv.conf) and install pdns-recursor

The latter can be done per default in Ubuntu and would always work and require no setting changes.
The only negative side-effect is that the caching effect of DNS might be less used, but then again, most sites use DNS loadbalancing now, thus this is a non-issue.

This is no solution. This is just a workaround. All this worked well in Intrepid, Hardy and so on. There should be an package update so that installing updates fixes the problem.

@rsoulliere thank you very much, your link in #66 solved this issue for me.

Personally I regret trying to upgrade to Karmic. I had a severe bug in Jaunty that freezed my system once a day. When I upgraded to Karmic my system began to be unbootable because of an sergv in mountall. When I reinstalled I had no net :/

For those that say that the problem is in the way routes and some dns servers handle ip6:
So Karmic was released to show use how bad network equipment we bought ? to teach us a lesson ?

This bug should be a show stopper, at least for the feature change caused it. Ubuntu is becoming more unusable release after release. I'll try to do more beta and alpha tests my self in the future but I can see here beta testers comments didn't help.

@cosmo #76, of course it is "just" a work around. The problem lies in your DSL/cable modem, not in Ubuntu. Thus ubuntu can only work around this issue. You didn't see the issue before as you where not using all the features of the Internet (IPv6 ;)

@Jeroen Massar #78: You wrote "the problem lies in your DSL/cable modem, not in Ubuntu". I'd like to make a few points.

1) No IPv6 slowdowns in Jaunty or Mint 7 (which both have IPv6 enabled) anywhere I've tried. Which "features" of the internet am I not using in Jaunty but am using in Karmic?

2) Serious slowdowns with Karmic at a local coffeehouse, my place of business and the airport where I have no control over their modems.

3) OpenDNS, etc. remove some features of Firefox such as "automatically" determining which site I'd like to go to when I type key words into the address bar. If I enter "ubuntu forums", Firefox will take me to http://ubuntuforums.org/. OpenDNS will not do that.

4) Bottom line is that this needs to be fixed/patched/whatever so that most anybody trying Ubuntu for the first time will have a good experience. Currently, for many, Ubuntu cannot provide such an experience.

This is very stupid and I should have tried it before contributing to this bug. I have been using a Belkin wireless adapter on Intrepid and Jaunty with no issues so when I upgraded to Karmic and internet was slow I didn't think it could be problem with the adapter support. Well, I'm still not sure whether that is the problem or not but, having seen that disabling IPv6 in Firefox didn't do any good, I decided to give it a try and change to a wired connection and every thing is back to normal now, fast internet access across the whole system.

Maybe it's worth a try for all of you who had this problem using wireless.

It is not a wireless-related issue, a least not for me: I (unfortunately) upgraded two VMware Linux systems.

re #59:

I reversed the order in /etc/resolv.conf and saw no improvement, however, commenting out the "domain" and "search" lines gave a vast improvement:

   # Generated by NetworkManager
   #domain domain.actdsltmp
   #search domain.actdsltmp
   nameserver 192.168.0.1
   nameserver 205.171.2.65

I'm not sure what that means. Disabling ipv6 in firefox works too for me.

How long will this bug be confirmed but more or less denied ("the problem lies in your ..., not in Ubuntu" #78) ? #79-1 alone stands as the killer argument.

Another issue in addition to ipv6 is how the resolver-lib handles search domains. I found I could avoid the delay by removing the "domain" and "search" statements from /etc/resolv.conf. In this particular case there's a broadband-router which put either the providers domains or a configured local alternative in the DHCP-response. There's no way to make it drop the options altogether when it's not used properly. Thus a solution (in addition to a local caching resolver etc described above) is to remove these options (domain-name and domain-search) from the list of options the dhcp-client (/etc/dhcp3/dhclient.conf) asks for. This problem is easily identified as described in #82 above.

Wrt #84, is it a correct observation that the resolver-library in karmic always tries to add search-domains to the queried string even when the original query from the application is for a FQDN? The first DNS-request from a karmic client looking for "www.google.com" in a browser is for "www.google.com.localdomain" when "domain" or "search" is specified in /etc/resolv.conf. I thought the search-strings only were appended when there was no domain-part specified, and/or if there was no response/hit on the first request.

The reason for the delay described in #84 and #85 seems to be a firmware-bug in a wlan router (D-Link DIR-655). It doesn't seem to pass NXDOMAIN-responses to the clients when it is set up to relay requests. The upstream servers respond immediately with NXDOMAIN when queried directly. However, this problem wasn't discovered before so the behaviour of the client resolver has obviously changed in karmic.

Just to add to the voices being affected by this bug. Everyone in Ireland using an Eircom router (00,000's of customers) will encounter this issue. It is crazy, I logged on here to read about it and I can't believe it was pointed out weeks ago and nothing was done about it.

No point in blaming 'the router' or anything upstream. All I know is everything was fine in Hardy, everything is fine in Windows 7. Hell, if I load up a Windows XP VM in Virtualbox within Karmic, DNS lookups work flawlessly from the same router!!

Very disappointing.

This is exactly my opinion Jonathan!

In Germany it's the Router of the Provider "Alice" which has this issue. And i think it could be, that it maybe not talking in the correct standard way but it worked in Hardy and Intrepid and where is the use of forcing standard behaviour and killing functionality?

Everyone here is posting "reasons" and "workarounds" but that's not the point. That's exactly the point why all this windows-user guys say "Linux is to complicated". In an Operating System called "Ubuntu" (we all now what the name means and what it stands for) which aims to be an OS for every user it is absolutely impossible to accept "workarounds". And all this worked fine in the last versions.

This has nothing todo with network-manager or linux kernel. And not even libc as dig doesn't use libc functions to resolve names.

I think that this can be worked around with tweaking /etc/gai.conf or by blacklisting the ipv6 kernel module

Work around in #66 worked for me. Before applying this workaround my resolv.conf file read as follows:

# Generated by NetworkManager
nameserver 192.168.1.254

After applying the workaround my resolv.conf file reads as follows:

# Generated by NetworkManager
nameserver 208.67.222.222
nameserver 208.67.220.220

@Laurent - I'm not familiar with the way confirmed Ubuntu bugs are dealt with, but since you changed the assignee to nobody, does this mean that the issue will not be addressed? And that many thousands or more of Karmic users will have the equivalent of dial-up speeds unless they are tech savvy and know how to tweak conf files or blacklist modules?

One could argue that the resolver could refrain from issuing IPv6 queries when no IPv6 connectivity is available. (I.e. just link-local addresses on the interfaces.) It might be too expensive to check this on each and every query but it would relieve the problem a bit.

Disabling IPv6 in Firefox by default is a very bad solution as we want to achieve IPv6 support out of the box. I also encountered those broken resolvers in the wild, though, and it resulted in me configuring sane DNS servers for the single Alice access point through NetworkManager, which works just fine. If there would be an anycasted DNS resolving offer out in the wild we could use that instead, but even then you usually rely on using the local DNS servers in case they give you different views in the corporate environment (to see local hosts or route requests differently).

@jordan.sc: IMHO assigning bugs to people or team like that is a good habit, you can subscribe them instead

I also think that ipv6 support must be on by default

I'll give it up... posting, confirming assigning bugs in this senseless bugtracking system with every ignorant hacker freak telling some stupid workarounds about howto edit some stupid config file. iMho A bugtracking System should keep track of bugs for people SOLVING Bugs. This one here should be called Workarounding System.

I mean i always told my Family and Friends to use Ubuntu because its EASY. Because its just WORKING unlike Windows. I told them "trhough your windows copys away you dont need them if you ever tried ubuntu".

And now? When i tell those guys aka "Users" or "Mortal" - hey the whole community knows about the Problem that your internet connection is as slow as in the early days back when you had a 56k Modem. But its ok for THEM because THEY are SELFISH and able to edit config files. And guys this is pretty important for IPV6 ???

I made the assignation to get someone to look at the PROBLEM not to disable ipv6. the should REPAIR this. So i assign it again. Will do this 1000 times more if i need to.

I've been experiencing similar slowdowns at work on my laptop using dnsmasq for caching. As soon as I bypass my local dnsmasq and start using the provided DNS servers directly, the slowdowns go away.

@cosmo et al., I reported that it also slows down my VMware host-only network communication when my laptop is without any connection to an outside network, so THERE IS NO INTERNET AND NO NAMESERVER AT ALL. Yet, I had to move mySQL from the host OS into the virtual (Ubuntu 9.10) machine in order to be able to continue working - because every single mySQL request, and there are a lot when you develop a website, took a few seconds longer than before the upgrade.

Also, I disabled IPv6 in grub (ipv6.disable=1) and while it helps Firefox (I re-enabled ipv6 in Firefox and it still worked) it did NOT help other applications: my ssh connection to a server on the Internet takes a loooooong time, but when I use "ssh -4" (tell ssh to use ipv4 only) it's immediate. AFTER I DISABLED IPV6?!

So the case is NOT as simple as some people want to make us believe, and it certainly is NOT a problem "of your router" (i.e. mine). See above.

I've been "doing Linux" since 1995, I even did kernel development (networking/firewall/network address translation) up to kernel 2.4. And I say this is a bug in Ubuntu!!! Okay, any number of exclamation marks, i.e. yelling, does not make me any more right, but... oh well.

But who cares, the only reason I'm still here is that SuSE's and Fedora's new releases are still two weeks away.

Don't assign bugs to persons or groups, it won't make anyone fix anything faster. And stop posting workarounds, the bug report should focus only on a SRU bugfix (use forums for workarounds). Only assign it to yourself if you intend to work on this bug and have the necessary skills. Many many bugs spiral out of control with rants and complaints and then the useful info gets buried and it takes longer to fix it.

The best thing you can do if you want this bug fixed faster is find someone on IRC who has got the skills to fix this bug and then post the LP url to them and explain why it's important.

This issue is serious, it affects a large percentage of the Ubuntu population and, as is obvious by this long discussion, is both a) annoying and b) hard to understand/diagnose/fix properly.

But, if you filter this conversation there is both a good diagnosis (#4) and a good, tested workaround (#74) implemented by engineers at RedHat. The one issue with the workaround is that it essentially disables IPv6 AAAA DNS record lookups when calling getadderinfo() with AF_UNSPEC.

In the README.txt of the RedHat workaround called "libwgetaddrinfo.so" you find:
"IPv6 lookup avoidance by LD_PRELOAD=libwgetaddrinfo.so. getaddrinfo will perform IPv4 and IPv6 lookups when using AF_UNSPEC." They also state that this technically breaks RFC2553 compliance, which is bad.

Right now, in the short term, we're faced with a "lesser of two evils" decision:
1. Adopt the RedHat solution and in the process break RFC2553 while fixing 100% of this problem.
2. Annoy and confuse 80-90% of the Ubuntu population by doing nothing.

Don't get me wrong, I am an IPv6 zealot, but it is counterproductive to the IPv6 cause to force people to disable/fix/workaround IPv6 by hand. That kind of deep mental scaring will end up generating negative PR (google: ipv6 sucks) which will only slow adoption.

I suggest that we adopt option #1 (the RedHat workaround) ASAP and deploy it before this becomes an even bigger firestorm (like an article in eWeek talking about Window 7's superior networking speeds). That's good for no one.

In the mean time we (that's the "royal we") should find some way to un-break the RFC2553 compliance perhaps by only enabling the workaround when the network interface is routed over a broken network (one that doesn't properly do AAAA DNS record lookups). But this will take time and some creativity and we can't afford to wait for that when there is a perfectly good solution available now.

I hope this suggestion is helpful and moves this issue toward resolution.

regards,

-greg

There is another option, and that is to enable IPv6 on the host, and
properly configure the local network and edge router to support IPv6.

Joe Klein

On Tue, Nov 3, 2009 at 2:35 PM, Martin Olsson <email address hidden> wrote:
> Don't assign bugs to persons or groups, it won't make anyone fix
> anything faster. And stop posting workarounds, the bug report should
> focus only on a SRU bugfix (use forums for workarounds). Only assign it
> to yourself if you intend to work on this bug and have the necessary
> skills. Many many bugs spiral out of control with rants and complaints
> and then the useful info gets buried and it takes longer to fix it.
>
> The best thing you can do if you want this bug fixed faster is find
> someone on IRC who has got the skills to fix this bug and then post the
> LP url to them and explain why it's important.
>
> ** Changed in: linux (Ubuntu)
>     Assignee: IPv6 Task Force (ipv6) => (unassigned)
>
> ** Changed in: network-manager (Ubuntu)
>     Assignee: IPv6 Task Force (ipv6) => (unassigned)
>
> --
> [karmic regression] all network apps / browsers suffer from multi-second delays by default due to IPv6 DNS lookups
> https://bugs.launchpad.net/bugs/417757
> You received this bug notification because you are a member of IPv6 Task
> Force, which is a bug assignee.
>
> Status in “linux” package in Ubuntu: Confirmed
> Status in “network-manager” package in Ubuntu: Confirmed
>
> Bug description:
> Binary package hint: firefox-3.5
>
> By default, when Firefox 3.5 is installed, web pages are loaded slowly and it looks like IPv6 DNS lookups is the cause. However, you can go to about:config and change network.dns.disableIPv6 to true, the problem gets fixed.
>
> ProblemType: Bug
> Architecture: i386
> Date: Sun Aug 23 12:06:13 2009
> DistroRelease: Ubuntu 9.10
> Package: firefox-3.5 3.5.2+nobinonly-0ubuntu2
> ProcEnviron:
>  LANG=en_US.UTF-8
>  SHELL=/bin/bash
> ProcVersionSignature: Ubuntu 2.6.31-6.26-generic
> SourcePackage: firefox-3.5
> Uname: Linux 2.6.31-6-generic i686
>

@JoeKlein: No it is not. It would be - if this were a Debian bugsite. However this is Ubuntu. It is getting a little tiring my friend, but I'm sure you too know who the target users of Ubuntu are vs. Debian or CentOS.

On Tue, Nov 03, 2009 at 06:39:06PM -0000, Michael Hasenstein wrote:
> Also, I disabled IPv6 in grub (ipv6.disable=1) and while it helps
> Firefox (I re-enabled ipv6 in Firefox and it still worked) it did NOT
> help other applications: my ssh connection to a server on the Internet
> takes a loooooong time, but when I use "ssh -4" (tell ssh to use ipv4
> only) it's immediate. AFTER I DISABLED IPV6?!
>
> So the case is NOT as simple as some people want to make us believe, and
> it certainly is NOT a problem "of your router" (i.e. mine). See above.

It's a problem with the nameserver on the router, not with the router
itself. If the libc does AAAA requests that are not properly answered
which it doesn't when you force it to (through -4) that's hardly the
fault of the C lib.

> I've been "doing Linux" since 1995, I even did kernel development
> (networking/firewall/network address translation) up to kernel 2.4. And
> I say this is a bug in Ubuntu!!! Okay, any number of exclamation marks,
> i.e. yelling, does not make me any more right, but... oh well.
>
> But who cares, the only reason I'm still here is that SuSE's and
> Fedora's new releases are still two weeks away.

Oh great. Rest assured that I experienced the same problem with Fedora, too.

Kind regards,
Philipp Kern

@Philipp: Since you even quoted my message, could you please explain how it can *only* be a nameserver issue if I have an issue with only a laptop-internal VMware network???

Right now I am seriously considering switching over to Fedora or openSUSE and scrapping Ubuntu. I am perfectly able to tweak conf files and apply workarounds, but I don't want to do it every minute of every day. I have work to do other than get the system running.
It seems to me that the management and developers of Ubuntu are lazy and trying to deny the problem. The problem is there whether they are a victim of it or not.
Articles saying how slow Ubuntu networking is compared to Windows 7 is certainly not going to help the Linux community at all. I know the developers put a lot of work into this release, but it won't be much more to apply a workaround. This bug has existed for over two months and that is plenty of time to apply a workaround and potentially a fix.

My work around of this issue in Karmic is to actually bypass the dhcp option in network connections and manually enter them. This worked even on the PowerPC Karmic install on my PowerBook G4.

So i thought that nothing changed in this since 9.04 when a lot of applications were ipv6 enabled....

The issue is that AAAA records are useful for computers which have ipv6 routes (on the internet).

So is this bug is new or valid....?. If some one can reproduce this and provide a tcpdump showing some evidence of extra look ups that would be interesting.

However, if the system does not have a valid ipv6 route i would hope that it does not try to connect to an ipv6 non-route-able host..... I know there is a problem when a *false* ipv6 route is advertised. In this case, there may be a problem. Unlike ipv4, ipv6 is not widely deployed so checking if a route is valid *may* be a good idea(throw it away if there is a known working ipv4 route). I am not sure what networking-manager does.

If there is a library waiting for the response of an ipv6 request and there is no ipv6 route.... that is an issue.

Thank you Gregory Burd this is what me and 80-90% of the Ubuntu population wanted to hear.

I also approve of Gregory Burds suggestion #98

and why not blacklisting the loading of the ipv6 module instead of replacing system functions like that?
In that way we don't even break RFC's

Suggestion #98 seems to be the most reasonable so far...

The RH workaround with a preload library isn't something that we could sensibly put into an SRU, since you'd have to preload it for every single program that does DNS resolution (and there are thousands in the archive).

Just to ensure that we are all talking about the same thing, this is what I see:

$ time host www.ubuntu.com
www.ubuntu.com has address 91.189.90.40 <- appears immediately
[20 second pause here]
;; connection timed out; no servers could be reached
;; connection timed out; no servers could be reached

real 0m20.371s
user 0m0.000s
sys 0m0.050s

> and why not blacklisting the loading of the ipv6 module instead of replacing system functions like that?

IPv6 is built into our kernel, there are no modules. But perhaps we could modularize those in the kernel? Kernel team, does the Jaunty kernel have a different IPv6 setup than Lucid? We didn't have this problem in Jaunty, and I don't believe it's a glibc regression (since a jaunty chroot on karmic kernel has the same problem).

I strongly disagree, breaking IPv6 globally just because some people sit on broken resolvers is extremely bad. I suspect the IPv6 users group is at least as big as the one sitting on broken resolvers, and while the IPv6 group is getting larger every day the broken resolvers group should stagnate or even get smaller.

Earlier Ubuntu versions had a patched libc6 that disabled AAAA lookups for AF_UNSPEC _IF_ no global IPv6 addresses were configured on the system. This could be a way forward and would be in line what Windows is doing today.

I'm sorry, but blacklisting IPv6 is unacceptable. The 'apocalypse' is drawing near — current projections point to 2012 as the most likely date.

So it's almost certain that by 2011 the majority of Internet users will have an IPv6 connection.

And then this begs the question: will Ubuntu 10.04 systems be in production in 2012. Of *course*!

Therefore anybody with the slightest bit of common sense cannot possibly for a moment consider disabling IPv6 out-of-the-box. Having IPv6 work out-of-the-box is extremely important, despite the issues people are having now (which, to be honest, are due to broken IPv6 connectivity or broken DNS resolvers; not Ubuntu's fault, and not something we should fix).

If this is the attitude it is a sad day.

Two very high profile OS launches around the same time. Windows 7, and Ubuntu 9.10. Plug a Windows 7 box into my router, and everything is fine. Plug an Ubuntu 9.10 box into my router, and my internet experience is dog slow. But it's ok, i'm sure the general public will understand that Ubuntu 9.10 is still superior, it's actually Windows 7 that is broken, believe it or not!

Ubuntu 8.04 and 9.04 are also "broken", so if you want a good internet experience, perhaps downgrade to one of those fine distributions

I presume the official Ubuntu solution then is not to use routers with crap DNS resolvers on them. Everyone should be petitioning their ISP to send out routers to all customers that have built in DNS resolvers that correctly support ipv6! I'm sure the ISPs will definitely want to help out here, I'm sure it won't cost them much to replace all of these routers in Germany, France, the USA, Ireland, etc.

*sigh*

@ Martin Pit - Excellent points and I see where the RH solution is not the
best for some obvious technical reasons (Doh! I didn't think that one
completely through, my mistake). Thanks for pointing that out to me.
@ Bernhard Schmidt - I too would like to gently move people forward, to have
ISPs and users replace "broken" equipment and to transition everyone to
IPv6. The reality is that this is a transition period and we need to deal
with a situation where we have a foot in both worlds. Clearly this
situation causes pain on both sides of the fence. The libc6 patch you
mention seems like a reasonable approach, maybe there is even a way to
improve it, and one that might get us through this intermediate stage. Once
IPv6 capable hardware is in the majority and I can call up any old ISP and
ask for IPv6 service (or better yet, not even have to make that call) then
we're past the tipping point and we don't have to keep the workaround patch
around. We're not there today.
@ Jeremy Visser - You are passionate and persuasive in your arguments. This
is not an discussion about who's at fault or how much time we have before
"the apocalypse", we need to separate passion from this discussion and move
on to fixing the problem. I'm simply trying to find a way to bring people
over to the IPv6 world without creating and equally dispassionate anti-IPv6
crowd along the way (take @ Jonzer's response as an example).

There is no need to be absolutists on this issue one way or the other.
 There has to be a technical solution that lets us live in the middle
ground, lets just engineer around this and get past the political bickering.
 :-)

I hope this helps,

-greg

Jonzer [2009-11-04 14:35 -0000]:
> I presume the official Ubuntu solution then is not to use routers with
> crap DNS resolvers on them.

It's not the official Ubuntu solution.

It will be very short sighted to disable IPv6 by default. Please do not consider it. If it still is feasible, +1 for the solution described in #111.

@ martin

Thanks for the clarification, apologies for the emotive nature of my contributions, but I find some of the other contributions here exasperating!

I presume Ubuntu 8.04 had IPV6 out of the box and it was fine, if it used the solution as suggested in #111 then that would appear to be the best way forward.

Well when I was talking about blacklisting the ipv6 module (that is not a module anymore, but anyway) it was talking about a configuration option (like on RH system) to easily prevent the loading of the module on boot, but I was not talking about blacklisting it _by default_ (as I'm also a big IPv6 fervent too, die NAT, die!)

Is this bug affecting every user of 9.10? I am not experiencing any lag. I have ipv4 on my home DSL.

So, it seems that there is growing consensus for #111 if not enabled by
default. But I wonder, is there no way to detect this situation and switch
between the two behaviors automatically? What if after a few failed AAAA
lookups the code says, "Ah ha! Network interface foo is on a link which
isn't quite ready for IPv6 because AAAA requests keep timing out which must
be annoying the heck out of the user of this system by now. From now on,
requests on the foo interface will skip the AAAA record lookup and go
directly for the A record instead." Do this after requests for AAAA records
continually timeout (it won't take long to see the pattern) and requests for
A records always succeed.

Note, this is just a crazy idea off the top of my head so feel free to tell
me, "Nope, sorry. Not a good solution." But if you do, could you also
explain to me your reasoning?

Again, just trying to find a happy middle ground, :-)

-greg

Ah, Tollef shed some light on this. Ubuntu's glibc up to early Karmic had a patch applied which disabled unnecessary IPv6 DNS lookups (http://err.no/patches/glibc-only-lookup-ipv6-if-it-makes-sense.diff). This was dropped in Karmic to fix some IPv6 lookup issues (bug 239701, bug 374674), but also caused this regressions.

Mithrandir| so I suspect somebody should take my patch, refine it so it doesn't just reject v6 addresses (try again after processing if there no hits, allowing ipv6 then, or something like that)

I confirm that in my dapper to jaunty chroots "normal" applications like wget, apt-get, firefox etc. work just fine. I was just misled to think it'd be a kernel issue because I used "host" (which also times out).

http://bugs.debian.org/435646 is related to this, BTW.

Would it be reasonably to reapply the patch as it is for karmic-updates (reopening the other two bugs) and refine the patch for lucid?

On Wed, Nov 04, 2009 at 06:09:41PM -0000, Martin Pitt wrote:
> Would it be reasonably to reapply the patch as it is for karmic-updates
> (reopening the other two bugs) and refine the patch for lucid?

Would by the best solution, if you ask me.

!mithrandir++

--
Mark Schouten <email address hidden>

I inadvertently changed the status from "triaged" to "fix committed" and can't seem to change it back. I apologize for that. Can someone please correct? Thanks.

]] Martin Pitt

| Ah, Tollef shed some light on this. Ubuntu's glibc up to early Karmic
| had a patch applied which disabled unnecessary IPv6 DNS lookups
| (http://err.no/patches/glibc-only-lookup-ipv6-if-it-makes-sense.diff).
| This was dropped in Karmic to fix some IPv6 lookup issues (bug 239701,
| bug 374674), but also caused this regressions.
|
| Mithrandir| so I suspect somebody should take my patch, refine it so it
| doesn't just reject v6 addresses (try again after processing if there no
| hits, allowing ipv6 then, or something like that)

If you want to emulate a broken DNS server (regardless of whether you
have access to one), add something like the following iptables rule:

sudo iptables -A OUTPUT -p udp --dport 53 \! -f -m u32 --u32 "0 >> 22 & 0x3C @ 8 >> 11 & 0x1F = 0 && 0 >> 22 & 0x3C@ 17 & 0xFF @ 18 & 0xFF @ 21 & 0xFF = 0x1c" -j DROP

then try to look up sixxs.net or any other second-level domain. It does
not matter whether this actually has AAAA records or not. Assuming you
don't have any IPv6 address with scope >= site, this should be slow on
9.10 and fast on 7.04 through 9.04. If you have any IPv6 address with
scope >= site, it will be slow on all variants. (The reason for the
two-level limitation is due to limitations in the u32 classifier.)

--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

By now probably the best solution is to modify grub as stated in
http://www.webupd8.org/2009/11/how-to-disable-ipv6-in-ubuntu-910.html

I don't know if blacklisting / disabling ipv6 is good or bad idea and I don't really care. I only want for my browser work as it is supposed to. I know that if edit grub and disable ipv6 everything works smoothly and "clean" installation don't let me browse internet in peace.

I'm a regular internet user, not a techie like most of you. I reported this problem as bug #472586 before I stumbled across this bug report. I liked Ubuntu - before the upgrade. Now I'm screwed and can't use it, and I'm going back to Windows. Why was this upgrade released with a problem like this? For a regular person like me this is totally wrong. I had to put in a lot of time and effort to learn how to install Ubuntu, configure it, use it, etc... For every regular person who wants to try and use Ubuntu this is strong message: Ubuntu is for techies only; regular people are not invited.

Indeed the opendns is a good workaround.....however once applied, my
Thunderbird was no longer able to connect to smtp-msa.orange.fr, I had
to give it the numeric address 193.252.22.72

For testing I reactivated the IPv6 patch in eglibc and upload it to my PPA:

  https://launchpad.net/~pitti/+archive/ppa/+packages

eglibc (2.10.1-0ubuntu15.0test1) karmic; urgency=low

  * debian/patches/series: Apply any/local-ipv6-lookup.diff again to fix
    painfully long timeouts on DNS resolution, if routers do not send an
    answer to AAAA (IPv6) DNS queries. With this patch those DNS requests are
    not sent in the first place if there are no routable IPV6 interfaces.
    (LP: #417757) This reopens LP #239701, #374674, so a full solution would
    need to fix the patch properly.

This should at least provide a bandaid for the people subscribed here to get sanity again.

It works well for me. However, due to reopening the other two bugs this isn't a complete solution, so the patch needs refinement.

Oh, forgot: The amd64 packages are ready, i386 is still building. Should be available in < 1 hour.

Just wanted to say #19 fixed it for me.

Will anyone testing the patch mentioned in comments #121-130 please let us know how things are going? (=
Can anyone give a guesstimate as to when this patch will be released to the general public through karmic updates?
I've been trying to get my family and friends into Ubuntu, but I cannot recommend it to them until this very serious problem is resolved. I don't know anybody who would be fine to purchase a new modem/router for the sake of IPv6 in Ubuntu, at least not when everything, except Karmic, appears to be working fine. I believe no1lunchbox's comment (#127) hits the nail on the head.

In #132 SonicBOOM wrote "I don't know anybody who would be fine to purchase a new modem/router for the sake of IPv6 in Ubuntu, at least not when everything, except Karmic, appears to be working fine."

Like Bernard Bou (post #9) I am with Orange in France. I actually installed to a new Livebox last week and made sure everything was working fine in 9.04 before "upgrading" to 9.10 on three machines so even a brand new router does not help.

I realise the technically savvy posting above have put a lot of work into hacks and work-arounds but I endorse the comments in posts #14, #87, #88, #127 & #132. An average user wants things to work out of the box and 9.10 should not have been released like this. I am astounded this is not rated a "critical" bug.

Pessimistic estimates say that the problem we suspect (a DNS proxy that
cannot handle AAAA queries) affects about 0.5% of the global userbase.
50% of those can easily be fixed with a firmware upgrade of their
router, which is usually a very good idea anyway.

I'm sure there are regions with higher rates if a large provider gave
out broken systems, but generally saying that all Ubuntu 9.10
installations are affected and everyone has to purchase new routers is
pure FUD.

For the record, this bug can easily be tested with the following tools

$ time dig -t a noc.sixxs.net +nofail | grep -e status -e A -e time

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26324
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0
;noc.sixxs.net. IN A
;; ANSWER SECTION:
noc.sixxs.net. 85356 IN A 213.197.29.32
;; AUTHORITY SECTION:
;; Query time: 1 msec

real 0m0.025s
user 0m0.016s
sys 0m0.004s

$ time dig -t aaaa noc.sixxs.net +nofail | grep -e status -e AAAA -e time

; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14731
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 0
;noc.sixxs.net. IN AAAA
;; ANSWER SECTION:
noc.sixxs.net. 85342 IN AAAA 2001:838:1:1:210:dcff:fe20:7c7c
;; AUTHORITY SECTION:
;; Query time: 4 msec

real 0m0.024s
user 0m0.012s
sys 0m0.004s

You are only affected _if_ the first query is fast, but the second query
is very slow and/or shows something else than NOERROR in the first line
(SERVFAIL or REFUSED for example). If the DNS query is fine you should
not be affected.

@Bernhard #134 wrote
"Pessimistic estimates say that the problem we suspect (a DNS proxy that
cannot handle AAAA queries) affects about 0.5% of the global userbase.
50% of those can easily be fixed with a firmware upgrade of their
router, which is usually a very good idea anyway."

Even if a firmware upgrade of my router fixed this issue (and it did not), I cannot, nor am I authorized to do firmware upgrades at the local coffee shop, at the airport and at my place of business, all of which are locations in which the IPv6 bug slows my network connections to a crawl. My network speeds are quite fast when I use Ubuntu 9.04, PCLinuxOS 2009.2, Windows XP, Vista and 7 on my "broken" router and at the other locations I mentioned above.

Please, let's get this issue resolved within Ubuntu as none of us has the power or influence or wealth to fix all the world's "broken" routers and ISPs.

I have a Livebox too, but the newest firmware has just been auto-installed, and I still experienced the same problem.

So, following up on #13 and #32 worked for me.

Do we actually know which routers are causing problems?
I have a Netgear WGR614v6 patched with latest firmware V2.0.19_1.0.19
Does this problem only affect a few routers that do not support IPv6, if so which ones work?
Which home routers support IPv6 at the moment? I seem to find it hard to find any. If I was to buy a new router (and it is about time) I would want it to be IPv6 enabled.

@ Jordan.sc #135

> I cannot, nor am I authorized to do firmware upgrades at the local coffee shop
> at the airport and at my place of business

And generally these locations have neutered DNS already anyway, eg they only allow HTTP/HTTPS and generally only after authenticating (after being hijacked using DNS to their portal thingy). These locations (coffeeshops, hotels, airports, other generic hotspots etc etc) don't provide true internet anyway and are thus breaking already way too much protocol wise that there is nothing you can do about it.

The only thing you can do in those locations is to VPN out if you want to resolve that problem.

In the cases where DNS requests are not blocked (like in hotels and coffeeshops), you can setup pdns-recursor and use 127.0.0.1 in your resolv.conf

@Bernhard #134 wrote
"Pessimistic estimates say that the problem we suspect (a DNS proxy that
cannot handle AAAA queries) affects about 0.5% of the global userbase.

@Bernhard #134 wrote
50% of those can easily be fixed with a firmware upgrade of their
router, which is usually a very good idea anyway."

Do you have any verifiable and opposable reference on those figures?
Where is the study that produced those "pessimistic estimates" (...)
"0.5%" (...) "50% of those"(...) ?
What was the methodology used to produced those figures?
What was the sample?
How was it picked worldwide?

Thanks Jeroen. The pdns-recursor work around solved my issues with DNS-timeouts during package installation.

@Filofel #139
https://sites.google.com/site/ipv6implementors/conference2009/agenda/10_Lees_Google_IPv6_User_Measurement.pdf

This is as Jeroen and others have pointed out repeatedly, primarily an issue with broken resolvers/forwarders often part of cheap broadband/wlan routers. I just want to repeat that this isn't specific to IPv6, and emphasise that changes in karmic have made things worse.

Karmic always first tries to append the local/search-domain to requests. That is an important change from previous versions where search-domains are appended only when the client application only specifies the host-part.

In the last couple weeks I've come across number of different broadband CPE's (multiple brands) which have a DNS-forwarder that fails to forward nxdomain responses to the clients. In the past these clients would only experience delays for non-existent hosts. After upgrading to karmic they get a 20sec delay for every request. I.e. the user types "ubuntu.com" in the browser, karmic first tries "ubuntu.com.searchdomain" and sits waiting as the nxdomain-response is lost.

Is there a list of routers that work?

or what can a consumer look for to find a router that works?

Would there be any advantage to installing DD-WRT or some such to a problem router?

Slight update to #142.

I may have gotten protocol orders wrong in my analysis, or the dns-lookup-mechanism has been altered in the last libc update. The net result however, is still that every attempt by an application to connect to a v4-only host is preceded by a dns-request that result in a lost nxdomain response. Example: capturing DNS packets while connecting to a webserver with no v6-support reveal the following order of DNS queries and responses:

1. The client searches for an AAAA record. The DNS-server returns SOA with noerror.

2. The client tries the local variant of the AAAA record. The DNS-server returns NXDOMAIN which is lost in the faulty DNS-forwarder.

3. After timeout (20sec) the client goes looking for an A-record and succeeds.

Wouldn't it be preferable to prioritise differently? The client could send concurrent requests for A and AAAA, and drop the attempt on the local variant of AAAA when it gets one or more valid a-records.

@ Per Heldal / #43

glibc 2.10 does AAAA+A queries in parallel. I don't know if it does that also for the ones in the search path, which seems to be the problem you are describing above.

Nevertheless, search path should (afaik) only be applied to non-FQDN hostnames (eg 'www' or 'hostname') not to anything containing already a domain (eg 'www.domain'). When this is done and users type eg 'ubuntu.org' then the local search path does not come into play.

The problem that I have seen with recursors (even one on an old dd-wrt as even dnsmasq had this issue quite some time ago, but if you don't update it doesn't get fixed ;) was that it simply completely silently dropped AAAA queries. It didn't even try to forward them. No response nothing. Even for www.ubuntu.org etc. Which is another error case from the scenario you describe, which is even funnier, as NXDOMAIN should definitely be handled properly (if they don't how the heck does that DNS recursor even work when somebody mistypes a URL ? :).

This is an Ubuntu bug, plain and simple. My DNS resolver didn't suddenly grow issues because I updated my OS. This is completely unacceptable for an operating system that touts itself as being "Linux for Humanbeings", where is the user-friendliness in breaking Internet connectivity for a lot of people? By all means, change it but give a fair warning; "If you are not using a very modern router do not upgrade as we don't care about you" and provide a one-click button after install and fixes the issue, rather than having people chasing their tails, disabling IPv6 etc. etc. Especially since most of those "fixes" are voodoo magic posted by clueless idiots -- fixing Firefox and no other application is not a fix.

WORKING FIX (run as root of course):

apt-get install pdns-recursor resolvconf
echo "nameserver 127.0.0.1" >> /etc/resolvconf/resolv.conf.d/base
resolvconf -u

1) This will effectively install pdns_recursor which is a DNS recursor that simply works(tm) and it installs the resolvconf framework (which you most likely already have)
2) this echo sets the nameserver to 127.0.0.1, aka pdns
3) update resolv.conf with the above info

You should now have "nameserver 127.0.0.1" in /etc/resolv.conf and all your DNS queries should be super duper fast again (also because they get locally cached a bit ;)

Of course if you have a firewall between your host and the Internet where DNS servers exist the above might not work when DNS gets blocked...

I would almost suggest that Ubuntu make the above the default. The problem is though that little firewall thing, if that is there or you visit some netcafe or other network where only HTTP/HTTPS works, then indeed it does not work...

Cromartie [2009-11-09 13:31 -0000]:
> This is an Ubuntu bug, plain and simple.

Folks, please calm down. As the bug status shows, it is an
acknowledged and open bug report, and there was no official statement
like "your router sucks, bad luck, go away". There is a new glibc
package for testing, and several workarounds were proposed, and
eventually we'll fix this in karmic-updates properly.

> Especially since most of those "fixes" are voodoo magic posted by
> clueless idiots -- fixing Firefox and no other application is not a fix.

Watch your language. The other people subscribed here are trying to
help! This conduct is unacceptable.

Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)

Thanks Jeroen, I will try this tonight, when I get home. I don't really care
if it comes as an update or a work around, as long as it works. So thanks
for the tip.

On Mon, Nov 9, 2009 at 7:08 AM, Martin Pitt <email address hidden> wrote:

> Cromartie [2009-11-09 13:31 -0000]:
> > This is an Ubuntu bug, plain and simple.
>
> Folks, please calm down. As the bug status shows, it is an
> acknowledged and open bug report, and there was no official statement
> like "your router sucks, bad luck, go away". There is a new glibc
> package for testing, and several workarounds were proposed, and
> eventually we'll fix this in karmic-updates properly.
>
> > Especially since most of those "fixes" are voodoo magic posted by
> > clueless idiots -- fixing Firefox and no other application is not a fix.
>
> Watch your language. The other people subscribed here are trying to
> help! This conduct is unacceptable.
>
> Martin
> --
> Martin Pitt | http://www.piware.de
> Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
>
> --
> [karmic regression] all network apps / browsers suffer from multi-second
> delays by default due to IPv6 DNS lookups
> https://bugs.launchpad.net/bugs/417757
> You received this bug notification because you are a direct subscriber
> of a duplicate bug.
>
> Status in “glibc” package in Ubuntu: Confirmed
> Status in “network-manager” package in Ubuntu: Invalid
> Status in “glibc” source package in Lucid: Confirmed
> Status in “network-manager” source package in Lucid: Invalid
> Status in “glibc” source package in Karmic: Confirmed
> Status in “network-manager” source package in Karmic: Invalid
>
> Bug description:
> In Karmic, DNS lookups take a very long time with some routers, because
> glibc's DNS resolver tries to do IPv6 (AAAA) lookups even if there are no
> (non-loopback) IPv6 interfaces configured. Routers which do not repond to
> this cause the lookup to take 20 seconds (until the IPv6 query times out).
>

--
Dmitriy Mestetskiy

I think the workaround worked, at least it looks like its gotten much
better.

On Tue, Nov 10, 2009 at 7:02 AM, Carropa <email address hidden> wrote:

> ** Changed in: glibc (Ubuntu Karmic)
> Status: Confirmed => Fix Released
>
> ** Changed in: glibc (Ubuntu Karmic)
> Status: Fix Released => Confirmed
>
> --
> [karmic regression] all network apps / browsers suffer from multi-second
> delays by default due to IPv6 DNS lookups
> https://bugs.launchpad.net/bugs/417757
> You received this bug notification because you are a direct subscriber
> of a duplicate bug.
>
> Status in “glibc” package in Ubuntu: Confirmed
> Status in “network-manager” package in Ubuntu: Invalid
> Status in “glibc” source package in Lucid: Confirmed
> Status in “network-manager” source package in Lucid: Invalid
> Status in “glibc” source package in Karmic: Confirmed
> Status in “network-manager” source package in Karmic: Invalid
> Status in “glibc” package in Fedora: Confirmed
>
> Bug description:
> In Karmic, DNS lookups take a very long time with some routers, because
> glibc's DNS resolver tries to do IPv6 (AAAA) lookups even if there are no
> (non-loopback) IPv6 interfaces configured. Routers which do not repond to
> this cause the lookup to take 20 seconds (until the IPv6 query times out).
>

--
Dmitriy Mestetskiy

I've seen this behavior in quite few installation I have done; and saying "install a DNS server/Edit sysctl.conf" should not be the answer to fix the problem, not everybody have the skills required to do that, and it should not be a requirement at all. I don't think this could be fixed for karmic at this point but it should be fixed for lucid, otherwise the "common" users (not experts) will get tired of using "software" that doesn't work (They can't browse the web the way they like). So far I just disable IPv6 in firefox after installing ( network.dns.disableIPv6 ), thats quite enough to make most users happy.

I think that given the fact that Ubuntu is free, its pretty good for an
operating system, even though sometimes it does come with hick ups. But I am
sure thats something, Ubuntu developers will strive to get ironed out in the
future. But like I said, its pretty good for being free.

On Sun, Nov 15, 2009 at 9:39 PM, Ricardo Fernández <email address hidden> wrote:

> I've seen this behavior in quite few installation I have done; and
> saying "install a DNS server/Edit sysctl.conf" should not be the answer
> to fix the problem, not everybody have the skills required to do that,
> and it should not be a requirement at all. I don't think this could be
> fixed for karmic at this point but it should be fixed for lucid,
> otherwise the "common" users (not experts) will get tired of using
> "software" that doesn't work (They can't browse the web the way they
> like). So far I just disable IPv6 in firefox after installing (
> network.dns.disableIPv6 ), thats quite enough to make most users happy.
>
> --
> [karmic regression] all network apps / browsers suffer from multi-second
> delays by default due to IPv6 DNS lookups
> https://bugs.launchpad.net/bugs/417757
> You received this bug notification because you are a direct subscriber
> of a duplicate bug.
>
> Status in “glibc” package in Ubuntu: Confirmed
> Status in “network-manager” package in Ubuntu: Invalid
> Status in “glibc” source package in Lucid: Confirmed
> Status in “network-manager” source package in Lucid: Invalid
> Status in “glibc” source package in Karmic: Confirmed
> Status in “network-manager” source package in Karmic: Invalid
> Status in “glibc” package in Fedora: Confirmed
>
> Bug description:
> In Karmic, DNS lookups take a very long time with some routers, because
> glibc's DNS resolver tries to do IPv6 (AAAA) lookups even if there are no
> (non-loopback) IPv6 interfaces configured. Routers which do not repond to
> this cause the lookup to take 20 seconds (until the IPv6 query times out).
>

--
Dmitriy Mestetskiy

I am experiencing the same problem. I am using one of Germany's largest Internet provider (T-Online) with a recent DSL/router combo that is handed out by them to their customers (Speedport W 303V, got is 6 months ago, updated to the newest firmware). So I think that probably a larger number of people than you think are affected by this bug (at least in Germany). I was able to bring my system into a usable state with the workaround of disabling IPv6 in the kernel by editing grub config file. But non-technical people, who cannot do things like that, will have a very bad experience and probably stop using Ubuntu, because the network is unusably slow for them. Please take this bug serious. I would say it is critical.

#155 you have rightly.

It's a critical bug

I have the same problem with my WRT54G router. I know this is a bug in the firmware not in Linux, but I do see this as a regression simply because I did not have the problem before. I simply don't need IPV6 yet, when I do, I'll think about upgrading my routers.

I now worked around it by installing the pdns-precursor, and setting 127.0.0.1 as DNS, but It would be very nice if a user-friendly workaround was added. Also, I can't use the internal DHCP-to-DNS functionality of my router anymore.

The same issue for me on DSL. I was working on 9.04 for a few months without problem, now absolutely no internet connection on 9.10 - neither in Mozilla, nor in Synaptic. However, as I run dual boot with XP, on Windows, network connection is fine. Lucky me...

There are so many bugs launched and so many forums with dozens of workarounds for experts, creating new bugs... Can somebody write a step by step solution for newbie?

0. The network is not working. (Don't tell me to download something).
1. What to do/rewrite/edit/launch to make a temporary workaround - network somehow working (mozilla, synaptic, or whatever)
2. What to do to download/get somehow some official fix (not creating new bugs) ... if it already exists.

I'm not satisfied with answers like "upgrade NM with ppa" or "try pppoeconf"... it doesn't tell me much.

Please, someone, make a clear summary.

Do not send me another links to read endless forums... I have spent hours reading them... I'm used to the plurality of responses and solutions while working with Ubuntu, but having such a major problem, I'm loosing my patience. It is a major issue and newbies are not able to spend days reading forums, that offer so many workarounds, that need to be topped by other workarounds... I need to see what to do right now and not to read what hundreds of people tried... Where is Ubuntu's official solution?

Thank you

This has been posted by Jeroen earlier, like days ago:

WORKING FIX (run as root of course):

apt-get install pdns-recursor resolvconf
echo "nameserver 127.0.0.1" >> /etc/resolvconf/resolv.conf.d/
base
resolvconf -u

1) This will effectively install pdns_recursor which is a DNS recursor that
simply works(tm) and it installs the resolvconf framework (which you most
likely already have)
2) this echo sets the nameserver to 127.0.0.1, aka pdns
3) update resolv.conf with the above info

You should now have "nameserver 127.0.0.1" in /etc/resolv.conf and all
your DNS queries should be super duper fast again (also because they get
locally cached a bit ;)

Of course if you have a firewall between your host and the Internet
where DNS servers exist the above might not work when DNS gets
blocked...

I would almost suggest that Ubuntu make the above the default. The
problem is though that little firewall thing, if that is there or you
visit some netcafe or other network where only HTTP/HTTPS works, then
indeed it does not work...

On Wed, Nov 18, 2009 at 4:45 AM, khaktus <email address hidden> wrote:

> The same issue for me on DSL. I was working on 9.04 for a few months
> without problem, now absolutely no internet connection on 9.10 - neither
> in Mozilla, nor in Synaptic. However, as I run dual boot with XP, on
> Windows, network connection is fine. Lucky me...
>
> There are so many bugs launched and so many forums with dozens of
> workarounds for experts, creating new bugs... Can somebody write a step
> by step solution for newbie?
>
> 0. The network is not working. (Don't tell me to download something).
> 1. What to do/rewrite/edit/launch to make a temporary workaround - network
> somehow working (mozilla, synaptic, or whatever)
> 2. What to do to download/get somehow some official fix (not creating new
> bugs) ... if it already exists.
>
> I'm not satisfied with answers like "upgrade NM with ppa" or "try
> pppoeconf"... it doesn't tell me much.
>
> Please, someone, make a clear summary.
>
> Do not send me another links to read endless forums... I have spent
> hours reading them... I'm used to the plurality of responses and
> solutions while working with Ubuntu, but having such a major problem,
> I'm loosing my patience. It is a major issue and newbies are not able to
> spend days reading forums, that offer so many workarounds, that need to
> be topped by other workarounds... I need to see what to do right now and
> not to read what hundreds of people tried... Where is Ubuntu's official
> solution?
>
> Thank you
>
> --
> [karmic regression] all network apps / browsers suffer from multi-second
> delays by default due to IPv6 DNS lookups
> https://bugs.launchpad.net/bugs/417757
> You received this bug notification because you are a direct subscriber
> of a duplicate bug.
>
> Status in “glibc” package in Ubuntu: Confirmed
> Status in “network-manager” package in Ubuntu: Invalid
> Status in “glibc” source package in Lucid: Confirmed
> Status in “network-manager” source package in Lucid: Invalid
> Status in “glibc” source package in Karmic: Confirmed
> Status in “network-manager” source package in Karmic: Invalid
> Status in “glibc” package in Fedora: Confi...

#159

That is not a fix, it is a "Workaround", and maybe it will work at the house, but in a secure network (like a company network) it will not work and it will make Ubuntu useless.

The only real fix to this is disabling IPv6 support (for desktop version). In the real world pretty much no one uses IPv6, I'm not quite sure why Ubuntu would want this enabled by default, maybe they can do it when everybody start using IPv6, meanwhile, it is worthless.

Well on company network they don't use home routers with buggy resolver...

Ricardo,

> version). In the real world pretty much no one uses IPv6, I'm not quite
> sure why Ubuntu would want this enabled by default, maybe they can do it
> when everybody start using IPv6, meanwhile, it is worthless.

Actually, based on my studies, over 4 million people use IPv6
transport on the IPv6 Internet. Many are unaware of the fact. Based on
a study of the DNS root servers, there are 10-20 million systems
making AAAA request, without IPv6 transport. Lastly, there are about
250-400 million systems shipped in the last 4 years with IPv6 services
enabled.

On the security side, if your firewalls and routers (and other IA
gear) are unable to process IPv6 packets, they are also unable to
protect against native and tunneled IPv6 attacks. So again the issue
is not that Ubuntu needs IPv6 disabled, the issue is people need to
update their infrastructure to IPv6 enabled devices to properly
protect their networks.

Link to presentations: http://sites.google.com/site/ipv6security/
Link to Video: http://www.ustream.tv/recorded/2504950/

Joe Klein

On Wed, Nov 18, 2009 at 3:19 PM, Ricardo Fernández <email address hidden> wrote:
> #159
>
> That is not a fix, it is a "Workaround", and maybe it will work at the
> house, but in a secure network (like a company network) it will not work
> and it will make Ubuntu useless.
>
> The only real fix to this is disabling IPv6 support (for desktop
> version). In the real world pretty much no one uses IPv6, I'm not quite
> sure why Ubuntu would want this enabled by default, maybe they can do it
> when everybody start using IPv6, meanwhile, it is worthless.
>
> --
> [karmic regression] all network apps / browsers suffer from multi-second delays by default due to IPv6 DNS lookups
> https://bugs.launchpad.net/bugs/417757
> You received this bug notification because you are a member of IPv6 Task
> Force, which is a direct subscriber.
>
> Status in “glibc” package in Ubuntu: Confirmed
> Status in “network-manager” package in Ubuntu: Invalid
> Status in “glibc” source package in Lucid: Confirmed
> Status in “network-manager” source package in Lucid: Invalid
> Status in “glibc” source package in Karmic: Confirmed
> Status in “network-manager” source package in Karmic: Invalid
> Status in “glibc” package in Fedora: Confirmed
>
> Bug description:
> In Karmic, DNS lookups take a very long time with some routers, because glibc's DNS resolver tries to do IPv6 (AAAA) lookups even if there are no (non-loopback) IPv6 interfaces configured. Routers which do not repond to this cause the lookup to take 20 seconds (until the IPv6 query times out).
>

#162

Yeah I'll tell my ISP to upgrade their Hardware because my Ubuntu doesn't work. That will surely work. *sigh*

Also they are over 600+ million internet users around the world (maybe more?), 4 millions using IPv6 is around 0.7% of the internet users.. so yeah, pretty much no one. And how many of thoses 4 millions use Ubuntu ? let me guess it should be below 0.1%, so, making IPv6 enabled by default will only be used by 0.1% (below that number to be honest). Default should be for the other 99.9%.

Yes they are a lot of systems shipped with IPv6, the point is thoses systems _works_ and Ubuntu 9.10 doesn't (not the whole distro of course, just this "cant use internet thing").

You can't ask everybody to update their whole network hardware to IPv6 to make Ubuntu works, thats quite hard to do, it is easier just to switch distro (Like Fedora, Debian, anything) or just Windows 7, and thats what most people will do when they try to use their favorite distro (Ubuntu) and notice the slow internet.

On the security side, just because a firewall/router doesn't process IPv6 it doesn't mean you can use some sort of attack, you can't attack something that doesn't understand you, at most you can just try to DoS it, so I'm quite sure no one is afraid of a IPv6 attack over a IPv4 network.

From libc.NEWS file:
  Starting with version 2.9-8, unified IPv4/IPv6 lookup have been enabled
  in the glibc's resolver. This is faster, fixes numerous of bugs, but is
  problematic on some broken DNS servers and/or wrongly configured
  firewalls.

  If such a DNS server is detected, the resolver switches (permanently
  for that process) to a mode where the second request is sent only when
  the first answer has been received. This means the first request will
  be timeout, but subsequent requests should be fast again. This
  behaviour can be enabled permanently by adding 'options single-request'
  to /etc/resolv.conf.

Could you try adding 'options single-request' in /etc/resolv.conf ?

an other option will be to install nscd (apt-get install nscd) that will cache dns requests locally (windows and macos does the same IIRC)

Ricardo,

Actually, if you are having the problem with your ISP, I suspect a
large number of technical and non-technical people on the same ISP are
having timeout problems with other operating systems and applications.
The difference is that you are a knowledgeable user that has
identified and knows how to solve the problem. E-mail me directly with
the ISP name and I would be willing to contact them about the problem.

Actually my studies show that 75% of device on the internet today have
or could have IPv6 enabled. I was only sharing the 'conservative
numbers'. The biggest jump in IPv6 users in the last 12 months was due
to BitTorrent clients on windows system enabling IPv6 tunneling
(Teredo).

Over the next 4 years, all of the major ISP's are expected to move
quickly to dual stack and IPv4 over IPv6 transport. Comcast should be
the first, followed the the crowd of cable provides then telcom
providers. So 0.1% might be small today, but should get to +1% by the
end of 2010.

Again on the security side, there are many attacks which have been and
are accruing on unsuspecting networks which have IPv6 enable but do
not have proper IPv6 security controls (IPv6 capable firewalls,
routers, IDS,...). The first attack was back in 2002 on a debian
distro that did not have IPv6 firewall enabled, but did have the IPv4
enabled. So continue to believe there are no IPv6 security attacks,
the same way as many people said back in 2002, there are no wifi
attacks and WEP is secure!

BTW, I am not having the problem, I loaded Miredo on my Ubuntu system
and it seem to be fine. With that in mind, have we considered just
having Miredo installed by default on the Distro?

Joe

On Wed, Nov 18, 2009 at 5:39 PM, Ricardo Fernández <email address hidden> wrote:
> #162
>
> Yeah I'll tell my ISP to upgrade their Hardware because my Ubuntu
> doesn't work. That will surely work. *sigh*
>
> Also they are over 600+ million internet users around the world (maybe
> more?), 4 millions using IPv6 is around 0.7% of the internet users.. so
> yeah, pretty much no one. And how many of thoses 4 millions use Ubuntu ?
> let me guess it should be below 0.1%, so, making IPv6 enabled by default
> will only be used by 0.1% (below that number to be honest). Default
> should be for the other 99.9%.
>
> Yes they are a lot of systems shipped with IPv6, the point is thoses
> systems _works_ and Ubuntu 9.10 doesn't (not the whole distro of course,
> just this "cant use internet thing").
>
> You can't ask everybody to update their whole network hardware to IPv6
> to make Ubuntu works, thats quite hard to do, it is easier just to
> switch distro (Like Fedora, Debian, anything) or just Windows 7, and
> thats what most people will do when they try to use their favorite
> distro (Ubuntu) and notice the slow internet.
>
> On the security side, just because a firewall/router doesn't process
> IPv6 it doesn't mean you can use some sort of attack, you can't attack
> something that doesn't understand you, at most you can just try to DoS
> it, so I'm quite sure no one is afraid of a IPv6 attack over a IPv4
> network.
>
> --
> [karmic regression] all network apps / browsers suffer from multi-second delays by de...

#166

8.04, 8.10, 9.04 (Ubuntu), Windows XP, Windows Vista, Windows 7, Fedora 9/10/11, Debian Lenny (and sid), all thoses Distro/OS works like a charm in my network, Ubuntu 9.10 (desktop-clients in my network) have a real slow "internet", so calling an ISP because a Linux distro doesn't work is not a real solution.

Please understand this is an Ubuntu 9.10 problem it is not an ISP or router or hardware or anything else but Ubuntu, simple as that. This isn't a forum about how cool IPv6 is and why we should use it, this is a bug tracking system where people report "Hey my internet doesn't work", so asking those people to upgrade their external hardware/software isn't a solution or a fix.

Well actually it IS an issue with the modem/router.

The previous version of ubuntu (windows and maybe OSX caches dns request or work differently) workaround this router bug. I seems that the workaround was causing other issues (see the 2 bugs mentioned earlier).

Did you try the solutions I proposed yesterday?

> Could you try adding 'options single-request' in /etc/resolv.conf ?

or

> an other option will be to install nscd (apt-get install nscd)

See http://udrepper.livejournal.com/20948.html (DNS NSS improvement paragraph)

#168

I tried "options single-request' in /etc/resolv.conf" yesterday and so far it doesn't work for me, but i need 2-3 days to get feedback from my ubuntu users in the network to see how it goes. The problem with this, is that the resolv.conf will change every time i change dhcp server, so I need to make the option permanent, I can't ask my users to edit system files to fix this, they have no idea how to use vi or sudo (to make the option permanent, it is not only editing /etc/resolv.conf).

I haven't tried the nscd one, I only use it to cache the ldap info, and I'm not quite sure I would like to have a local cache of my dns in each pc but thats me.

What is the status of this bug? Above it looks like it was fixed; "status: Confirmed → Fix Released", but at the top it only says the status is "Confirmed". If it is fixed, is the fixed package available now via Update Manager? Or do I have to enable other repos (Testing, Proposed, et al.) to get the fixed package?

I've used so many different work-arounds that I'm sure what worked and what didn't. Overall I'd like to fix this properly so does anyone know of a router or a list of routers that don't suffer from this problem? I am using a DSL-G604T on wireless.

Carlin [2009-11-20 7:01 -0000]:
> What is the status of this bug? Above it looks like it was fixed;
> "status: Confirmed → Fix Released", but at the top it only says the
> status is "Confirmed".

It was wrongly closed and reopened.

> If it is fixed, is the fixed package available now via Update
> Manager? Or do I have to enable other repos (Testing, Proposed, et
> al.) to get the fixed package?

As I wrote earlier, there is a package from a PPA which reapplies a
patch to glibc to fix this. But it reopens two other bugs. Laurent's
suggestion seems better, but I can't test it here (I'm in Dallas at
UDS). I can test it next week when I'm back home, or someone else test
Laurent's suggestion first.

Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)