Comment 125 for bug 417757

]] Martin Pitt

| Ah, Tollef shed some light on this. Ubuntu's glibc up to early Karmic
| had a patch applied which disabled unnecessary IPv6 DNS lookups
| (http://err.no/patches/glibc-only-lookup-ipv6-if-it-makes-sense.diff).
| This was dropped in Karmic to fix some IPv6 lookup issues (bug 239701,
| bug 374674), but also caused this regressions.
|
| Mithrandir| so I suspect somebody should take my patch, refine it so it
| doesn't just reject v6 addresses (try again after processing if there no
| hits, allowing ipv6 then, or something like that)

If you want to emulate a broken DNS server (regardless of whether you
have access to one), add something like the following iptables rule:

sudo iptables -A OUTPUT -p udp --dport 53 \! -f -m u32 --u32 "0 >> 22 & 0x3C @ 8 >> 11 & 0x1F = 0 && 0 >> 22 & 0x3C@ 17 & 0xFF @ 18 & 0xFF @ 21 & 0xFF = 0x1c" -j DROP

then try to look up sixxs.net or any other second-level domain. It does
not matter whether this actually has AAAA records or not. Assuming you
don't have any IPv6 address with scope >= site, this should be slow on
9.10 and fast on 7.04 through 9.04. If you have any IPv6 address with
scope >= site, it will be slow on all variants. (The reason for the
two-level limitation is due to limitations in the u32 classifier.)

--
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are