Comment 162 for bug 417757

Ricardo,

> version). In the real world pretty much no one uses IPv6, I'm not quite
> sure why Ubuntu would want this enabled by default, maybe they can do it
> when everybody start using IPv6, meanwhile, it is worthless.

Actually, based on my studies, over 4 million people use IPv6
transport on the IPv6 Internet. Many are unaware of the fact. Based on
a study of the DNS root servers, there are 10-20 million systems
making AAAA request, without IPv6 transport. Lastly, there are about
250-400 million systems shipped in the last 4 years with IPv6 services
enabled.

On the security side, if your firewalls and routers (and other IA
gear) are unable to process IPv6 packets, they are also unable to
protect against native and tunneled IPv6 attacks. So again the issue
is not that Ubuntu needs IPv6 disabled, the issue is people need to
update their infrastructure to IPv6 enabled devices to properly
protect their networks.

Link to presentations: http://sites.google.com/site/ipv6security/
Link to Video: http://www.ustream.tv/recorded/2504950/

Joe Klein

On Wed, Nov 18, 2009 at 3:19 PM, Ricardo Fernández <email address hidden> wrote:
> #159
>
> That is not a fix, it is a "Workaround", and maybe it will work at the
> house, but in a secure network (like a company network) it will not work
> and it will make Ubuntu useless.
>
> The only real fix to this is disabling IPv6 support (for desktop
> version). In the real world pretty much no one uses IPv6, I'm not quite
> sure why Ubuntu would want this enabled by default, maybe they can do it
> when everybody start using IPv6, meanwhile, it is worthless.
>
> --
> [karmic regression] all network apps / browsers suffer from multi-second delays by default due to IPv6 DNS lookups
> https://bugs.launchpad.net/bugs/417757
> You received this bug notification because you are a member of IPv6 Task
> Force, which is a direct subscriber.
>
> Status in “glibc” package in Ubuntu: Confirmed
> Status in “network-manager” package in Ubuntu: Invalid
> Status in “glibc” source package in Lucid: Confirmed
> Status in “network-manager” source package in Lucid: Invalid
> Status in “glibc” source package in Karmic: Confirmed
> Status in “network-manager” source package in Karmic: Invalid
> Status in “glibc” package in Fedora: Confirmed
>
> Bug description:
> In Karmic, DNS lookups take a very long time with some routers, because glibc's DNS resolver tries to do IPv6 (AAAA) lookups even if there are no (non-loopback) IPv6 interfaces configured. Routers which do not repond to this cause the lookup to take 20 seconds (until the IPv6 query times out).
>