I upgraded my Ubuntu 12.04 server to use the IPv6 stack (which was quite easy), but stumled upon one problem: was unable to update the system from security.ubuntu.com repositories.
$ sudo apt-get update [...] Err http://security.ubuntu.com precise-security/main Sources 404 Not Found [IP: 2a02:2b88:2:1::a37:1 80] [...] Err http://security.ubuntu.com precise-security/multiverse i386 Packages 404 Not Found [IP: 2a02:2b88:2:1::a37:1 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/precise-security/main/source/Sources 404 Not Found [IP: 2a02:2b88:2:1::a37:1 80] W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/precise-security/restricted/source/Sources 404 Not Found [IP: 2a02:2b88:2:1::a37:1 80] [...] E: Some index files failed to download. They have been ignored, or old ones used instead.
Why the heck is apt trying to load patches from my own IP?!
I tried to draw updates using wget
$ wget --verbose http://security.ubuntu.com --2012-06-16 20:49:46-- http://security.ubuntu.com/ Resolving security.ubuntu.com (security.ubuntu.com)... 2a02:2b88:2:1::a37:1, 184.108.40.206, 220.127.116.11, ... Connecting to security.ubuntu.com (security.ubuntu.com)|2a02:2b88:2:1::a37:1|:80... connected. HTTP request sent, awaiting response... 200 OK
... and indeed, security.ubuntu.com resolves to my own server!! How come?
DNS records (and this bug) shows that the canonical.com server doesn't support IPv6 yet.
$ dig -t AAAA security.ubuntu.com ; <<>> DiG 9.8.1-P1 <<>> -t AAAA security.ubuntu.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31071 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;security.ubuntu.com. IN AAAA ;; AUTHORITY SECTION: ubuntu.com. 2994 IN SOA ns1.canonical.com. hostmaster.canonical.com. 2012061503 10800 3600 604800 3600
I had to dig deeper, and used Wireshark to see what's going on. The dump revealed that my system
But why the DNS resolver appended my own server name?? The answer lay in the /etc/network/interfaces file...
$ cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 18.104.22.168 netmask 255.255.255.0 network 22.214.171.124 broadcast 126.96.36.199 gateway 188.8.131.52 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 184.108.40.206 220.127.116.11 dns-search daysleeper.cz iface eth0 inet6 static address 2a02:2b88:2:1::a37:1 netmask 64 gateway 2a02:2b88:2:1::1
See the problem? ;) The resolvconf man page is absolutely vague about this, but the culprit here is the line dns-search daysleeper.cz.
Once I commented the line and restarted networking, all worked as expected.
daysleeper (zavináč) centrum (tečka) cz