Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No IPv6 for deb.nodesource.com #170

Closed
igalic opened this issue Nov 10, 2015 · 25 comments
Closed

No IPv6 for deb.nodesource.com #170

igalic opened this issue Nov 10, 2015 · 25 comments

Comments

@igalic
Copy link

@igalic igalic commented Nov 10, 2015

Hi folks,

i'd like to report an issue with deb.nodesource.com:

igalic@levix ~> dig in AAAA deb.nodesource.com

; <<>> DiG 9.9.5-9ubuntu0.3-Ubuntu <<>> in AAAA deb.nodesource.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47273
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;deb.nodesource.com.            IN      AAAA

;; AUTHORITY SECTION:
nodesource.com.         10800   IN      SOA     rodney.ns.cloudflare.com. dns.cloudflare.com. 2019875292 10000 2400 604800 3600

;; Query time: 15 msec
;; SERVER: 10.1.7.42#53(10.1.7.42)
;; WHEN: Tue Nov 10 22:17:02 CET 2015
;; MSG SIZE  rcvd: 108

igalic@levix ~>

it's unreachable via IPv6, so we have to use workarounds like dns64 to get it installed.

@bastelfreak
Copy link

@bastelfreak bastelfreak commented Nov 10, 2015

👍 for fixing this. Could you please deploy IPv6?

@ehwat
Copy link

@ehwat ehwat commented Nov 10, 2015

+1

@igalic
Copy link
Author

@igalic igalic commented Nov 10, 2015

what i find bizarre is that this is hosted on cloudflare, and it's not just supported out of the box

@rvagg
Copy link
Contributor

@rvagg rvagg commented Nov 14, 2015

It's not hosted on CloudFlare, just the DNS is, we'll have to enable ipv6 on the box and update DNS for it. I've got it on my TODO list.

@igalic
Copy link
Author

@igalic igalic commented Nov 17, 2015

💜

@rotanid
Copy link

@rotanid rotanid commented Nov 22, 2015

clodflare translates from IPv6 to your boxes IPv4, you just have to activate it in your cloudflare account - many websites use this feature

@bastelfreak
Copy link

@bastelfreak bastelfreak commented Jan 4, 2016

Hi,
how is the current state @rvagg, any updates?

@rvagg
Copy link
Contributor

@rvagg rvagg commented Jan 5, 2016

I think this is good to go now .. had a few issues with DNS and I'm not on an ipv6 connection atm to test. Let me know how it goes.

@rvbhute
Copy link

@rvbhute rvbhute commented Jan 8, 2016

I am getting errors since last couple of days.

W: Failed to fetch https://deb.nodesource.com/node_4.x/dists/trusty/main/binary-amd64/Packages Failed to connect to deb.nodesource.com port 443: Network is unreachable

Attaching gist with curl -v command output. Connecting via VPN or another ISP does not give this error.

https://gist.github.com/rvbhute/2dac82a5a5d40ebc9c2b

@bastelfreak
Copy link

@bastelfreak bastelfreak commented Jan 8, 2016

@rvagg it is possible that your IPv6 in general is broken, can you connect to other services like google.com?

@rvagg it is working fine, thanks:

$ curl -v https://deb.nodesource.com
* Rebuilt URL to: https://deb.nodesource.com/
*   Trying 2604:a880:1:20::13b:b001...
* Connected to deb.nodesource.com (2604:a880:1:20::13b:b001) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP1.1
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Unknown (67):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*    subject: C=US; ST=CA; L=Anaheim; O=Node Source, LLC; CN=*.nodesource.com
*    start date: Apr 20 00:00:00 2015 GMT
*    expire date: Jun 13 12:00:00 2018 GMT
*    subjectAltName: deb.nodesource.com matched
*    issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*    SSL certificate verify ok.
> GET / HTTP/1.1
> Host: deb.nodesource.com
> User-Agent: curl/7.46.0
> Accept: */*
> 
< HTTP/1.1 302 Moved Temporarily
< Server: nginx
< Date: Fri, 08 Jan 2016 10:39:17 GMT
< Content-Type: text/html
< Content-Length: 154
< Connection: keep-alive
< Location: https://github.com/nodesource/distributions
< Strict-Transport-Security: max-age=15552000
< 
<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host deb.nodesource.com left intact
@daenney
Copy link

@daenney daenney commented Jan 8, 2016

Do note that because of the redirect to Github, which doesn't do IPv6, this still won't work for a system that can not talk IPv4. If you let curl follow the redirect:

* Connected to github.com (192.30.252.130) port 443 (#0)

If you can turn this into a Github Pages, then using a CNAME at Cloudflare to point it this way and send the traffic through the Cloudflare network instead (not just the DNS lookup) Cloudflare will proxy the request for you and will then be delivered over IPv6.

@rvbhute
Copy link

@rvbhute rvbhute commented Jan 8, 2016

I am on IPv4, on all 3 ISPs. All other traffic (browser, xmpp, apt updates from other repos) is fine. The connection which has a problem right now also used to work fine till about three days ago more or less (around the same time the DNS was updated) which is why I don't think it is an ISP problem.

Running the curl test, for other two ISPs (ADSL and 3G hotspot), it shows Immediate connect fail for 2604:a880:1:20::13b:b001: Network is unreachable and then successfully connects to deb.nodesource.com on its resolved IPv4 address.

First output is the one where it fails

rohit@ryujin:~$ curl -v https://deb.nodesource.com
* Rebuilt URL to: https://deb.nodesource.com/
* Hostname was NOT found in DNS cache
*   Trying 192.241.233.42...
*   Trying 2604:a880:1:20::13b:b001...
* connect to 2604:a880:1:20::13b:b001 port 443 failed: Network is unreachable
* Failed to connect to deb.nodesource.com port 443: Network is unreachable
* Closing connection 0
curl: (7) Failed to connect to deb.nodesource.com port 443: Network is unreachable

Trying with the IP address

rohit@ryujin:~$ curl -v https://192.241.233.42
* Rebuilt URL to: https://192.241.233.42/
* Hostname was NOT found in DNS cache
*   Trying 192.241.233.42...
* Connected to 192.241.233.42 (192.241.233.42) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*    subject: C=US; ST=CA; L=Anaheim; O=Node Source, LLC; CN=*.nodesource.com
*    start date: 2015-04-20 00:00:00 GMT
*    expire date: 2018-06-13 12:00:00 GMT
* SSL: certificate subject name '*.nodesource.com' does not match target host name '192.241.233.42'
* Closing connection 0
* SSLv3, TLS alert, Client hello (1):
curl: (51) SSL: certificate subject name '*.nodesource.com' does not match target host name '192.241.233.42'

These two are from ISPs that work correctly. Apologies for the wall of text.

rohit@ryujin:~$ curl -v https://deb.nodesource.com
* Rebuilt URL to: https://deb.nodesource.com/
* Hostname was NOT found in DNS cache
*   Trying 192.241.233.42...
*   Trying 2604:a880:1:20::13b:b001...
* Immediate connect fail for 2604:a880:1:20::13b:b001: Network is unreachable
* Connected to deb.nodesource.com (192.241.233.42) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*    subject: C=US; ST=CA; L=Anaheim; O=Node Source, LLC; CN=*.nodesource.com
*    start date: 2015-04-20 00:00:00 GMT
*    expire date: 2018-06-13 12:00:00 GMT
*    subjectAltName: deb.nodesource.com matched
*    issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*    SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: deb.nodesource.com
> Accept: */*
> 
< HTTP/1.1 302 Moved Temporarily
* Server nginx is not blacklisted
< Server: nginx
< Date: Fri, 08 Jan 2016 10:47:40 GMT
< Content-Type: text/html
< Content-Length: 154
< Connection: keep-alive
< Location: https://github.com/nodesource/distributions
< Strict-Transport-Security: max-age=15552000
< 
<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host deb.nodesource.com left intact
rohit@ryujin:~$ curl -v https://deb.nodesource.com
* Rebuilt URL to: https://deb.nodesource.com/
* Hostname was NOT found in DNS cache
*   Trying 192.241.233.42...
*   Trying 2604:a880:1:20::13b:b001...
* Immediate connect fail for 2604:a880:1:20::13b:b001: Network is unreachable
* Connected to deb.nodesource.com (192.241.233.42) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*    subject: C=US; ST=CA; L=Anaheim; O=Node Source, LLC; CN=*.nodesource.com
*    start date: 2015-04-20 00:00:00 GMT
*    expire date: 2018-06-13 12:00:00 GMT
*    subjectAltName: deb.nodesource.com matched
*    issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
*    SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.35.0
> Host: deb.nodesource.com
> Accept: */*
> 
< HTTP/1.1 302 Moved Temporarily
* Server nginx is not blacklisted
< Server: nginx
< Date: Fri, 08 Jan 2016 10:48:34 GMT
< Content-Type: text/html
< Content-Length: 154
< Connection: keep-alive
< Location: https://github.com/nodesource/distributions
< Strict-Transport-Security: max-age=15552000
< 
<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host deb.nodesource.com left intact
@rvagg
Copy link
Contributor

@rvagg rvagg commented Jan 8, 2016

OK folks, we're getting reports of problems from a number of sources so for now we're moving the IPv6 address onto deb6.nodesource.com and rpm6.nodesource.com, leaving the vanilla ones IPv4-only. If you want to use IPv6 then switch hostnames in /etc/apt/sources.list*.

@retrohacker
Copy link
Contributor

@retrohacker retrohacker commented Jun 6, 2016

This appears to have been resolved. Adding the deb6 and rpm6 urls to the FAQ section in #308

@retrohacker retrohacker closed this Jun 6, 2016
@retrohacker
Copy link
Contributor

@retrohacker retrohacker commented Jun 6, 2016

If IPv6 support is still a problem, feel free to reopen this issue and we can explore.

@rotanid
Copy link

@rotanid rotanid commented Jun 6, 2016

  1. i can't find it in the FAQ section
  2. you didn't fix it, dual-stack was asked here and providing a different URL is not a solution for that
retrohacker added a commit that referenced this issue Jun 7, 2016
@retrohacker retrohacker reopened this Jun 7, 2016
@retrohacker
Copy link
Contributor

@retrohacker retrohacker commented Jun 7, 2016

Thanks, @rotanid,

I pulled the trigger too quickly on closing this issue during the cleanup of this repo. It has been re-opened. Sorry!

@rvagg
Copy link
Contributor

@rvagg rvagg commented Jun 8, 2016

can anyone point to an existing successfully dual-stack APT repo that we can poke at? I'm not seeing how we can achieve this and work around the problems that folks experienced when we turned on dual-stack.

@rotanid
Copy link

@rotanid rotanid commented Jun 8, 2016

like "ftp.debian.org"? that would be a big APT repo with dual-stack.

@rvagg
Copy link
Contributor

@rvagg rvagg commented Jun 8, 2016

mm, good one, so we need to work out why resolution order was messing up for people when we switched it on in the first place

@mweagle
Copy link

@mweagle mweagle commented Sep 9, 2016

Hi @igalic - we have migrated to CloudFront for hosting and it currently does not support ipv6 related. When it becomes available we will add support soon afterwards.

Ref: #353 (comment)

@mweagle mweagle closed this Sep 9, 2016
@chrislea
Copy link
Contributor

@chrislea chrislea commented Mar 3, 2017

We've supported ipv6 since CloudFront supported it. Here's the lookup from my laptop:

[chl@ilmare ~]$ host deb.nodesource.com
deb.nodesource.com is an alias for d2buw04m05mirl.cloudfront.net.
d2buw04m05mirl.cloudfront.net has address 54.192.139.6
d2buw04m05mirl.cloudfront.net has address 54.192.139.10
d2buw04m05mirl.cloudfront.net has address 54.192.139.25
d2buw04m05mirl.cloudfront.net has address 54.192.139.34
d2buw04m05mirl.cloudfront.net has address 54.192.139.61
d2buw04m05mirl.cloudfront.net has address 54.192.139.75
d2buw04m05mirl.cloudfront.net has address 54.192.139.154
d2buw04m05mirl.cloudfront.net has address 54.192.139.176
d2buw04m05mirl.cloudfront.net has IPv6 address 2600:9000:201d:3800:1f:6523:6040:93a1
d2buw04m05mirl.cloudfront.net has IPv6 address 2600:9000:201d:3c00:1f:6523:6040:93a1
d2buw04m05mirl.cloudfront.net has IPv6 address 2600:9000:201d:5a00:1f:6523:6040:93a1
d2buw04m05mirl.cloudfront.net has IPv6 address 2600:9000:201d:7800:1f:6523:6040:93a1
d2buw04m05mirl.cloudfront.net has IPv6 address 2600:9000:201d:9800:1f:6523:6040:93a1
d2buw04m05mirl.cloudfront.net has IPv6 address 2600:9000:201d:b000:1f:6523:6040:93a1
d2buw04m05mirl.cloudfront.net has IPv6 address 2600:9000:201d:d200:1f:6523:6040:93a1
d2buw04m05mirl.cloudfront.net has IPv6 address 2600:9000:201d:d800:1f:6523:6040:93a1
@kwakkel1000
Copy link

@kwakkel1000 kwakkel1000 commented Oct 10, 2017

Is deb.nodesource.com back to IPv4 only?

host deb.nodesource.com
deb.nodesource.com has address 54.192.129.224
deb.nodesource.com has address 54.192.129.96
deb.nodesource.com has address 54.192.129.140
deb.nodesource.com has address 54.192.129.247
deb.nodesource.com has address 54.192.129.43
deb.nodesource.com has address 54.192.129.183
deb.nodesource.com has address 54.192.129.123
deb.nodesource.com has address 54.192.129.119

I'm not sure since when (but not more then i week i think).
I actually think its since today (i see some caching where it still points to the CNAME where it still has AAAA)

@chrislea
Copy link
Contributor

@chrislea chrislea commented Oct 10, 2017

Thanks for the head's up @kwakkel1000. We just switched DNS authority and the IPV6 info didn't switch with it. We've updated accordingly and it should be fixed as soon as the update propagates (if not already). Here's from my home machine right now:

chl@luthien:~$ host deb.nodesource.com
deb.nodesource.com has address 54.230.86.17
deb.nodesource.com has address 54.230.86.54
deb.nodesource.com has address 54.230.86.100
deb.nodesource.com has address 54.230.86.175
deb.nodesource.com has address 54.230.86.198
deb.nodesource.com has address 54.230.86.210
deb.nodesource.com has address 54.230.86.224
deb.nodesource.com has address 54.230.86.239
deb.nodesource.com has IPv6 address 2600:9000:201e:2600:1f:6523:6040:93a1
deb.nodesource.com has IPv6 address 2600:9000:201e:4a00:1f:6523:6040:93a1
deb.nodesource.com has IPv6 address 2600:9000:201e:7400:1f:6523:6040:93a1
deb.nodesource.com has IPv6 address 2600:9000:201e:7e00:1f:6523:6040:93a1
deb.nodesource.com has IPv6 address 2600:9000:201e:b800:1f:6523:6040:93a1
deb.nodesource.com has IPv6 address 2600:9000:201e:ba00:1f:6523:6040:93a1
deb.nodesource.com has IPv6 address 2600:9000:201e:c400:1f:6523:6040:93a1
deb.nodesource.com has IPv6 address 2600:9000:201e:d400:1f:6523:6040:93a1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
You can’t perform that action at this time.