[URGENT] - IPv6 mirrors not syncing anymore from repo.manjaro.org

Feedback
9

Habe ich alles gemerkt, bin ja schliesslich kein Paladin von Karl dem Großen. :innocent:
Lustigerweise kriege ich zur Zeit Updates von den moson.eu und moson.org Servern,
WENN ich ipv6 deaktiviere auf meinem Computer - sonst gar keine…
.
Funnily enough, I am currently getting updates from the moson.eu and moson.de servers,
IF I disable ipv6 on my computer - else nothing …
.
(May be corona-infected - this is at the moment the way to explain everything???)

10

I deleted the AAAA record for repo.manjaro.org on our end. Depends when the DNS providers will sync it. We currently only whitelist IPv4 addresses, however rsyncd listens to both, hence the error when a server tried to do IPv6 communication with us. Have to look into it more before enabling IPv6 for rsyncd.

[phil@development grub.d]$ nslookup repo.manjaro.org
Server:		192.168.XX.X
Address:	192.168.XX.X#YY

Non-authoritative answer:
Name:	repo.manjaro.org
Address: 116.203.249.219
Name:	repo.manjaro.org
Address: 2a01:4f8:c17:5333::1
``
2 Likes
11

there is 3 ways to works

  • ipv4 mode
  • ipv4 & ipv6 ( dual with bridge )
  • ipv6 ( you cant reach by bridge ipv4 )
12

Well, yeah, because of this:

Then there must be something wrong with ipv6 in your network.
The mirror(s) definitely support it:

curl --ipv6 https://manjaro.moson.eu/pool/overlay/autogit-1.0-1-any.pkg.tar.zst --output testfile
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 12540  100 12540    0     0  1530k      0 --:--:-- --:--:-- --:--:-- 1530k
13 
German Telekom.
    $ curl --ipv6 https://manjaro.moson.eu/pool/overlay/autogit-1.0-1-any.pkg.tar.zst --output testfile                                                                             
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
      0     0    0     0    0     0      0      0 --:--:--  0:00:36 --:--:--     0^C
    [ xx]$ curl --ipv4 https://manjaro.moson.eu/pool/overlay/autogit-1.0-1-any.pkg.tar.zst --output testfile                                                                        [130]
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100 12540  100 12540    0     0   231k      0 --:--:-- --:--:-- --:--:--  231k
14

We need to consider - is IPv6 really needed - and what we have just learned - what are the implications of IPv6 addressing?

I can’t say I know - just read above.

I mean in retro-perspective it may be necessary but as this topic clear indicates there’s is a lot of problems - with the international routing.

The routing issue and the IP addressing is a problem and I think that until we have a plan or we know how to solve these IP issues we should stay away from IPv6.

2 Likes
15

I also specified now address = 116.203.249.219 in /etc/rsync.d.conf on the server. This should additionally prevent to listen to IPv6 requests for now. Report back if it helps or not, until all DNS providers are synced.

address

You can override the default IP address the daemon will listen on by specifying this value. This is ignored if the daemon is being run by inetd, and is superseded by the –address command-line option.

1 Like
16

@moson Can you check if your mirror has still the IPv6 address of repo.manjaro.org accessible via nslookup and see if the current setup will force your mirror automatically to communicate with our server only via IPv4?

17

My mirrors don’t resolve the AAAA anymore. The record is already gone.
So yeah, it is now also working again without forcing --ipv4 with rsync.

We just need to wait until it propagates around the world, then things should fix itself.

3 Likes
18 
nslookup repo.manjaro.org                                                                                                                                                [130]
Server:		192.168.xxx.x
Address:	192.168.xxx.x#yy

Non-authoritative answer:
Name:	repo.manjaro.org
Address: 116.203.249.219
Name:	repo.manjaro.org
Address: 2a01:4f8:c17:5333::1

nslookup forum.manjaro.org                                                                                                                                               
Server:		192.168.xxx.x
Address:	192.168.xxx.x#yy

Non-authoritative answer:
Name:	forum.manjaro.org
Address: 135.181.38.249
Name:	forum.manjaro.org
Address: 2a01:4f9:c010:b613::1
19

edit - nothing there it was my misreading

I was using a vpn and I mis-interpreted the answer - sorry.

20

edit: Thought, so :wink:

21 
$ dig repo.manjaro.org                                                                                                                                                          

; <<>> DiG 9.16.12 <<>> repo.manjaro.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65357
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;repo.manjaro.org.		IN	A

;; ANSWER SECTION:
repo.manjaro.org.	22048	IN	A	116.203.249.219

;; Query time: 329 msec
;; SERVER: 192.168.xxx.x#53(192.168.xxx.x)
;; WHEN: Fr Mär 05 14:13:36 CET 2021
;; MSG SIZE  rcvd: 61

or:
dig ipv6.google.com AAAA [9]

; <<>> DiG 9.16.12 <<>> ipv6.google.com AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16417
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;ipv6.google.com.		IN	AAAA

;; ANSWER SECTION:
ipv6.google.com.	27853	IN	CNAME	ipv6.l.google.com.
ipv6.l.google.com.	252	IN	AAAA	2a00:1450:4001:809::200e

;; Query time: 449 msec
;; SERVER: 127.0.0.0#yy(127.0.0.yy)
;; WHEN: So Mär 07 16:28:37 CET 2021
;; MSG SIZE  rcvd: 93
22

Maybe reason I use DNS over TLS??

Test

Dieser Text wird ausgeblendet

kdig +tls @fdns2.dismail.de manjaro.org                                                                                                                                       
;; WARNING: connection timeout for 2a01:4f8:c17:739a::2@853(TCP)
;; TLS session (TLS1.2)-(ECDHE-X25519)-(RSA-SHA256)-(CHACHA20-POLY1305)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 43380
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 4096 B; ext-rcode: NOERROR

;; QUESTION SECTION:
;; manjaro.org.        		IN	A

;; ANSWER SECTION:
manjaro.org.        	23084	IN	A	176.9.38.148

;; Received 56 B
;; Time 2021-03-05 14:33:06 CET
;; From 159.69.114.157@853(TCP) in 13.2 ms

EDIT: that has no influence on result…

23

In case you decide to re-enable IPv6, here a list of addresses for all mirror servers currently on the repo list. Note that these are the ones resolved from the domain names, it might not necessarily be the ones that are doing the syncing (although highly likely in most cases I guess).

IPv6 mirrors 
manjaro.lucassymons.net -> 2606:4700:20::ac43:4a3e
manjaro.lucassymons.net -> 2606:4700:20::681a:8e0
manjaro.lucassymons.net -> 2606:4700:20::681a:9e0
mirror.aarnet.edu.au -> 2001:388:30bc:cafe::beef
mirror.inode.at -> 2001:730:3e14:8000::228
mirror.easyname.at -> No V6 address
mirror.xeonbd.com -> No V6 address
mirror.datacenter.by -> 2a02:2208:1:3::12
ftp.belnet.be -> 2001:6a8:3c80::27
mirror.futureweb.be -> 2a05:2880:e:2::
manjaro.c3sl.ufpr.br -> 2801:82:80ff:8000::2
linorg.usp.br -> 2001:12d0:0:71::183:235
www.caco.ic.unicamp.br -> No V6 address
mirrors.netix.net -> 2a00:1728:20::2
manjaro.ipacct.com -> 2a01:9e40::183
manjaro.telecoms.bg -> No V6 address
mirror.csclub.uwaterloo.ca -> 2620:101:f000:4901:c5c:0:f:1055
osmirror.org -> No V6 address
manjaro.dcc.uchile.cl -> No V6 address
mirror.ufro.cl -> No V6 address
mirror1.cl.netactuate.com -> 2607:f740:56:100:baca:3aff:fe6d:228
mirrors.huaweicloud.com -> No V6 address
mirrors.aliyun.com -> No V6 address
mirrors.ustc.edu.cn -> 2001:da8:d800:95::110
mirrors.tuna.tsinghua.edu.cn -> 2402:f000:1:408:8100::1
mirrors.tuna.tsinghua.edu.cn -> 2402:f000:1:408:8100::1
mirrors.sjtug.sjtu.edu.cn -> No V6 address
mirrors.ucr.ac.cr -> No V6 address
mirror.dkm.cz -> 2a02:8300:8000:3::49
mirrors.dotsrc.org -> 2001:878:346::116
www.uex.dk -> No V6 address
mirror.oldsql.cc -> 2001:41d0:a:25b3::1
manjaro.mcofficer.me -> No V6 address
manjaro.ynh.ovh -> No V6 address
ftp.free.org -> 2a01:e0d:1:8:58bf:fa83:0:1
kibo.remi.lu -> No V6 address
meauzoone.fr -> No V6 address
manjaro.grena.ge -> No V6 address
mirror.alpix.eu -> 2a01:4f8:150:3055::2
manjaro.re -> No V6 address
mirror.atysleaks.org -> 2a03:4000:4e:caf:543d:50ff:fef9:9dca
mirror.23media.com -> 2a00:f48:1007:32::30
ftp.halifax.rwth-aachen.de -> 2a00:8a60:e012:a00::21
ftp.tu-chemnitz.de -> 2001:638:911:b0e:134:109:228:1
mirror.netzspielplatz.de -> No V6 address
mirror.netcologne.de -> 2001:4dd0:1234:1::deb
manjaro.moson.eu -> 2a03:4000:47:4db:d492:aaff:fed2:7b39
manjaro.moson.org -> 2a03:4000:31:587:98a3:4dff:fe66:6c02
ftp.cc.uoc.gr -> 2001:648:2c00:6c05::2
ftp.cuhk.edu.hk -> 2405:3000:3:4::e
quantum-mirror.hu -> No V6 address
mirrors.opensource.is -> 2a06:a101:80:80::2
mirrors.piconets.webwerks.in -> 2401:7500:fff5:1::50
mirror.deace.id -> 2606:4700:3033::ac43:aff7
mirror.deace.id -> 2606:4700:3030::6815:3811
kartolo.sby.datautama.net.id -> 2403:ba00:602::1e
repo.iut.ac.ir -> No V6 address
manjaro.mirror.garr.it -> 2001:760:ffff:b6:4:100:0:70
manjaro.mirror.garr.it -> 2001:760:ffff:b6:4:100:0:72
manjaro.mirror.garr.it -> 2001:760:ffff:b6:4:100:0:73
ba.mirror.garr.it -> 2001:760:ffff:b6:4:100:0:69
ct.mirror.garr.it -> 2001:760:ffff:b6:4:100:0:69
ftp.riken.jp -> No V6 address
ftp.tsukuba.wide.ad.jp -> 2001:200:0:7c06::9393
manjaro.mirror.liquidtelecom.com -> 2c0f:fe40:8001:10::1
mirror.easylee.nl -> 2a00:1768:1001:82:303:606:808:909
manjaro.mirrors.lavatech.top -> No V6 address
ftp.nluug.nl -> 2001:67c:6ec:221:145:220:21:40
ftp.snt.utwente.nl -> 2001:67c:2564:a120::20
mirror.koddos.net -> 2001:590:3803::31:151
manjaro.mirrors.theom.nz -> No V6 address
mirror.terrahost.no -> 2a03:94e0:1803::1
repo.inara.pk -> No V6 address
mirror.rise.ph -> No V6 address
mirror.tuchola-dc.pl -> 2001:67c:2ad8::241
ftp.vectranet.pl -> 2a00:9f00:0:3::90
ftp.dei.uc.pt -> No V6 address
mirror.yandex.ru -> 2a02:6b8::183
mirror.truenetwork.ru -> No V6 address
download.nus.edu.sg -> No V6 address
mirror.is.co.za -> No V6 address
manjaro.mirror.ac.za -> 2001:4200:fffc::101
mirror.d-tl.com -> No V6 address
mirror.krmir.org -> 2606:4700:3034::ac43:91c0
mirror.krmir.org -> 2606:4700:3032::6815:4f89
ftp.caliu.cat -> No V6 address
ftp.lysator.liu.se -> 2001:6b0:17:f0a0::fd
mirror.zetup.net -> 2a02:1380:2009:1::4
manjaro.osmir.ch -> No V6 address
mirror.init7.net -> 2001:1620::1620
free.nchc.org.tw -> 2001:e10:2000:240:e643:4bff:fee8:a63c
mirror.kku.ac.th -> 2001:3c8:c108:2895::2
ftp.linux.org.tr -> No V6 address
mirrors.colocall.net -> No V6 address
fastmirror.pp.ua -> 2a01:d0:fa02:5555:6829:17ff:fe25:da0c
www.mirrorservice.org -> 2001:630:341:12::184
manjaro.mirrors.uk2.net -> No V6 address
uk.mirrors.fossho.st -> No V6 address
repo.ialab.dsu.edu -> No V6 address
distro.ibiblio.org -> No V6 address
mirrors.ocf.berkeley.edu -> 2607:f140:8801::1:30
mirror.math.princeton.edu -> No V6 address
mirror.clarkson.edu -> 2605:6480:c051:100::1
mirror.dacentec.com -> 2607:5600::c7bf:385a
mirrors.gigenet.com -> 2001:1850:f000:f000:f000:f000::
us.mirrors.fossho.st -> No V6 address

And in case you use ufw for fire-walling here a list with rules:
(in case the server has multiple network interfaces, you might want to change the “any”…)

ufw rules v6 mirrors 
ufw allow from 2606:4700:20::ac43:4a3e to any port 873 comment "rsync: manjaro.lucassymons.net"
ufw allow from 2606:4700:20::681a:9e0 to any port 873 comment "rsync: manjaro.lucassymons.net"
ufw allow from 2606:4700:20::681a:8e0 to any port 873 comment "rsync: manjaro.lucassymons.net"
ufw allow from 2001:388:30bc:cafe::beef to any port 873 comment "rsync: mirror.aarnet.edu.au"
ufw allow from 2001:730:3e14:8000::228 to any port 873 comment "rsync: mirror.inode.at"
ufw allow from 2a02:2208:1:3::12 to any port 873 comment "rsync: mirror.datacenter.by"
ufw allow from 2001:6a8:3c80::27 to any port 873 comment "rsync: ftp.belnet.be"
ufw allow from 2a05:2880:e:2:: to any port 873 comment "rsync: mirror.futureweb.be"
ufw allow from 2801:82:80ff:8000::2 to any port 873 comment "rsync: manjaro.c3sl.ufpr.br"
ufw allow from 2001:12d0:0:71::183:235 to any port 873 comment "rsync: linorg.usp.br"
ufw allow from 2a00:1728:20::2 to any port 873 comment "rsync: mirrors.netix.net"
ufw allow from 2a01:9e40::183 to any port 873 comment "rsync: manjaro.ipacct.com"
ufw allow from 2620:101:f000:4901:c5c:0:f:1055 to any port 873 comment "rsync: mirror.csclub.uwaterloo.ca"
ufw allow from 2607:f740:56:100:baca:3aff:fe6d:228 to any port 873 comment "rsync: mirror1.cl.netactuate.com"
ufw allow from 2001:da8:d800:95::110 to any port 873 comment "rsync: mirrors.ustc.edu.cn"
ufw allow from 2402:f000:1:408:8100::1 to any port 873 comment "rsync: mirrors.tuna.tsinghua.edu.cn"
ufw allow from 2402:f000:1:408:8100::1 to any port 873 comment "rsync: mirrors.tuna.tsinghua.edu.cn"
ufw allow from 2a02:8300:8000:3::49 to any port 873 comment "rsync: mirror.dkm.cz"
ufw allow from 2001:878:346::116 to any port 873 comment "rsync: mirrors.dotsrc.org"
ufw allow from 2001:41d0:a:25b3::1 to any port 873 comment "rsync: mirror.oldsql.cc"
ufw allow from 2a01:e0d:1:8:58bf:fa83:0:1 to any port 873 comment "rsync: ftp.free.org"
ufw allow from 2a01:4f8:150:3055::2 to any port 873 comment "rsync: mirror.alpix.eu"
ufw allow from 2a03:4000:4e:caf:543d:50ff:fef9:9dca to any port 873 comment "rsync: mirror.atysleaks.org"
ufw allow from 2a00:f48:1007:32::30 to any port 873 comment "rsync: mirror.23media.com"
ufw allow from 2a00:8a60:e012:a00::21 to any port 873 comment "rsync: ftp.halifax.rwth-aachen.de"
ufw allow from 2001:638:911:b0e:134:109:228:1 to any port 873 comment "rsync: ftp.tu-chemnitz.de"
ufw allow from 2001:4dd0:1234:1::deb to any port 873 comment "rsync: mirror.netcologne.de"
ufw allow from 2a03:4000:47:4db:d492:aaff:fed2:7b39 to any port 873 comment "rsync: manjaro.moson.eu"
ufw allow from 2a03:4000:31:587:98a3:4dff:fe66:6c02 to any port 873 comment "rsync: manjaro.moson.org"
ufw allow from 2001:648:2c00:6c05::2 to any port 873 comment "rsync: ftp.cc.uoc.gr"
ufw allow from 2405:3000:3:4::e to any port 873 comment "rsync: ftp.cuhk.edu.hk"
ufw allow from 2a06:a101:80:80::2 to any port 873 comment "rsync: mirrors.opensource.is"
ufw allow from 2401:7500:fff5:1::50 to any port 873 comment "rsync: mirrors.piconets.webwerks.in"
ufw allow from 2606:4700:3030::6815:3811 to any port 873 comment "rsync: mirror.deace.id"
ufw allow from 2606:4700:3033::ac43:aff7 to any port 873 comment "rsync: mirror.deace.id"
ufw allow from 2403:ba00:602::1e to any port 873 comment "rsync: kartolo.sby.datautama.net.id"
ufw allow from 2001:760:ffff:b6:4:100:0:73 to any port 873 comment "rsync: manjaro.mirror.garr.it"
ufw allow from 2001:760:ffff:b6:4:100:0:70 to any port 873 comment "rsync: manjaro.mirror.garr.it"
ufw allow from 2001:760:ffff:b6:4:100:0:72 to any port 873 comment "rsync: manjaro.mirror.garr.it"
ufw allow from 2001:760:ffff:b6:4:100:0:69 to any port 873 comment "rsync: ba.mirror.garr.it"
ufw allow from 2001:760:ffff:b6:4:100:0:69 to any port 873 comment "rsync: ct.mirror.garr.it"
ufw allow from 2001:200:0:7c06::9393 to any port 873 comment "rsync: ftp.tsukuba.wide.ad.jp"
ufw allow from 2c0f:fe40:8001:10::1 to any port 873 comment "rsync: manjaro.mirror.liquidtelecom.com"
ufw allow from 2a00:1768:1001:82:303:606:808:909 to any port 873 comment "rsync: mirror.easylee.nl"
ufw allow from 2001:67c:6ec:221:145:220:21:40 to any port 873 comment "rsync: ftp.nluug.nl"
ufw allow from 2001:67c:2564:a120::20 to any port 873 comment "rsync: ftp.snt.utwente.nl"
ufw allow from 2001:590:3803::31:151 to any port 873 comment "rsync: mirror.koddos.net"
ufw allow from 2a03:94e0:1803::1 to any port 873 comment "rsync: mirror.terrahost.no"
ufw allow from 2001:67c:2ad8::241 to any port 873 comment "rsync: mirror.tuchola-dc.pl"
ufw allow from 2a00:9f00:0:3::90 to any port 873 comment "rsync: ftp.vectranet.pl"
ufw allow from 2a02:6b8::183 to any port 873 comment "rsync: mirror.yandex.ru"
ufw allow from 2001:4200:fffc::101 to any port 873 comment "rsync: manjaro.mirror.ac.za"
ufw allow from 2606:4700:3034::ac43:91c0 to any port 873 comment "rsync: mirror.krmir.org"
ufw allow from 2606:4700:3032::6815:4f89 to any port 873 comment "rsync: mirror.krmir.org"
ufw allow from 2001:6b0:17:f0a0::fd to any port 873 comment "rsync: ftp.lysator.liu.se"
ufw allow from 2a02:1380:2009:1::4 to any port 873 comment "rsync: mirror.zetup.net"
ufw allow from 2001:1620::1620 to any port 873 comment "rsync: mirror.init7.net"
ufw allow from 2001:e10:2000:240:e643:4bff:fee8:a63c to any port 873 comment "rsync: free.nchc.org.tw"
ufw allow from 2001:3c8:c108:2895::2 to any port 873 comment "rsync: mirror.kku.ac.th"
ufw allow from 2a01:d0:fa02:5555:6829:17ff:fe25:da0c to any port 873 comment "rsync: fastmirror.pp.ua"
ufw allow from 2001:630:341:12::184 to any port 873 comment "rsync: www.mirrorservice.org"
ufw allow from 2607:f140:8801::1:30 to any port 873 comment "rsync: mirrors.ocf.berkeley.edu"
ufw allow from 2605:6480:c051:100::1 to any port 873 comment "rsync: mirror.clarkson.edu"
ufw allow from 2607:5600::c7bf:385a to any port 873 comment "rsync: mirror.dacentec.com"
ufw allow from 2001:1850:f000:f000:f000:f000:: to any port 873 comment "rsync: mirrors.gigenet.com"
4 Likes
24

2 posts were split to a new topic: Pacman-mirrors message during ipv6 failure

25

Mirror server mirror.easylee.nl does not seem to be on your list. It has IPv6 connectivity as well.

26

? It’s there.

27

My mistake! Thanks!

28

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.