Hi, As I didn't see anything about this on infra-status... HTTPS pulls from anongit.gentoo.org are taking a long time because some of the server connections time out. It does eventually work (about 5 minutes) because after timing out git retries the connection with a different address. % GIT_CURL_VERBOSE=1 git remote update Fetching origin * Couldn't find host anongit.gentoo.org in the .netrc file; using defaults * Trying 88.198.51.10... * Trying 2a01:4f8:131:13c2:6e62:6dff:fe76:2d5a... * connect to 88.198.51.10 port 443 failed: Connection timed out * Trying 108.28.123.102... * connect to 2a01:4f8:131:13c2:6e62:6dff:fe76:2d5a port 443 failed: Connection timed out * Trying 2a01:4f8:202:4333::2... * Connected to anongit.gentoo.org (108.28.123.102) port 443 (#0) * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * NPN, negotiated HTTP1.1 * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server did not agree to a protocol * Server certificate: * subject: C=US; ST=New Mexico; L=Albuquerque; O=GENTOO Foundation, Inc.; CN=*.gentoo.org * start date: May 20 00:00:00 2014 GMT * expire date: Jul 12 12:00:00 2017 GMT * subjectAltName: anongit.gentoo.org matched * issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA * SSL certificate verify ok. > GET /git/repo/gentoo.git/info/refs?service=git-upload-pack HTTP/1.1 Host: anongit.gentoo.org User-Agent: git/2.4.10 Accept: */* Accept-Encoding: gzip Accept-Language: en-CA, *;q=0.9 Pragma: no-cache < HTTP/1.1 200 OK < Server: nginx < Date: Fri, 19 Feb 2016 21:15:00 GMT < Content-Type: application/x-git-upload-pack-advertisement < Transfer-Encoding: chunked < Connection: keep-alive < Keep-Alive: timeout=20 < Expires: Fri, 19 Feb 2016 21:30:00 GMT < Pragma: no-cache < Cache-Control: max-age=900 < Content-Security-Policy: default-src 'self' https://1b9a50f4f9de4348cd9f-e703bc50ba0aa66772a874f8c7698be7.ssl.cf5.rackcdn.com; img-src *; media-src *; style-src 'self' https://1b9a50f4f9de4348cd9f-e703bc50ba0aa66772a874f8c7698be7.ssl.cf5.rackcdn.com 'unsafe-inline' < * Connection #0 to host anongit.gentoo.org left intact Nmap reveals the problem. Seems that one or more servers simply does not respond (not even with port unreachable error) to HTTP(S): % host anongit.gentoo.org anongit.gentoo.org is an alias for anongit.geodns.gentoo.org. anongit.geodns.gentoo.org is an alias for anongit.geodns-americas.gentoo.org. anongit.geodns-americas.gentoo.org is an alias for anongit-v4v6.geodns-americas.gentoo.org. anongit-v4v6.geodns-americas.gentoo.org has address 88.198.51.10 anongit-v4v6.geodns-americas.gentoo.org has address 108.28.123.102 anongit-v4v6.geodns-americas.gentoo.org has address 148.251.78.52 anongit-v4v6.geodns-americas.gentoo.org has IPv6 address 2a01:4f8:202:4333::2 anongit-v4v6.geodns-americas.gentoo.org has IPv6 address 2a01:4f8:131:13c2:6e62:6dff:fe76:2d5a % nmap -6 -p 80,443,9418 2a01:4f8:202:4333::2 2a01:4f8:131:13c2:6e62:6dff:fe76:2d5a Starting Nmap 7.01 ( https://nmap.org ) at 2016-02-19 16:26 EST Nmap scan report for 2a01:4f8:202:4333::2 Host is up (0.085s latency). PORT STATE SERVICE 80/tcp open http 443/tcp open https 9418/tcp open git Nmap scan report for 2a01:4f8:131:13c2:6e62:6dff:fe76:2d5a Host is up (0.086s latency). PORT STATE SERVICE 80/tcp filtered http 443/tcp filtered https 9418/tcp open git Nmap done: 2 IP addresses (2 hosts up) scanned in 1.99 seconds % nmap -p 80,443,9418 88.198.51.10 108.28.123.102 148.251.78.52 Starting Nmap 7.01 ( https://nmap.org ) at 2016-02-19 16:27 EST Nmap scan report for swan.gentoo.org (88.198.51.10) Host is up (0.083s latency). PORT STATE SERVICE 80/tcp filtered http 443/tcp filtered https 9418/tcp open git Nmap scan report for static-108-28-123-102.washdc.fios.verizon.net (108.28.123.102) Host is up (0.0098s latency). PORT STATE SERVICE 80/tcp open http 443/tcp open https 9418/tcp open git Nmap scan report for oystercatcher.gentoo.org (148.251.78.52) Host is up (0.084s latency). PORT STATE SERVICE 80/tcp open http 443/tcp open https 9418/tcp open git Nmap done: 3 IP addresses (3 hosts up) scanned in 1.94 seconds
(In reply to Nick Bowler from comment #0) > Nmap reveals the problem. Seems that one or more servers simply does > not respond (not even with port unreachable error) to HTTP(S): swan.g.o wasn't properly set up, but should be now. Thanks for the report.
Hi, Looks like v4 is working now but DNS still shows a non-working server for v6: % host -t AAAA anongit.gentoo.org anongit.gentoo.org is an alias for anongit.geodns.gentoo.org. anongit.geodns.gentoo.org is an alias for anongit.geodns-americas.gentoo.org. anongit.geodns-americas.gentoo.org is an alias for anongit-v4v6.geodns-americas.gentoo.org. anongit-v4v6.geodns-americas.gentoo.org has IPv6 address 2a01:4f8:131:13c2:6e62:6dff:fe76:2d5a anongit-v4v6.geodns-americas.gentoo.org has IPv6 address 2a01:4f8:202:4333::2 % nmap -6 -p 80,443,9418 2a01:4f8:131:13c2:6e62:6dff:fe76:2d5a Starting Nmap 7.01 ( https://nmap.org ) at 2016-02-22 16:04 EST Nmap scan report for 2a01:4f8:202:4333::2 Host is up (0.086s latency). PORT STATE SERVICE 80/tcp open http 443/tcp open https 9418/tcp open git Nmap scan report for 2a01:4f8:131:13c2:6e62:6dff:fe76:2d5a Host is up (0.086s latency). PORT STATE SERVICE 80/tcp filtered http 443/tcp filtered https 9418/tcp open git Nmap done: 2 IP addresses (2 hosts up) scanned in 2.07 seconds On dual-stack hosts (like mine) this won't be a problem anymore since git connects to a v4 and v6 host in parallel (so only one needs to work). But for v6-only I think the problem is not fixed. (PS: rDNS appears broken for both those v6 addresses, but looks like the affected host is still swan.gentoo.org).
Try again on swan v6 https
