856850 – wiki.gentoo.org has AAAA record but drops TCP on port 443

Bug 856850 - wiki.gentoo.org has AAAA record but drops TCP on port 443

Summary: wiki.gentoo.org has AAAA record but drops TCP on port 443

Status:	UNCONFIRMED

Alias:	None

Product:	Gentoo Infrastructure
Classification:	Unclassified
Component:	Other web server issues (show other bugs)
Hardware:	All All

Importance:	Normal major (vote)
Assignee:	Gentoo Infrastructure

URL:	https://wiki.gentoo.org
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2022-07-07 10:04 UTC by Katze
Modified:	2022-07-29 18:49 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Katze 2022-07-07 10:04:42 UTC

Port 443 seems to be dropped by 2607:fcc0:4:ffff::5 (the address to which wiki.gentoo.org resolves for me).
As my network is IPv6-only with NAT64 for legacy IP this means that the native address is returned and there is no fallback to 204.187.15.5 (which'd be an entry of 64:ff9b::204.187.15.5 generated by my DNS server).
IPv6 is still broken for everyone, but more noticeably for me.

Reproducible: Always

Steps to Reproduce:
1. nc -z -w 4 -6 -v wiki.gentoo.org 443
Actual Results:  
nc: connect to wiki.gentoo.org port 443 (tcp) timed out: Operation now in progress

Expected Results:  
Connection to wiki.gentoo.org 443 port [tcp/https] succeeded!

If IPv6 is not currently intended to work, removing the IPv6 address would fix this for me as well as cause faster connection times for users with dual stack since the initial IPv6 connection would not be made (happy eyes algorithm does a good job but still causes *some* delay).

Comment 1 Emily Rowlands 2022-07-07 13:14:35 UTC

See also: bug 846491 and bug 850136

Comment 2 Alexey Vazhnov 2022-07-26 21:34:37 UTC

The same for me, IPv6 address is not reachable from 2 different locations.

One location:

```
 % host wiki.gentoo.org
wiki.gentoo.org is an alias for geese.gentoo.org.
geese.gentoo.org has address 204.187.15.5
geese.gentoo.org has IPv6 address 2607:fcc0:4:ffff::5

 % curl -v -6 https://wiki.gentoo.org
*   Trying 2607:fcc0:4:ffff::5:443...
* connect to 2607:fcc0:4:ffff::5 port 443 failed: Network is unreachable
* Failed to connect to wiki.gentoo.org port 443: Network is unreachable
* Closing connection 0
curl: (7) Failed to connect to wiki.gentoo.org port 443: Network is unreachable
```

Another location:

```
 % host wiki.gentoo.org
wiki.gentoo.org is an alias for geese.gentoo.org.
geese.gentoo.org has address 204.187.15.5
geese.gentoo.org has IPv6 address 2607:fcc0:4:ffff::5

 % curl -v -6 https://wiki.gentoo.org
*   Trying 2607:fcc0:4:ffff::5:443...
* connect to 2607:fcc0:4:ffff::5 port 443 failed: Connection timed out
* Failed to connect to wiki.gentoo.org port 443 after 129511 ms: Connection timed out
* Closing connection 0
curl: (28) Failed to connect to wiki.gentoo.org port 443 after 129511 ms: Connection timed out
```

Comment 3 John Helmert III archtester

2022-07-29 18:49:40 UTC

I've tried dropping the AAAA record for now as a workaround.