0
dispo

Interesting quirk with DNS resolution and apt update

Recommended Posts

Hi,

 

Just something I have found, not sure if this is an 'issue' but it definitely caught me out and took a while to figure out and fix.

I have several armbian machines (Odroid C2, BananaPi Pro) all running Jessie or Stretch and all working fine.

 

A recent project of mine (using Armbian on a BPi Pro) was to build a Pi-Hole DNS.

Some time after doing that I noticed that none of the Armbian machines would successfully run 'apt update' whilst other unix machines including a RPi running raspbian were all fine.

DNS config was fine, I could see requests hit the Pi-Hole and be answered. nslookup / dig on the armbian machines all worked fine but 'apt update' reported 'could not resolve' errors trying to reach apt.armbian.com plus others.

 

I tried all sorts of fixes and none worked except taking the Pi-Hole out of the DNS path.

Then I found a comment recommending this 'apt-get -o Acquire::ForceIPv4=true update' and it worked!

 

I realised that whilst playing with the Pi-Hole and only having an IPV4 network that I had blocked all IPV6 lookups (including IPV6 lookups within the IPV4 protocol) via iptables giving ICMP unreachable results.

I removed those iptable entries on the Pi-Hole and the Armbian machines started working with apt update again.

 

So it would appear that even though apt is querying the required domains via IPV4 (looking for both IPV4 and IPV6 results) if either comes back as unreachable then apt fails.

As I said not sure if this is an 'issue' its just noticeable that other flavours of linux I use (raspbian, linux mint) do not do the same.

 

 

edit: just to be clear, I am aware that the standard is to query IPV6 and IPV4 simultaneously (even when IPV6 itself is disabled and as a result the IPV6 query is via IPV4), it just seems that with armbian if the IPV6 answer comes back as unreachable then the IPV4 answer even though valid is not used. This is what appears to be different to my other distros. Also changing the Pi-Hole iptable rules to drop the AAAA requests instead of rejecting also allows apt update to work but with a noticeable delay from the AAAA request timing out.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
0