root@turris:~# pkgupdate
line not found
line not found
line not found
ERROR:
unreachable: https:// repo.turris.cz/omnia/lists/base.lua: Operation timed out after 30000 milliseconds with 0 out of 0 bytes received
root@turris:~# vi /etc/hosts
root@turris:~# cat /etc/hosts
127.0.0.1 localhost
217.31.192.69 repo.turris.cz
root@turris:~# pkgupdate
WARN:Requested package foris-pakon-plugin-l10n-de that is missing, ignoring as requested.
WARN:Requested package luci-i18n-ddns-en that is missing, ignoring as requested.
i think that proves my theory. But i’d rather not have a fixed hosts entry for repo.turris.cz
i hope support can fix this, because i dont know how to solve this problem correctly.
That’s not a solution. First, you should suggest enable/disable forwarding to see if it works to avoid any ISP issues, but it will really help us if they can send us diagnostics to see if there’s anything wrong.
Fenevadkan was doing some helpful troubleshooting yesterday but fell off the radar. FYI I changed DNS forwarding to Google in FORIS and my DNS connection test went through. Via SSH I can ping the server, see my above post.
Oh, this is interesting. My computer can access repo.turris.cz, and even traceroute through the router works.
2 2001:506:6000:11b:71:156:212:142 3.964 ms 2.157 ms 6.325 ms 3 2001:506:6000:11b:69:235:122:82 5.920 ms 9.085 ms 13.480 ms 4 * * * 5 2001:1890:1fff:41e:192:205:32:222 4.818 ms 29.928 ms 4.546 ms 6 nyk-bb3-v6.telia.net 185.798 ms nyk-bb4-v6.telia.net 178.710 ms 178.680 ms 7 ldn-bb4-v6.telia.net 177.412 ms ldn-bb3-v6.telia.net 176.848 ms ldn-bb4-v6.telia.net 179.884 ms 8 hbg-bb1-v6.telia.net 178.157 ms 179.152 ms 229.939 ms 9 prag-bb1-v6.telia.net 174.097 ms win-bb2-v6.telia.net 183.860 ms prag-bb1-v6.telia.net 174.832 ms 10 prag-b3-v6.telia.net 183.476 ms 178.244 ms 180.312 ms 11 cznic-ic-335938-prag-b3.c.telia.net 160.390 ms 164.550 ms 165.213 ms 12 gw-s-01-dnsgw.nic.cz 163.793 ms 165.105 ms 163.312 ms 13 *^C
But it still fails on the router running 3.11.2.
Other IPv6 hosts work, e.g.,
root@turris:~# ping6 www.google.com PING www.google.com (2607:f8b0:4005:808::2004): 56 data bytes 64 bytes from 2607:f8b0:4005:808::2004: seq=0 ttl=56 time=3.305 ms 64 bytes from 2607:f8b0:4005:808::2004: seq=1 ttl=56 time=3.277 ms 64 bytes from 2607:f8b0:4005:808::2004: seq=2 ttl=56 time=3.194 ms ^C --- www.google.com ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 3.194/3.258/3.305 ms root@turris:~#
So I think I’ll just try rspoerri’s solution and hope it’s fixed soon.
Ah-hah. I have determined the root cause, in my situation. It’s that AT&T sucks, and there’s nothing the CZ.NIC people can do about it except implement Happy Eyeballs. When I use the -I option to use one of the delegated prefixes for ping6, then my router successfully reaches repo.turris.cz.
They’re apparently doing source address filtering for whatever reason, so the routers can’t access Europe. Most people don’t notice because they’re using ISP-supplied routers that only access American services. AT&T made it very difficult to use this third-party router on this Internet connection, so I think this is not a supported configuration.
I’d ask the ISP. So far I can’t see why the breakage should be intentional. It might just have been undetected (most of affected people don’t know how to triage these). I’ve seen some (unintentional) IPv6 routing issues recently.
When I try traceroute to your address, it seems to die here in Europe already:
10 2a01:5e0::3:41 (2a01:5e0::3:41) 7.413 ms !N * *
and it’s completely stuck when I try it from yet another Czech ISP, but AFAIK these might be completely independent to the route between you and cz.nic.
Still not finding a solution for this issue…can the folks from Turris fix this or can someone post a guide on how to fix this with a modification to the hosts file?
I think you didn’t see my post. This issue is most probably on the ISP side, which you are experiencing. On the forum together with support, there are 3 people, which has this issue and I don’t think this is something on our side.
May I know, if you try to enable or disable DNS Forwarding in DNS tab when you’re logged in to administration interface Foris? Did you try to change DNS servers (maybe the ones, which supports DNS over TLS) to some preferred once, which are listed in Foris? If you do and it still doesn’t work, I suggest you to send us diagnostics following our Error reporting article in our documentation to get at least some basic details, which can help us and if it still doesn’t work, we have also article for Debugging DNS problems and it can give us a further view, what’s happening and why.
Anyway, the forum is not meant to be for bug reporting.
Thank you for addressing. I have toggeled DNS Forwarding from OFF to On (Google) (no solution) and then onto Cloudfare which finally seems to have fixed the issue.
So the ISP is likely intercepting DNS packets not directed at them when only encryption helps? Well, if these at least returned answers that are correct and work fine…
I had exactly the same problem as you and adding the record to /etc/hosts resolved the issue for me as well. Were you able to figure out the root cause?
The root cause seems to be some provider inbetween you and turris making an error or change how ipv6 is routed.
After some time it worked again for me without any modifications.