Lucid Lynx is Lethargically Lingering [Solved]

bowen

So, I have a server at home that's having some issues, apt-get is really, really bad. Something be doing with security.ubuntu.com

A quick google ties this to home routers, dns, static IPs.

Great! I have all of those. I took the steps I normally take when setting static IP, I followed their guides to resolve the problem, and none of it is working. I even set the DNS to openDNS with no luck. I can ping the offending nameservers with no problem.

What am I doing wrong?

End

To try to understand your problem, what exactly happens when you try to resolve the name? Is it just timing out?

What does dig +trace spit out? (note: not sure if dig is normally installed by default)

Edit: Sorry, the exact command would be
dig +trace security.ubuntu.com

You could also just try asking their servers directly instead and seeing if that works: host security.ubuntu.com ns1.canonical.com

bowen

dev@devsrv64:~$ host security.ubuntu.com ns1.canonical.com
Using domain server:
Name: ns1.canonical.com
Address: 91.189.94.173#53
Aliases:

security.ubuntu.com has address 91.189.88.37
security.ubuntu.com has address 91.189.92.167
dev@devsrv64:~$ dig +trace security.ubuntu.com

; <<>> DiG 9.7.0-P1 <<>> +trace security.ubuntu.com
;; global options: +cmd
.                       518328  IN      NS      a.root-servers.net.
.                       518328  IN      NS      k.root-servers.net.
.                       518328  IN      NS      h.root-servers.net.
.                       518328  IN      NS      c.root-servers.net.
.                       518328  IN      NS      e.root-servers.net.
.                       518328  IN      NS      l.root-servers.net.
.                       518328  IN      NS      m.root-servers.net.
.                       518328  IN      NS      d.root-servers.net.
.                       518328  IN      NS      i.root-servers.net.
.                       518328  IN      NS      g.root-servers.net.
.                       518328  IN      NS      f.root-servers.net.
.                       518328  IN      NS      j.root-servers.net.
.                       518328  IN      NS      b.root-servers.net.
;; Received 228 bytes from 208.67.222.222#53(208.67.222.222) in 35 ms

com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.
com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      k.gtld-servers.net.
;; Received 497 bytes from 192.228.79.201#53(b.root-servers.net) in 118 ms

ubuntu.com.             172800  IN      NS      ns1.canonical.com.
ubuntu.com.             172800  IN      NS      ns2.canonical.com.
ubuntu.com.             172800  IN      NS      ns3.canonical.com.
;; Received 149 bytes from 192.54.112.30#53(h.gtld-servers.net) in 107 ms

security.ubuntu.com.    600     IN      A       91.189.88.37
security.ubuntu.com.    600     IN      A       91.189.92.167
ubuntu.com.             172800  IN      NS      ns3.canonical.com.
ubuntu.com.             172800  IN      NS      ns1.canonical.com.
ubuntu.com.             172800  IN      NS      ns2.canonical.com.
;; Received 181 bytes from 209.6.3.210#53(ns3.canonical.com) in 38 ms

Basically I can't apt-get apt-update, apt-upgrade or whatever, apt completely fails because of security.ubuntu.com and nothing is helping. It works fine on DHCP but with a static IP it fails. I can't not have it static.

bowen

For instance, if I do an apt-get update, it hangs at 0% while Connecting to security.ubuntu.com

Then it'll stop, get to 21%, repeat for a new set of IP addys from the sources list.

Err http://security.ubuntu.com lucid-security/main Packages
  Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]
Err http://security.ubuntu.com lucid-security/restricted Packages
  Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]
Err http://security.ubuntu.com lucid-security/main Sources
  Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]
Err http://security.ubuntu.com lucid-security/restricted Sources
  Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]
Err http://security.ubuntu.com lucid-security/universe Packages
  Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]
Err http://security.ubuntu.com lucid-security/universe Sources
  Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]
Err http://security.ubuntu.com lucid-security/multiverse Packages
  Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]
Err http://security.ubuntu.com lucid-security/multiverse Sources
  Unable to connect to security.ubuntu.com:http: [IP: 91.189.92.167 80]

After 21% I get this:

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/lucid-updates/restricted/i18n/Translation-en_US.bz2  Unable to connect to archive.ubuntu.com:http: [IP: 91.189.88.45 80]
... (over and over)

If I try to install anything it already knows about, I get this

dev@devsrv64:~$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
  libwww-perl linux-headers-2.6.32-24 linux-headers-2.6.32-24-server
  linux-image-2.6.32-24-server wget
5 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 42.7MB of archives.
After this operation, 8,192B of additional disk space will be used.
Do you want to continue [Y/n]? y
WARNING: The following packages cannot be authenticated!
  linux-image-2.6.32-24-server wget libwww-perl linux-headers-2.6.32-24
  linux-headers-2.6.32-24-server
Install these packages without verification [y/N]? y
0% [Connecting to security.ubuntu.com (91.189.88.37)]

And it hangs there, and then says it couldn't download them.

Apparently this is related to static IPs and home based routers as none of these issues appear to happen at work. Though, I can't not use a static IP, and I can't not use my router.

End

I've seen issues where a router would refuse to route traffic if the address wasn't assigned. But that doesn't appear to be the case at all. Since querying the servers directly seems to work, I guess you could run a DNS server on the machine itself.

But that doesn't explain why OpenDNS isn't working, either. It's giving you results at all: I can tell because it gave you the addresses for the root servers in the "dig +trace".

Incidentally, how exactly is apt-get failing? Does it hang forever?

Edit: Oh, didn't see your second post. Hummm. I don't think it's actually a DNS issue, actually.

bowen

Beat you to it.

End

Yeah I saw, did an edit ;-p I don't think it's a DNS issue though.

Trying doing a traceroute, I guess.

(Hm, but it works with DHCP, right? strange...)

bowen

Yeah the network isn't down, it seems to be just an issue with apt.

bowen

Though, port 80 doesn't open properly at all, when doing w3m security.ubuntu.com it doesn't return shit.

Weird.

End

Well, that's interesting.

I guess security.ubuntu.com is the same as archive.ubuntu.com, and the lucid-security part is the only part that matters.

There's a good chance security.ubuntu.com is resolving to an address far away that times out and confuses apt-get. Or something. It doesn't really seem to be very tolerant of network issues though.

So, try editing your /etc/apt/sources.list and replacing the security.ubuntu.com addresses with us.archive.ubuntu.com

SammyF

God, Bowen, when I read the thread title I thought that I was about to learn that you were wrestling with the decision to expedite your cat's poetic demise.

bowen

Haha, I probably should've picked a better one.

But, after a long night of troubleshooting, I found out some moron added an access control for port 80 to go... right back to the same box. Fucking dick. God.

So, I removed that (silly me, wonder why I even put that there), and yay, it's working. Thanks for the help End.

End

what the hell, haha

riz

Yeah dude I imagined that this was going to be about someone with a stumbling wildcat hanging out in their yard and looking for advice on how to remove or tame it.