Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
'Server not found' by Firefox at launch [Solved]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Fitzcarraldo
Veteran
Veteran


Joined: 30 Aug 2008
Posts: 1629
Location: United Kingdom

PostPosted: Tue Jun 18, 2013 11:27 pm    Post subject: 'Server not found' by Firefox at launch [Solved] Reply with quote

I'm just posting this in case someone else runs into the same problem.

I did a world update yesterday and today found that, whenever I launched Firefox, it displayed the 'Server not found' page and I had to click 'Try Again', and then Firefox displayed the expected Web site. From then onwards, Firefox would work as expected until I exited the application. Similarly, when I launched Thunderbird it could not access my e-mail accounts and I had to click a couple of times on 'Get Mail' for Thunderbird to access my e-mail accounts. I noticed that net-misc/networkmanager and kde-misc/networkmanagement were amongst the many packages updated on my laptop yesterday, so I assume one of these might have been the cause of the new behaviour.

I used Wireshark to see what was going on and it transpired that Gentoo was using IPv6 addresses. When these addresses did not work ('server not found'), Gentoo then used an IPv4 address (which is why clicking 'Try Again' worked).

I should point out that a) IPv6 was (and still is) disabled in Network Management Settings on my laptop, b) I've always had IPv6 enabled in my kernels, and c) I've never before had to disable IPv6 in Firefox or Thunderbird. So why the change in functionality now, I wonder?

With Wireshark capturing packets, when I launched Firefox or Thunderbird I was seeing a server failure message indicating "AAAA" (IPv6) instead of "A" (IPv4).

To stop this happening I could have used about:config in Firefox and Configure Editor in Thunderbird, respectively, to change the value of network.dns.disableIPv6 to true instead of false, or I could have disabled IPv6 system-wide by editing /etc/modprobe.d/aliases.conf and uncommenting the line "alias net-pf-10 off". I chose to do the latter because the problem would affect applications other than Firefox and Thunderbird that access the Internet.

BTW, there is a file named /etc/gai.conf which it appears could be edited to make Gentoo send an IPv4 address first and an IPv6 address second, rather than the other way around, but I did not bother to try that.
_________________
Clevo W230SS: amd64 OpenRC elogind nvidia-drivers & xf86-video-intel.
Compal NBLB2: ~amd64 OpenRC elogind xf86-video-ati. Dual boot Win 7 Pro 64-bit.
KDE on both.

Fitzcarraldo's blog
Back to top
View user's profile Send private message
Fitzcarraldo
Veteran
Veteran


Joined: 30 Aug 2008
Posts: 1629
Location: United Kingdom

PostPosted: Wed Jun 19, 2013 1:50 am    Post subject: Reply with quote

The person who helped me diagnose the problem described in my earlier post has just sent me the explanation below. He happens to be an Ubuntu user, and has the same model of router as me.

Quote:
I did some more digging and found RFC 4074 that describes the problem - Common Misbehaviour Against DNS Queries for IPv6 Addresses.

http://tools.ietf.org/html/rfc4074

It would appear that with the growth in IPv6 implementations not all DNS servers respond quite as they should to DNS requests for IPv6 addresses. See Section 4 - Problematic Behaviours.

Section 4.2 in particular...........

Quote:
However, these can still cause a serious effect. There was an authoritative server implementation that returned RCODE 2 ("Server failure") to queries for AAAA RRs. One widely deployed mail server implementation with a certain type of resolver library interpreted this result as an indication of retry and did not fall back to queries for A RRs, causing message delivery failure.

This is what you were seeing.

What should happen is described in Section 3 i.e. when the client sends a DNS query for an IPv6 AAAA Resource Record (RR) the DNS server should respond with a response code of 0 (no error) but with an empty answer section (remember this section in the Wireshark capture). But the response you were getting was error code 2 "server failure" instead of error code 0. Presumably, if error code 0 is returned with an empty answer section Gentoo would then just fall back to IPv4 A RR and you wouldn't see any errors, just a slightly longer delay to get the IPv4 address of the web site.

So, to me this looks like a combination of problems. Gentoo is prioritising IPv6 AAAA DNS queries ahead of IPv4 and the server is not responding as it should. I don't see any IPv6 AAAA DNS queries in Ubuntu even though IPv6 is enabled so they've obviously coded it differently with IPv4 DNS queries being sent first.

I'm pretty sure that many others have already seen, or will shortly see, this same issue.

_________________
Clevo W230SS: amd64 OpenRC elogind nvidia-drivers & xf86-video-intel.
Compal NBLB2: ~amd64 OpenRC elogind xf86-video-ati. Dual boot Win 7 Pro 64-bit.
KDE on both.

Fitzcarraldo's blog
Back to top
View user's profile Send private message
Fitzcarraldo
Veteran
Veteran


Joined: 30 Aug 2008
Posts: 1629
Location: United Kingdom

PostPosted: Thu Jun 20, 2013 6:38 pm    Post subject: Reply with quote

Found another way around the problem, and it does not require IPv6 to be disabled system-wide nor in the application:

http://www.mydailytechtips.com/2010/10/how-to-fix-slow-dns-issue-in-fedora.html

I added a Bash script in the directory /etc/NetworkManager/dispatcher.d/ that appends the line "options single-request" to /etc/resolv.conf. The addition of the line "options single-request" to resolve.conf causes the getaddrinfo() function in glibc to make the IPv4 and IPv6 requests sequentially rather than in parallel. With this change, Firefox and Thunderbird no longer have a problem accessing the Internet the first time they are launched.

From "man 5 resolv.conf" under "options":

Quote:
single-request (since glibc 2.10)
sets RES_SNGLKUP in _res.options. By default, glibc performs IPv4 and IPv6 lookups in parallel since version 2.9. Some appliance DNS servers
cannot handle these queries properly and make the requests time out. This option disables the behavior and makes glibc perform the IPv6 and
IPv4 requests sequentially (at the cost of some slowdown of the resolving process).

single-request-reopen (since glibc 2.9)
The resolver uses the same socket for the A and AAAA requests. Some hardware mistakenly sends back only one reply. When that happens the
client system will sit and wait for the second reply. Turning this option on changes this behavior so that if two requests from the same port
are not handled correctly it will close the socket and open a new one before sending the second request.


I had to use NetworkManagerDispatcher to add the line "options single-request" to /etc/resolv.conf because NetworkManager overwrites /etc/resolv.conf if you edit it manually.
_________________
Clevo W230SS: amd64 OpenRC elogind nvidia-drivers & xf86-video-intel.
Compal NBLB2: ~amd64 OpenRC elogind xf86-video-ati. Dual boot Win 7 Pro 64-bit.
KDE on both.

Fitzcarraldo's blog
Back to top
View user's profile Send private message
PaulBredbury
Watchman
Watchman


Joined: 14 Jul 2005
Posts: 7310

PostPosted: Sun Jul 28, 2013 11:45 pm    Post subject: Reply with quote

This "sometimes have to load a page twice" issue has been fixed for me, after being an annoyance for years. I think one or both of these helped:

Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum