Description of problem: sa-update.cron daily error message. Version-Release number of selected component (if applicable): How reproducible: Happens daily. Steps to Reproduce: 1. Error of daily cron. 2. 3. Actual results: can't resolve "fe80::c23f:eff:fe84:ad83%(null)" to address at /usr/lib64/perl5/vendor_perl/Net/DNS/Resolver/Base.pm line 776. 14-Feb-2013 04:12:10: SpamAssassin: Unknown error code 19 from sa-update Expected results: Daily crons should be seen, not heard. Additional info:
Something is very confused with your dns setup there. It's trying to resolve a local ipv6 address.. Can you attach the output of: /usr/bin/sa-update -D Whats your network config like there? Can you resolve ipv4 addresses normally?
Created attachment 697478 [details] stderr output of sa-update -D I don't have any trouble with ipv4 addresses. All my local addresses are ipv4. Know of any ipv6-only websites I can try to connect to?
Well, the 'fe80' prefix is a network local ipv6 address, it's non routable, so there's no way you could access a remote site via ipv6 over it. Can you look at your: /var/lib/spamassassin/3.002005/updates_spamassassin_org/MIRRORED.BY file? it should contain the servers you can download updates for the updates.spamassassin.org channel. Can you ping each of those?
# test mirror: zone, cached via Coral #http://buildbot.spamassassin.org.nyud.net:8090/updatestage/ #Removed on 2012-09-26 per bug 6838 #http://daryl.dostech.ca/sa-update/asf/ weight=5 http://sa-update.dnswl.org/ weight=1 http://www.sa-update.pccc.com/ weight=5 http://sa-update.secnap.net/ weight=5 I can ping sa-update.dnswl.org and www.sa-update.pccc.com, but not sa-update.secnap.net.
Strange. Well, both of those 2 have ipv6 addresses, but not sure why your system would be trying to contact them there. :( The other one is in fact down for right now. Can you attach: ip addr show and ip -6 addr show
[Venice] 06:27 ~ 51$ ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: p4p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 50:e5:49:57:52:7d brd ff:ff:ff:ff:ff:ff inet 10.4.0.3/16 brd 10.4.255.255 scope global p4p1 inet6 2002:a01:aa9:e472:52e5:49ff:fe57:527d/64 scope global dynamic valid_lft 2397sec preferred_lft 1797sec inet6 fe80::52e5:49ff:fe57:527d/64 scope link valid_lft forever preferred_lft forever [Venice] 06:27 ~ 52$ ip -6 addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: p4p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000 inet6 2002:a01:aa9:e472:52e5:49ff:fe57:527d/64 scope global dynamic valid_lft 2389sec preferred_lft 1789sec inet6 fe80::52e5:49ff:fe57:527d/64 scope link valid_lft forever preferred_lft forever [Venice] 06:27 ~ 53$
ok, so you do have a ipv6 address. can you do a 'ping6' to the hosts from comment #4?
100% packet loss on both of them. sa-update.secnap.net is an "unknown host". Regular ping still works on sa-update.dnswl.org and www.sa-update.pccc.com; on sa-update.secnap.net it tries 204.89.241.6 but fails.
So, the problem here is that your provider is giving you an ipv6 address, and it doesn't work. ;) Consult with them why thats happened?
Oh please. It's so much more likely that I've misconfigured ipv6 on my own network. Googling "test ipv6" pointed me to http://test-ipv6.com, which says - No IPv6 address detected - Connections to IPv6-only sites are timing out. Any web site that is IPv6 only, will appear to be down to you. - Your DNS server (possibly run by your ISP) appears to have IPv6 Internet access. Your readiness score 0/10 for your IPv6 stability and readiness, when publishers are forced to go IPv6 only I bet if I fix this, the sa-update warning will go away.
This line: inet6 2002:a01:aa9:e472:52e5:49ff:fe57:527d/64 scope global dynamic Shows that you have been issued that valid ipv6. ;) It looks like that prefix is assigned to he.net... so perhaps you have a non fully working he.net tunnel? http://tunnelbroker.net/
My router says its ipv6 address is 2002:a01:aa9:e472:c23f:eff:fe84:ad83. When I ping that, I get unknown host!
OK, got that fixed: I can ping6 ipv6 addresses on my own LAN but not way out there on the Internet. But I still get the sa-update error, can't resolve "fe80::c23f:eff:fe84:ad83%(null)" to address Maybe this is a Perl coding error? It can't handle a %(null) at the end of a string? /usr/lib64/perl5/vendor_perl/Net/DNS/Resolver/Base.pm line 776.
It's not a perl error. :) It works perfectly fine here with ipv6, provided you have a working network. ;) You need to: a) Get it so your ipv6 network actually can talk to ipv6 things on the internet (like say the spamassassin update servers) or b) Disable ipv6 so it doesn't try to reach them over ipv6 and uses ipv4.
I can't figure out how to disable ipv6, but I was able to isolate the problem to the modem/router leased to me by Comcast. They were very helpful and will be replacing it next Friday with a newer unit.
They replaced the modem-router. I still can't ping6 ipv6.test-ipv6.com (Network is unreachable) but at least it gives up immediately now, and I no longer get the sa-update error. Your option b) works for now.
ok, shall we close this out then? Please feel free to re-open or file a new one if you run into further issues...
Yes, the immediate issue with sa-update is gone. My issues with IPV6 are another matter for another time. Thanks.