Author: overlordq
Description:
Only seems to be reachable over HTTP and doesn't seem to be listening for HTTPS connections.
http://lists.wikimedia.org/ works but then 301s you to https://lists.wikimedia.org/mailman/listinfo
Version: unspecified
Severity: normal
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=41939
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | None | T37540 Enable full IPv6 support on Wikimedia wikis | |||
| Resolved | mark | T24028 https://lists.wikimedia.org not reachable over IPv6 |
Further reports that using IPv6, lists.wikimedia.org isn't reachable using smtp on port 25 or using http on port 80.
Adding Mark and Rob as CCs to this bug.
Tested via SixS:
[2620:0:862:1::25:1]:80 works
[2620:0:862:1::25:1]:25 works
91.198.174.5:443 works
[2620:0:862:1::25:1]:443 connection refused
Added note to the http://wikitech.wikimedia.org/index.php?title=IPv6_deployment&diff=31742&oldid=25352 wikitech, assigned to mark :)
Now webserver does not listen on IPv6 at all:
$ nc -v 2620:0:861:1::2 80
nc: connect to 2620:0:861:1::2 port 80 (tcp) failed: Connection refused
$ nc -v 2620:0:861:1::2 443
nc: connect to 2620:0:861:1::2 port 443 (tcp) failed: Connection refused
$ nc -v 2620:0:861:1::2 25
Connection to 2620:0:861:1::2 25 port [tcp/smtp] succeeded!
Mark/IPv6 users, is this still an issue or is mailman now reachable via IPv6 as well?
Fixed for now, by removing the lists.wikimedia.org AAAA record from DNS.
While our main wiki platform now has quite solid IPv6 support, pretty much on par with IPv4, most of our other, miscellaneous services do not yet have IPv6 enabled. We've established a goal to enable IPv6 for these services during the upcoming year.
The reason we won't rush to enable IPv6 support on all services right now is because not all parts of our provisioning/configuration management/DNS setup are fully ready to support IPv6 for every service, and currently it requires a lot of manual work (i.e. manually allocating IPv6 addresses, changing each configuration file / Apache vhost / DNS, etc.) and also causes a lot of issues where other, dependent services break because they suddenly try to contact over IPv6 where this is not expected/supported yet. We've seen part of this with HTTPS support being added hapharzardly, and I don't want to repeat this again with IPv6 where things will be worse (lists.wikimedia.org was an example of this, its IPv6 has been broken multiple times). We're working on improving the automation of provisioning/configuration management of these services and are also taking IPv6 into account. This will enabling IPv6 a lot more efficient and robust.
From bug 41939:
2620:0:861:1::2 resolves to lists.wikimedia.org, but lists.wikimedia.org has
not this IPv6-adress-entry.
Change 78164 had a related patch set uploaded by Faidon:
mailman: add IPv6 support to lighttpd
IPv6 IP assigned to the box and worked for a while; exim listens to IPv6, mailman web (lighttpd) was just fixed.