Text only | Text with Images

Hurricane Electric's IPv6 Tunnel Broker Forums

IPv6 Certification Program Topics => General Discussion => Topic started by: bombcar on October 21, 2010, 11:22:42 AM

Title: Is there a way to see what he's servers see?
Post by: bombcar on October 21, 2010, 11:22:42 AM
I had an error in my DNS, I have a TTL of 84600, and I can't pass the mail test; I think the cache is pulling the old data.

Is there a way to use he's servers to verify it's a caching issue and not something else? I've tried to resolve from a few places but since this domain is IPv6 only it's been a bit difficult.

http://www.nabber.org/projects/dnscheck/?domain=ipadapplesale.com&ipv6=on&nocache=on

looks good but it doesn't show the MX test.
Title: Re: Is there a way to see what he's servers see?
Post by: snarked on October 21, 2010, 11:35:24 AM
Use http://network-tools.com/nslook/ and specify HE's name servers (one at a time; there are five).
Title: Re: Is there a way to see what he's servers see?
Post by: bombcar on October 21, 2010, 11:54:12 AM
Are they ns1-ns5.he.net? Because I get a straight-up failure on them with that tool.

Isn't that the same as:

dig @ns1.he.net google.com

which fails because they don't recurse?
Title: Re: Is there a way to see what he's servers see?
Post by: bombcar on October 22, 2010, 09:44:42 AM
Yay it was the caching. Sage, yo.
Title: Re: Is there a way to see what he's servers see?
Post by: snarked on October 22, 2010, 12:25:05 PM
Re-Reply #2:  Yes, those are the servers' names.  However, do not query them with type "ANY" as they don't seem to support that.  A query with a specific RR-type should work.
Title: Re: Is there a way to see what he's servers see?
Post by: bombcar on October 22, 2010, 04:51:23 PM
Hmm. They don't love me:
Code Select
dig @ns1.he.net ipadapplesale.com aaaa

; <<>> DiG 9.7.1 <<>> @ns1.he.net ipadapplesale.com aaaa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45353
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;ipadapplesale.com.             IN      AAAA

;; Query time: 27 msec
;; SERVER: 216.218.130.2#53(216.218.130.2)
;; WHEN: Fri Oct 22 16:48:40 2010
;; MSG SIZE  rcvd: 35


I have my suspicions about a domain that has NOTHING but AAAA available, and no A glue.
Title: Re: Is there a way to see what he's servers see?
Post by: broquea on October 22, 2010, 06:14:16 PM
Not seeing us host that domain (not a webhosting account, not in dns.he.net...), so no idea why you are querying AUTHORITATIVE servers and think they are CACHING RECURSORS:

Code Select
 Domain servers in listed order:
     IPV6.IPADAPPLESALE.COM
     NS1.IPADAPPLESALE.COM


NS1-5.HE.NET != caching recursors
Title: Re: Is there a way to see what he's servers see?
Post by: bombcar on October 23, 2010, 09:27:43 AM
That's what I thought. There's no way to see what he.net sees.
Title: Re: Is there a way to see what he's servers see?
Post by: lukec on October 23, 2010, 02:07:20 PM
Forgive me for plagerising broquea

HE do run recursive nameservers for their co-location customers and their tunnelbroker.net users.
If you look at your tunnel's details page, HE list the anycasted IPv4
and IPv6 address of the recursor. Their recursor also participates in the
Google Whitelisting.

I made the same mistake...
Regards
lukec
Text only | Text with Images