Hurricane Electric's IPv6 Tunnel Broker Forums

IPv6 Certification Program Topics => General Discussion => Topic started by: jmathon on March 09, 2011, 04:52:54 AM

Title: Enthusiast DNS issue
Post by: jmathon on March 09, 2011, 04:52:54 AM
Hi,

I'm trying to pass the enthusiast level.
I have a FreeBSD server with a tunnel configured, this server has apache started.

My gif interface (2 ipv6, client of the tunnel and the routed network) :

gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
        tunnel inet 192.168.0.11 --> 216.66.84.42
        inet6 2001:470:1f12:6fb::2 --> 2001:470:1f12:6fb::1 prefixlen 128
        inet6 fe80::20c:29ff:fef1:dd30%gif0 prefixlen 64 scopeid 0x4
        inet6 2001:470:1f13:6fb::2 prefixlen 64


I created DNS entry (AAAA) and reverse DNS on Hurricane free dns

So, from my freebsd server the AAAA entrey exist:
# dig www.ipv6jerem.fr AAAA @216.218.131.2

; <<>> DiG 9.6.2-P2 <<>> www.ipv6jerem.fr AAAA @216.218.131.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26952
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.ipv6jerem.fr.              IN      AAAA

;; ANSWER SECTION:
www.ipv6jerem.fr.       86400   IN      AAAA    2001:470:1f13:6fb::2


Also, if I do a portscan for 2001:470:1f13:6fb::2; I have http opened port

But,
When I try to access the http file from he cert, it tells me that it cannot access to the ipv6 http server
moreover, when I tcpdump gif0, there is nothing (packet are showed when I do a portscan)


In fact,
AAAA query ok for www.ipv6jerem.fr (dig with the he dns server)
ipv6 port scan : HTTP opened + tcpdump ok
http file get : HTTP closed + nothing in tcpdump


Any Idea?

Thanks :)
Title: Re: Enthusiast DNS issue
Post by: dl28us on March 09, 2011, 10:09:32 AM
hi,

if you own the domain ipv6jerem.fr, you should register HE's DNS servers at your registrar.

ns1 - ns5.he.net are only authoritative nameservers, they are not user as resolvers (recursors) during the tests.


$ host -t ns ipv6jerem.fr 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

Host ipv6jerem.fr not found: 3(NXDOMAIN)


$ host -t ns ipv6jerem.fr ns1.he.net
Using domain server:
Name: ns1.he.net
Address: 216.218.130.2#53
Aliases:

ipv6jerem.fr name server ns5.he.net.
ipv6jerem.fr name server ns4.he.net.
ipv6jerem.fr name server ns3.he.net.
ipv6jerem.fr name server ns2.he.net.


$ host www.ipv6jerem.fr 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

Host www.ipv6jerem.fr not found: 3(NXDOMAIN)


$ host www.ipv6jerem.fr ns1.he.net
Using domain server:
Name: ns1.he.net
Address: 216.218.130.2#53
Aliases:

www.ipv6jerem.fr has IPv6 address 2001:470:1f13:6fb::2
Title: Re: Enthusiast DNS issue
Post by: broquea on March 09, 2011, 11:04:48 AM
Register the domain, point to our NS, and continue on your quest.

For the 2^32nd time, completely searchable for on the forums, we do not query ns1-5.he.net when performing lookups. We use a local caching resolver. :)