Hurricane Electric's IPv6 Tunnel Broker Forums

IPv6 Certification Program Topics => General Discussion => Topic started by: techniq on May 11, 2011, 04:16:41 AM

Title: both IPv6 and IPv4 he.net resolvers are nto working
Post by: techniq on May 11, 2011, 04:16:41 AM
The DNS servers 2001:470:20::2 and 74.82.42.42 are not resolving names.  Anyone else see the same?
Title: Re: both IPv6 and IPv4 he.net resolvers are nto working
Post by: cholzhauer on May 11, 2011, 04:25:08 AM
Seems to work



[carl@mars ~]$ dig aaaa google.com @2001:470:20::2

; <<>> DiG 9.6.2-P2 <<>> aaaa google.com @2001:470:20::2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19744
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.                    IN      AAAA

;; ANSWER SECTION:
google.com.             247     IN      AAAA    2001:4860:800b::63

;; Query time: 41 msec
;; SERVER: 2001:470:20::2#53(2001:470:20::2)
;; WHEN: Wed May 11 07:24:45 2011
;; MSG SIZE  rcvd: 56

Title: Re: both IPv6 and IPv4 he.net resolvers are nto working
Post by: cessnaflyer on May 11, 2011, 06:00:23 AM
I'm seeing extreme slowness and SERVFAILs.  I've fallen back to OpenDNS for the moment.
Title: Re: both IPv6 and IPv4 he.net resolvers are nto working
Post by: johnpoz on May 11, 2011, 06:11:52 AM
I run my own dns, but just queried theirs and not seeing any issues.
Title: Re: both IPv6 and IPv4 he.net resolvers are nto working
Post by: cessnaflyer on May 11, 2011, 06:27:59 AM
Perhaps the varying problems (or not) are because the address is Anycasted. Which Tunnel endpoint is everybody using? I'm on Ashburn, VA.
Title: Re: both IPv6 and IPv4 he.net resolvers are nto working
Post by: cholzhauer on May 11, 2011, 06:28:32 AM
Chicago here
Title: Re: both IPv6 and IPv4 he.net resolvers are nto working
Post by: SirLauncelot on May 11, 2011, 06:56:44 AM
I can't get to the HE IPv4 Anycast DNS, but can get to the IPv6 site.  I don't know if HE started blocking outside access to their v4 address?  Considering most do not route the IPv4 across the tunnel, they take two paths.


mills@Dilbert:~> dig aaaa google.com @2001:470:20::2

; <<>> DiG 9.7.3 <<>> aaaa google.com @2001:470:20::2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7546
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.         IN   AAAA

;; ANSWER SECTION:
google.com.      190   IN   AAAA   2001:4860:800c::67

;; Query time: 14 msec
;; SERVER: 2001:470:20::2#53(2001:470:20::2)
;; WHEN: Wed May 11 09:52:42 2011
;; MSG SIZE  rcvd: 56

mills@Dilbert:~> dig aaaa google.com @74.82.42.42

; <<>> DiG 9.7.3 <<>> aaaa google.com @74.82.42.42
;; global options: +cmd
;; connection timed out; no servers could be reached



mills@Dilbert:~> ping 74.82.42.42
PING 74.82.42.42 (74.82.42.42) 56(84) bytes of data.
^C
--- 74.82.42.42 ping statistics ---
9 packets transmitted, 0 received, 100% packet loss, time 7995ms

mills@Dilbert:~> ping6 2001:470:20::2
PING 2001:470:20::2(2001:470:20::2) 56 data bytes
64 bytes from 2001:470:20::2: icmp_seq=1 ttl=63 time=16.6 ms
64 bytes from 2001:470:20::2: icmp_seq=2 ttl=63 time=17.4 ms
64 bytes from 2001:470:20::2: icmp_seq=3 ttl=63 time=15.3 ms
^C
--- 2001:470:20::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 15.339/16.474/17.433/0.876 ms
Title: Re: both IPv6 and IPv4 he.net resolvers are nto working
Post by: cholzhauer on May 11, 2011, 06:59:37 AM
No problems with IPv4 here either



[carl@mars ~]$ dig aaaa google.com @74.82.42.42

; <<>> DiG 9.6.2-P2 <<>> aaaa google.com @74.82.42.42
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27964
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.                    IN      AAAA

;; ANSWER SECTION:
google.com.             236     IN      AAAA    2001:4860:800b::67

;; Query time: 81 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Wed May 11 09:59:11 2011
;; MSG SIZE  rcvd: 56

Title: Re: both IPv6 and IPv4 he.net resolvers are nto working
Post by: jgeorge on May 11, 2011, 07:40:32 AM
Seeing timeouts from here in Atlanta.
Title: Re: both IPv6 and IPv4 he.net resolvers are nto working
Post by: johnpoz on May 11, 2011, 09:19:07 AM
Here in Chicago tried some odd ball site pulled from sixy.ch ipv6 site feed no issues

; <<>> DiG 9.7.3 <<>> @74.82.42.42 brabbelaar.nl AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20054
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;brabbelaar.nl.                 IN      AAAA

;; ANSWER SECTION:
brabbelaar.nl.          3600    IN      AAAA    2a02:cc8::96:52

;; Query time: 196 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Wed May 11 11:17:25 2011
;; MSG SIZE  rcvd: 59

; <<>> DiG 9.7.3 <<>> @2001:470:20::2 brabbelaar.nl AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16280
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;brabbelaar.nl.                 IN      AAAA

;; ANSWER SECTION:
brabbelaar.nl.          3515    IN      AAAA    2a02:cc8::96:52

;; Query time: 37 msec
;; SERVER: 2001:470:20::2#53(2001:470:20::2)
;; WHEN: Wed May 11 11:18:51 2011
;; MSG SIZE  rcvd: 59


Title: Re: both IPv6 and IPv4 he.net resolvers are nto working
Post by: broquea on May 11, 2011, 10:04:25 AM
There was a large DDOS against Ashburn's regular tserv last night, that needed a pretty gnarly filter applied. I tried to minimize what services would get impacted, and for the most part the tunnels themselves were unaffected, however DNS might have been not 100%. The DDOS is gone and so is the filter. Please retest.
Title: Re: both IPv6 and IPv4 he.net resolvers are nto working
Post by: jimb on May 12, 2011, 12:37:27 AM
Are you guys using anything like SRTBH (http://packetlife.net/blog/2010/aug/23/source-based-rtbh/) to combat DOS attacks?