Hi,
Problem just stated this morning. I'm using the HE.net nameserver @ 74.82.42.42 setup as a local resolver with dnsmask. It has worked flawlessly since it was announced http://www.tunnelbroker.net/forums/index.php?topic=459.0 (http://www.tunnelbroker.net/forums/index.php?topic=459.0) and I added the feature to my router.
But today, all google links are dead. The HE.net nameserver can't resolve any google.com queries.
example:$ dig @74.82.42.42 AAAA www.google.com
; <<>> DiG 9.7.0-P1 <<>> @74.82.42.42 AAAA www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53520
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN AAAA
;; ANSWER SECTION:
www.google.com. 57315 IN CNAME www.l.google.com.
;; Query time: 26 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Fri May 13 11:13:50 2011
;; MSG SIZE rcvd: 52
Not even an A record, either:
$ dig @74.82.42.42 www.google.com
; <<>> DiG 9.7.0-P1 <<>> @74.82.42.42 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 16303
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 56847 IN CNAME www.l.google.com.
;; Query time: 25 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Fri May 13 11:21:43 2011
;; MSG SIZE rcvd: 52
Works when I force to my ISP nameserver, though. But, I don't get any google site in IPv6 without the HE.net whitelisted nameserver (that is apparently broken)
$ dig @75.75.75.75 www.google.com
; <<>> DiG 9.7.0-P1 <<>> @75.75.75.75 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2360
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 441525 IN CNAME www.l.google.com.
www.l.google.com. 292 IN A 74.125.224.48
www.l.google.com. 292 IN A 74.125.224.50
www.l.google.com. 292 IN A 74.125.224.49
www.l.google.com. 292 IN A 74.125.224.51
www.l.google.com. 292 IN A 74.125.224.52
;; Query time: 10 msec
;; SERVER: 75.75.75.75#53(75.75.75.75)
;; WHEN: Fri May 13 11:24:51 2011
;; MSG SIZE rcvd: 132
Not seeing an issue in Fremont, where your tunnel is:
~# dig aaaa www.google.com @74.82.42.42
; <<>> DiG 9.7.1-P2 <<>> aaaa www.google.com @74.82.42.42
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14872
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN AAAA
;; ANSWER SECTION:
www.google.com. 60400 IN CNAME www.l.google.com.
www.l.google.com. 24 IN AAAA 2001:4860:b006::93
;; Query time: 0 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Fri May 13 12:20:38 2011
;; MSG SIZE rcvd: 80
~# dig aaaa www.google.com @2001:470:20::2
; <<>> DiG 9.7.1-P2 <<>> aaaa www.google.com @2001:470:20::2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28129
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN AAAA
;; ANSWER SECTION:
www.google.com. 60359 IN CNAME www.l.google.com.
www.l.google.com. 283 IN AAAA 2001:4860:b006::63
;; Query time: 5 msec
;; SERVER: 2001:470:20::2#53(2001:470:20::2)
;; WHEN: Fri May 13 12:21:19 2011
;; MSG SIZE rcvd: 80
~# dig a www.google.com @74.82.42.42
; <<>> DiG 9.7.1-P2 <<>> a www.google.com @74.82.42.42
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63763
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 60275 IN CNAME www.l.google.com.
www.l.google.com. 121 IN A 74.125.224.83
www.l.google.com. 121 IN A 74.125.224.81
www.l.google.com. 121 IN A 74.125.224.82
www.l.google.com. 121 IN A 74.125.224.80
www.l.google.com. 121 IN A 74.125.224.84
;; Query time: 0 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Fri May 13 12:22:43 2011
;; MSG SIZE rcvd: 132
~# dig a www.google.com @2001:470:20::2
; <<>> DiG 9.7.1-P2 <<>> a www.google.com @2001:470:20::2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54105
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 60266 IN CNAME www.l.google.com.
www.l.google.com. 112 IN A 74.125.224.83
www.l.google.com. 112 IN A 74.125.224.81
www.l.google.com. 112 IN A 74.125.224.82
www.l.google.com. 112 IN A 74.125.224.80
www.l.google.com. 112 IN A 74.125.224.84
;; Query time: 5 msec
;; SERVER: 2001:470:20::2#53(2001:470:20::2)
;; WHEN: Fri May 13 12:22:52 2011
;; MSG SIZE rcvd: 132
Why am I the unlucky one? ???
Still isn't working here and I don't know what to do to debug this any further ???
$ dig @74.82.42.42 AAAA www.google.com
; <<>> DiG 9.7.0-P1 <<>> @74.82.42.42 AAAA www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21347
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN AAAA
;; ANSWER SECTION:
www.google.com. 25322 IN CNAME www.l.google.com.
;; Query time: 27 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Fri May 13 20:06:59 2011
;; MSG SIZE rcvd: 52
odd.. this seemed to work with dnsmasq:
--server=/google.com/2001:470:20::2
instead of the ipv4 of 74.82.42.42. I didn't think dnsmasq supported v6 addresses for that option :)
Anyone think Comcast is deep packet filtering again? That's my only guess as to what's happening for me
I'm seeing a similar problem since about 48 hours ago. I'm not using comcast and use the tserv15 endpoint. Definitely something up. I emailed support but haven't heard back yet. All my queries to he.net dns result in SERVFAIL. I have switched to my own DNS resolver but now don't get the ipv6 google services. Using he.net's ipv6 dns doesn't help in my case.
$ dig @74.82.42.42 AAAA www.google.com
; <<>> DiG 9.8.0-P1 <<>> @74.82.42.42 AAAA www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35393
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com. IN AAAA
;; Query time: 260 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Sun May 15 19:03:15 2011
;; MSG SIZE rcvd: 32