Hurricane Electric's IPv6 Tunnel Broker Forums

IPv6 Certification Program Topics => General Discussion => Topic started by: broquea on November 19, 2008, 08:36:51 PM

Title: Two new levels available.
Post by: broquea on November 19, 2008, 08:36:51 PM
We've revamped some stuff, and have added two new levels to attain for your entertainment:

Explorer - The Enthusiast level (consisting of IPv6 HTTP Client and Server tests) has been split into the Explorer (HTTP Client test) and Enthusiast (HTTP Server test) levels. This should allow many people stuck at NewB to move up who can view IPv6 enabled websites, but don't have an IPv6 webserver running yet.

Sage - This tests for IPv6 glue on the nameservers that are authoritative for your domain.

Anyone that has already gone beyond Enthusiast will be able to take the explorer test to get credit/score. Sage is available if you have completed Guru.

And as always, if you encounter an issue, please email ipv6@he.net
Title: Re: Two new levels available.
Post by: broquea on November 22, 2008, 11:30:46 AM
Clarification on the Sage exam. We look for host records on the TLD servers themselves (with a direct query) for the AAAA of your domain's authoritative name servers. We see this available from a few registrars that we've sampled, like GoDaddy and NetSol (just to name larger ones). Obviously we have a bunch of Sage certs issued, so it appears users can accomplish this.
Title: Re: Two new levels available.
Post by: snarked on November 23, 2008, 02:13:51 PM
Sage - question:  Does it require that at least ONE of the DNS servers be IPv6 reachable, or ALL?

It appears that your tests are looking for ALL.
Title: Re: Two new levels available.
Post by: broquea on November 23, 2008, 02:51:44 PM
Quote from: snarked on November 23, 2008, 02:13:51 PM
Sage - question:  Does it require that at least ONE of the DNS servers be IPv6 reachable, or ALL?

It appears that your tests are looking for ALL.

We're looking for 1 nameserver with an IPv6 host record in any one of the TLD servers. If we find at least 1, its a pass.
Title: Re: Two new levels available.
Post by: piojan on November 24, 2008, 09:37:28 AM
Quote from: broquea on November 22, 2008, 11:30:46 AM
We look for host records on the TLD servers themselves (with a direct query) for the AAAA of your domain's authoritative name servers.

Do I understand this correctly
sample domain: a.b.c.tld
$ dig ns tld
got a/b/c.dns.tld
$ dig aaaa a.b.c.tld @a-dns.tld
and are looking for a ipv6 address of a ns?

Is this correct?
Probably I am mising something.
Title: Re: Two new levels available.
Post by: kriteknetworks on November 24, 2008, 10:39:52 AM
Correct
Title: Re: Two new levels available. (Sage test)
Post by: snarked on November 24, 2008, 11:29:13 AM
QuoteWe're looking for 1 nameserver with an IPv6 host record in any one of the TLD servers. If we find at least 1, its a pass.
Then I must suggest that it isn't working.
Quote; <<>> DiG 9.6.0b1 <<>> snarked.org any @a0.org.afilias-nst.info
...
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61491
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 11, ADDITIONAL: 5

;; AUTHORITY SECTION:
snarked.org.            86400   IN      NS      ns.snarked.org.
...

;; ADDITIONAL SECTION:
ns.snarked.org.         86400   IN      A       67.43.172.250
...
ns.snarked.org.         86400   IN      AAAA    2607:f350:1::1:1

;; Query time: 241 msec
;; SERVER: 199.19.56.1#53(199.19.56.1)
;; WHEN: Mon Nov 24 19:11:54 2008
;; MSG SIZE  rcvd: 359
As noted, "ns.snarked.org" has IPv6 glue at the .ORG parent servers, yet the test fails ("Couldnt get AAAA for NS").

Similarly, the web server test for "www.snarked.org" also fails despite it having an IPv6 address and being reachable.
Title: Re: Two new levels available. (Sage test)
Post by: piojan on November 24, 2008, 02:22:39 PM
Quote from: snarked on November 24, 2008, 11:29:13 AMThen I must suggest that it isn't working.

Lets put it this way - I know someone that had there domain passed but probably it shouldn't have been validated for having correct ipv6 glue - this is why I was asking for a more technical specification of how HE is tesing this glue.

Cheers,
PJ
Title: Re: Two new levels available.
Post by: snarked on November 24, 2008, 05:58:00 PM
...And conversely, I have a domain where it should work yet is failing.  I hope they're looking into this.