Hurricane Electric's IPv6 Tunnel Broker Forums

General IPv6 Topics => IPv6 Basics & Questions & General Chatter => Topic started by: ravenstar on February 21, 2013, 12:06:55 PM

Title: test-ipv6.com DNS wierdness
Post by: ravenstar on February 21, 2013, 12:06:55 PM
OK

Can someone please explain why, when I set my DNS servers to 2001:470:200::2 and 2001:470:300::2 I am getting marked down on test-ipv6.com

It tells me that the DNS servers do not appear to have IPv6 access.

Using nslookup I have confirmed it is using he's nameservers rather than my ISP's.  And changing the servers to Googles public DNS addresses gives me 10/10 score again.

Any ideas?

Ravenstar
Title: Re: test-ipv6.com DNS wierdness
Post by: broquea on February 21, 2013, 12:38:10 PM
Those are not recursors, they are authoritative only for the domains they host. You want to use 2001:470:20::2
Title: Re: test-ipv6.com DNS wierdness
Post by: kasperd on February 21, 2013, 04:51:11 PM
Quote from: broquea on February 21, 2013, 12:38:10 PMYou want to use 2001:470:20::2
But having only a single DNS server isn't good for reliability. You should configure 2 or 3. Last I checked HE provided only a single official anycast IP for the purpose. But you can actually use unicast addresses of the individual DNS servers as well.

A configuration that has worked for me is to use 2001:470:20::2 as primary and then the unicast address of another DNS server as secondary. Another way to configure it is to use 2001:470:20::2 as primary and a completely different provider as secondary.
Title: Re: test-ipv6.com DNS wierdness
Post by: broquea on February 21, 2013, 05:01:13 PM
And going a step farther, relying on 2 dns provided by the same provider is potentially just as bad as a single resolver, so maybe use Google's anycasted recursor on IPv6 in addition to the anycasted one from HE :D
Title: Re: test-ipv6.com DNS wierdness
Post by: ravenstar on February 22, 2013, 09:07:32 AM
Thanks for the info

Only one thing to say to that - "Doh"  : ;D

Ravenstar
Title: Re: test-ipv6.com DNS wierdness
Post by: snarked on February 23, 2013, 02:05:40 PM
Note the difference between a RECURSIVE RESOLVER and an AUTHORITATIVE SERVER.

Although there is no RFC or standard which mandates two or more resolvers be used, it is still a good practice to do so.  HE offers only one, and that's their choice.