http://www.google.com/intl/en/ipv6/
Could HE look into getting involved with this? I'd love to be able to have Google search and GMail alone via v6 never mind all the other services they have.
Quote from: brad on January 08, 2009, 04:30:24 PM
http://www.google.com/intl/en/ipv6/
Could HE look into getting involved with this? I'd love to be able to have Google search and GMail alone via v6 never mind all the other services they have.
Like I mentioned in the other thread about exactly this, we're discussing it internally. However it would require you to use whatever NS we select, if we register for it, for all your lookups. Your ISP can also sign up for this, although I guess by the terms mentioned on that page they'd have to have significant IPv6 presence.
Quote from: broquea on January 08, 2009, 05:06:44 PM
Like I mentioned in the other thread about exactly this, we're discussing it internally. However it would require you to use whatever NS we select, if we register for it, for all your lookups. Your ISP can also sign up for this, although I guess by the terms mentioned on that page they'd have to have significant IPv6 presence.
My ISP doesn't have any IPv6 service so they would not be able to sign up for this. HE is my "IPv6 ISP" so to speak via the tunnel(s). I think letting users know they could use designated servers setup to resolve names would be Ok, since HE would have such servers for any customers directly on their network anyway. As well as provide a list of domains Google provides with IPv6 enabled services so if users either via native service or tunnel could forward name resolution requests to those designated servers that would also be possible.
Quote from: brad on January 08, 2009, 05:18:20 PM
Quote from: broquea on January 08, 2009, 05:06:44 PM
Like I mentioned in the other thread about exactly this, we're discussing it internally. However it would require you to use whatever NS we select, if we register for it, for all your lookups. Your ISP can also sign up for this, although I guess by the terms mentioned on that page they'd have to have significant IPv6 presence.
My ISP doesn't have any IPv6 service so they would not be able to sign up for this. HE is my "IPv6 ISP" so to speak via the tunnel(s). I think letting users know they could use designated servers setup to resolve names would be Ok, since HE would have such servers for any customers directly on their network anyway. As well as provide a list of domains Google provides with IPv6 enabled services so if users either via native service or tunnel could forward name resolution requests to those designated servers that would also be possible.
Oh I agree, if we do decide to move forward with this we'll certainly announce it to our users.
Anyone know if GoogleBot will go IPv6 soon?
And any ideas what user can do about this without using ISP's resolver. ATM, I access most of Google's services (Gmail, Search, Reader) over IPv6 by putting up their IPv6 endpoint mapped with the domain names of these services in my /etc/hosts which works fine, but I'm wondering if there is anything could be done over DNS level, so that other box in LAN can also enjoy similar experience without modifying their /etc/hosts. BtW, instead of using ISP's resolver, I run my own DNS resolver.
Thanks
Quote from: wahjava on January 11, 2009, 07:34:15 PM
And any ideas what user can do about this without using ISP's resolver. ATM, I access most of Google's services (Gmail, Search, Reader) over IPv6 by putting up their IPv6 endpoint mapped with the domain names of these services in my /etc/hosts which works fine, but I'm wondering if there is anything could be done over DNS level, so that other box in LAN can also enjoy similar experience without modifying their /etc/hosts. BtW, instead of using ISP's resolver, I run my own DNS resolver.
Thanks
I already made it very clear what the potential options are. If you can't accept the option I had mentioned for users with their own recursive name resolution servers then you've created your own problem.. deal with it.
Quote from: wahjava on January 11, 2009, 07:34:15 PM
And any ideas what user can do about this without using ISP's resolver. ATM, I access most of Google's services (Gmail, Search, Reader) over IPv6 by putting up their IPv6 endpoint mapped with the domain names of these services in my /etc/hosts which works fine, but I'm wondering if there is anything could be done over DNS level, so that other box in LAN can also enjoy similar experience without modifying their /etc/hosts. BtW, instead of using ISP's resolver, I run my own DNS resolver.
Thanks
If all your local hosts are using your local resolver, you could do effectively the same thing with it as you're doing with hosts, and that's to setup a zone for google.com in your local resolver. This does have a couple gotchas in that if Google changes any addresses, you won't be able to reach the new ones, as your resolver will never check for them (same issue you have with /etc/hosts), and if there's a subdomain of Google's that you don't have in your zone, you'll get a no such host reply back if you try and hit it, unless your resolver will let you do limited overrides of an external zone.
I'm not interested in masking the zone.
Anyways thanks for the reply.
As an update, we originally asked to register 2 caching NS for use in our west coast co-location facilities. Primarily for our paying customers, and to see how well this worked. Having been able to test, we probably would have decided on a larger deployment of caching NS.
Somehow this request got construed as being only for tunnelbroker.net users, rather than our dual-stacked co-location, transit and web-hosting/server rental customers. As such Google doesn't want to move forward unless we deploy caching NS everywhere.
This will be discussed internally and if anything comes of it, we'll let you know.
We are still pushing to get our west coast facilities registered for this so we can complete the testing.
Quote from: wahjava on January 11, 2009, 07:34:15 PM
but I'm wondering if there is anything could be done over DNS level, so that other box in LAN can also enjoy similar experience without modifying their /etc/hosts. BtW, instead of using ISP's resolver, I run my own DNS resolver.
Had the same idea.
Have a look at my dns server at: 2001:470:9971:1001::53:
- it's only configurated for www.google.fi and google.fi
- give the false ips (real ips and much more domain in a few days)
- it's recursive also
- a records are not hardcoded (but nearest in europe - fra/ams)
- speed will be improved
- custom backend for powerdns
# dig @2001:470:9971:1001::53 AAAA www.google.fi
; <<>> DiG 9.6.0b1 <<>> @2001:470:9971:1001::53 AAAA www.google.fi
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7261
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.google.fi. IN AAAA
;; ANSWER SECTION:
www.google.fi. 60 IN AAAA 2001:4860:0:1001::fff
;; Query time: 1 msec
;; SERVER: 2001:470:9971:1001::53#53(2001:470:9971:1001::53)
;; WHEN: Mon Jan 19 23:59:54 2009
;; MSG SIZE rcvd: 59
# dig @2001:470:9971:1001::53 www.google.fi
; <<>> DiG 9.6.0b1 <<>> @2001:470:9971:1001::53 www.google.fi
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35831
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.google.fi. IN A
;; ANSWER SECTION:
www.google.fi. 60 IN A 209.85.129.147
www.google.fi. 60 IN A 209.85.129.99
www.google.fi. 60 IN A 209.85.129.104
;; Query time: 415 msec
;; SERVER: 2001:470:9971:1001::53#53(2001:470:9971:1001::53)
;; WHEN: Tue Jan 20 00:00:35 2009
;; MSG SIZE rcvd: 79
Quote from: broquea on January 12, 2009, 07:09:25 PM
As an update, we originally asked to register 2 caching NS for use in our west coast co-location facilities. Primarily for our paying customers, and to see how well this worked. Having been able to test, we probably would have decided on a larger deployment of caching NS.
So Google is still slacking?
As far as I know the conversation with Google stopped in January and didn't make progress on their side (someone else at HE took over emailing them). This is probably backburner right now, as we have other items to attend to. We'll revisit it at a later date.
In the meantime, if anyone operates their own name servers, and promises Google to not let anyone outside of their region, or more specifically their company, use them, I'm certain you can qualify.
Quote
We have enabled IPv6 DNS cache resolvers for all SixXS users. As a nice carrot for you to use the resolvers we built, we've asked Google to add these resolvers to their trusted tester list, which means that when you use them, you will receive AAAA answers for queries like www.google.com and maps.google.com!
See the IPv6 DNSCache pages for more information, including how to configure your system to use the resolvers.
http://www.sixxs.net/tools/dnscache/
Could HE please look into adding some recursive resolvers to their network with Google name server whitelisting? :)
It looks like they're now OK with tunnel brokers:
Quote from: Google IPv6 FAQ
I am a user of an IPv6 tunnel broker. Can I receive Google over IPv6?
Some tunnel broker operators allow their users to access Google over IPv6 by providing special DNS resolvers close to their users. Please contact your tunnel broker for more details.
There is actually an option for people who run their own caching DNS to use HE's servers selectively. Assuming he.net had two nameservers with v6 addresses FOO and BAR with whatever magic is needed for google IPv6, I think one should be able to use:
zone "google.com" {
type forward;
forward first;
forwarders {
FOO;
BAR;
};
};
in named.conf to get v6-enabled lookups from HE for google, but use one's own cache otherwise.
I have it done in a similar way.
And btw FOO and BAR do not need to be HE name servers but I am using HE as my main ipv6 link.
No, but they need to be someone who will let you do recursion and most people don't allow recursion outside their networks, so I haven't found suitable values of FOO and BAR (BAZ...) yet.
Haven't searched on the US side of the globe but on the old continent you have a chance to find FOO.
Also a different suggestion: one can have more then one tunnel.
FYI, after their conference in March, we did a recursor deployment to help solve the latency issues they thought might affect traffic. They've agreed that that requirement has been met.
We're waiting to hear back from them about the white-listing getting approved.
Quote from: piojan on April 18, 2009, 01:59:03 PM
Haven't searched on the US side of the globe but on the old continent you have a chance to find FOO.
True, but that would also likely end up returning addresses for Google hosts that serve Europe, which is suboptimal.
Quote
Also a different suggestion: one can have more then one tunnel.
True, but that's starting to sound like an awful lot of effort vs just typing ipv6.google.com (or just using v4!). I think named.conf mods is where I draw the line :)
Quote from: broquea on April 18, 2009, 02:23:26 PM
FYI, after their conference in March, we did a recursor deployment to help solve the latency issues they thought might affect traffic. They've agreed that that requirement has been met.
We're waiting to hear back from them about the white-listing getting approved.
Any word back from them?
Just received email about this, check your email for message with subject:
Hurricane Electric IPv6 tunnelbroker.net update
Executive summary: "works now".
anyone know the mod for use with dnsmask? This is for my WRT54G router running OpenWRT.
Quote from: davygrvy on June 12, 2009, 11:49:01 AM
anyone know the mod for use with dnsmask? This is for my WRT54G router running OpenWRT.
Not sure what you mean. Reading their man page it appears that if you have the recursor (v6 or v4) in your /etc/resolv.conf it should be using that:
Dnsmasq is a DNS query forwarder: it it not capable of recursively answering arbitrary queries starting
from the root servers but forwards such queries to a fully recursive upstream DNS server which is typically
provided by an ISP. By default, dnsmasq reads /etc/resolv.conf to discover the IP addresses of the upstream
nameservers it should use, since the information is typically stored there. Unless --no-poll is used, dnsmasq
checks the modification time of /etc/resolv.conf (or equivalent if --resolv-file is used) and re-reads it if it
changes. This allows the DNS servers to be set dynamically by PPP or DHCP since both protocols provide
the information. Absence of /etc/resolv.conf is not an error since it may not have been created before a PPP
connection exists. Dnsmasq simply keeps checking in case /etc/resolv.conf is created at any time.
Doesn't appear to work on the LAN side when I add 'nameserver 74.82.42.42' to /etc/resolv.conf. On the router itself, www.google.com does get a v6:
root@OpenWrt:~# nslookup www.google.com
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost.
Name: www.google.com
Address 1: 2001:4860:b006::68
Address 2: 74.125.19.104 cf-in-f104.google.com
Address 3: 74.125.19.99 cf-in-f99.google.com
Address 4: 74.125.19.147 cf-in-f147.google.com
Address 5: 74.125.19.103 cf-in-f103.google.com
root@OpenWrt:~#
Doesn't appear to be the case on the LAN:
davygrvy@bigmoma:~$ nslookup -type=AAAA www.google.com
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
www.google.com canonical name = www.l.google.com.
Authoritative answers can be found from:
davygrvy@bigmoma:~$
Ok, so it isn't a recursor, and isn't caching what results it gets, but nor does it provide you an answer. Does it hand out the dns ips via dhcp? maybe make it hand out the recursor that way instead of failing as it is? Not really familiar with this utility, so its all guesswork. I use bind for authoritative and pdns-recursor for my caching.
Found it. This applies to OpenWRT 9.04
1) open /etc/config/dhcp in vim.
2) under the dnsmask section, change the local line with the value '/lan/' to be '/google.com/74.82.42.42'.
3) exit and save
4) restart dnsmask
Thank you this works on dd-wrt as well. Also you can use the ipv6 address for the google.com domain.
Sorry could someone explain how to do this on dd-wrt? I can't find the file in which to change '/lan/' to /google.com/74.82.42.42'. Opening /etc/config/dhcp in vim on my dd-wrt v24-sp1 brings up a blank file.
Thanks
I'm not sure how I'm supposed to use this...can someone give me a little direction? I use MS AD for my DNS
Thanks
Just set up a forwarders entry for google.com zone on your DNS server, pointing that zone to the servers HE supplies.
Hmm...with MS DNS, I do not see a way to set a forwarder by domain name (eg google.com) Has anyone done this before with MS DNS?
Never mind, I found it. With server 2008, they moved the location of the conditional forwarders.
Unfortunately, it's telling me that a "timeout occurred during validation"
It's trivial in BIND:
# HE DNS server for google IPv6 service
zone "google.com" IN {
type forward;
forward first;
forwarders {
2001:470:20::2;
74.82.42.42;
};
};
Once I found it in MS DNS, it was pretty easy, just a couple of clicks.
So what are the appropriate HE DNS servers to use to get default IPv6 DNS records for Google?
Thanks.
Scott
Quote from: scottajohnson on February 21, 2010, 07:04:15 PM
So what are the appropriate HE DNS servers to use to get default IPv6 DNS records for Google?
Thanks.
Scott
They're in the tunnel details page listed as the Anycast DNS servers, included below.
Anycasted IPv6 Caching Nameserver: 2001:470:20::2
Anycasted IPv4 Caching Nameserver: 74.82.42.42
For more recent revisions of OpenWrt add the following to the dnsmasq section of '/etc/config/dhcp' and leave the /lan/ lines intact.
list server '/google.com/2001:470:20::2'
list server '/google.ca/2001:470:20::2'
list server '/youtube.com/2001:470:20::2'
or
list server '/google.com/74.82.42.42'
list server '/google.ca/74.82.42.42'
list server '/youtube.com/74.82.42.42'
https://forum.openwrt.org/viewtopic.php?id=28975