Hurricane Electric's IPv6 Tunnel Broker Forums

IPv6 Certification Program Topics => General Discussion => Topic started by: randallman on April 03, 2010, 03:49:23 PM

Title: Question about why the AAAA NS Record test in the certification may be failing.
Post by: randallman on April 03, 2010, 03:49:23 PM
Question about why the AAAA NS Record test in the certification may be failing.

I've got at least one NS record which has an IPv6 nameserver.  This is reflected both on a.gtld-servers.net and on the auth NS (in this case, v6ns.randallman.net.)

Please see digs below.

(a.gtld-servers.net)root@bedroom:/etc/network# dig @a.gtld-servers.net randallman.net ns

; <<>> DiG 9.4.2-P2.1 <<>> @a.gtld-servers.net randallman.net ns
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56927
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;randallman.net.         IN   NS

;; AUTHORITY SECTION:
randallman.net.      172800   IN   NS   ns1.mydyndns.org.
randallman.net.      172800   IN   NS   ns2.mydyndns.org.
randallman.net.      172800   IN   NS   ns3.mydyndns.org.
randallman.net.      172800   IN   NS   ns4.mydyndns.org.
randallman.net.      172800   IN   NS   ns5.mydyndns.org.
randallman.net.      172800   IN   NS   v6ns.randallman.net.

;; ADDITIONAL SECTION:
v6ns.randallman.net.   172800   IN   AAAA   2607:f590:f2::2

;; Query time: 25 msec
;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
;; WHEN: Sat Apr  3 18:48:34 2010
;; MSG SIZE  rcvd: 181

And v6ns.randallman.net:
root@bedroom:/etc/network# dig @v6ns.randallman.net randallman.net ns

; <<>> DiG 9.4.2-P2.1 <<>> @v6ns.randallman.net randallman.net ns
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15805
;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;randallman.net.         IN   NS

;; ANSWER SECTION:
randallman.net.      600   IN   NS   v6ns.randallman.net.
randallman.net.      600   IN   NS   ns4.mydyndns.org.
randallman.net.      600   IN   NS   ns2.mydyndns.org.
randallman.net.      600   IN   NS   ns1.mydyndns.org.
randallman.net.      600   IN   NS   ns3.mydyndns.org.
randallman.net.      600   IN   NS   ns5.mydyndns.org.

;; ADDITIONAL SECTION:
v6ns.randallman.net.   600   IN   AAAA   2607:f590:f2::2

;; Query time: 44 msec
;; SERVER: 2607:f590:f2::2#53(2607:f590:f2::2)
;; WHEN: Sat Apr  3 18:49:06 2010
;; MSG SIZE  rcvd: 181


Title: Re: Question about why the AAAA NS Record test in the certification may be failing.
Post by: jimb on April 03, 2010, 04:32:11 PM
If this is the sage test, it wants a v6 glue AAAA record at your parent domain (e.g. host record).

If it's just looking for the existence of NS record in your list of NS records which references a NS with a AAAA, then it should work.

Sometimes the HE server gets a negative cache entry too, so you might have to wait that out.
Title: Re: Question about why the AAAA NS Record test in the certification may be failing.
Post by: randallman on April 03, 2010, 07:29:26 PM
The Negative TTL was the key.

Got through and passed through to sage.  Considering writing a quick script to run for the next 99 days to get me the 1400 :)

Thanks for the assistance.
--Randall

If this is the sage test, it wants a v6 glue AAAA record at your parent domain (e.g. host record).

If it's just looking for the existence of NS record in your list of NS records which references a NS with a AAAA, then it should work.

Sometimes the HE server gets a negative cache entry too, so you might have to wait that out.
Title: Re: Question about why the AAAA NS Record test in the certification may be failing.
Post by: jimb on April 03, 2010, 07:35:26 PM
Well, good luck with sage.  I'm not sure if dyndns.org supports v6 glue records.  Although you could add another NS out of baliwick which has a AAAA glue record and I think the test will pass.

EDIT: oh never mind, I saw u passed.  I guess they do support IPv6 glue (just did a dig and saw that they do).

Also, the daily tests are kind of picky, so be careful with your script.  Can't use the same IPv6 server twice, and sometimes the script refuses to parse whois and ping output correctly for no apparent reason.  :P
Title: Re: Question about why the AAAA NS Record test in the certification may be failing.
Post by: randallman on April 03, 2010, 07:46:04 PM
They are beta testing general deployment options for v6.  I asked if they had a timeline for general deployment, but they did not have anything at this time.

I myself work for a registrar (corporate, not retail) and we can do ip6.arpa via slaving and AAAAs as well, but our frontend UI still has yet to support AAAA at all...

Well, good luck with sage.  I'm not sure if dyndns.org supports v6 glue records.  Although you could add another NS out of baliwick which has a AAAA glue record and I think the test will pass.

EDIT: oh never mind, I saw u passed.  I guess they do support IPv6 glue (just did a dig and saw that they do).

Also, the daily tests are kind of picky, so be careful with your script.  Can't use the same IPv6 server twice, and sometimes the script refuses to parse whois and ping output correctly for no apparent reason.  :P