Hurricane Electric's IPv6 Tunnel Broker Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - divad27182

Pages: [1] 2
1
General Discussion / Re: "DIG PTR" problems?
« on: May 28, 2017, 10:39:57 PM »
Well, I reported this to ipv6@he.net, and in 20 minutes it was fixed.  Excellent work he.net.

--David

2
General Discussion / "DIG PTR" problems?
« on: May 28, 2017, 10:04:08 PM »
Is anybody else having problems with the "DIG PTR" daily test today?  All the others worked fine for me, but not the reverse DNS lookup.  I've tried a number of addresses, and it always says (after correctly parsing the query), something like:
Summary of user's dig query
IPv6 Address: 2001:470:1f06:1356::2
Status: NOERROR
Reverse ip6.arpa:
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.5.3.1.6.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa.
Validating user's dig query
Result: Fail
Reason: Record mismatch

(It almost looks like the test machine can't do reverse DNS lookups as of today.)

--David

P.S. FYI: I find tunnel broker transit networks to be a wonderful source of DNS lookups.  They may not ping, but they are all wonderfully filled in.  Thank you he.net.   :)

3
General Discussion / "DIG AAAA" test bug
« on: May 27, 2017, 12:24:25 PM »
I tried to submit the following result:
Code: [Select]
; <<>> DiG 9.9.5-4~bpo70+1-Debian <<>> aa.net.uk AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33571
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;aa.net.uk. IN AAAA

;; ANSWER SECTION:
aa.net.uk. 53 IN AAAA 2001:8b0:0:30::68
aa.net.uk. 53 IN AAAA 2001:8b0:0:30::65

;; AUTHORITY SECTION:
aa.net.uk. 172793 IN NS primary-dns.co.uk.
aa.net.uk. 172793 IN NS secondary-dns.co.uk.

;; ADDITIONAL SECTION:
primary-dns.co.uk. 172793 IN A 81.187.30.41
primary-dns.co.uk. 172793 IN AAAA 2001:8b0:0:30::51bb:1e29
secondary-dns.co.uk. 172793 IN A 81.187.81.32
secondary-dns.co.uk. 172793 IN AAAA 2001:8b0:0:81::51bb:5120

;; Query time: 1 msec
;; SERVER: 192.168.222.47#53(192.168.222.47)
;; WHEN: Sat May 27 15:11:03 EDT 2017
;; MSG SIZE  rcvd: 239


It was refused, on the basis that "2001:8b0:0:30::68" did not match "2001:8b0:0:30::65".  It turns out that the server side DNS lookup gets the first address, and the parser gets the last address, so any hostname with two IPv6 addresses is rejected unless you cherry pick the submitted results.

4
General Discussion / Re: Unexpected Banner
« on: May 24, 2017, 08:05:09 AM »
On the enthusiast level test, upon sending my mail to my postfix configured email server, I'm given the error "Unexpected banner:". Any idea what this could be?
Banner probably refers to the first line of text that the SMTP server outputs.  It should probably look like:
Code: [Select]
220 [i]hostname[/i] ESMTP [i]packagename[/i]There might legitimately be several lines all but the last start with "220-".  If, when you connect to port 25, you see anything other than these, then that is probably the problem.  Typically, test this with something like "telnet -6 hostname 25"

--David


5
General Questions & Suggestions / Re: HTTP GET request of what file
« on: May 23, 2017, 08:59:43 AM »
You gave them a webserver, like "www.example.com".  They gave you filename, like "feefiefoefum.txt".  You are to make it so that "http://www.example.com/feefiefoefum".txt works.  The content doesn't really matter, though should probably be small.  A word, a sentence, a copy of their instructions on making the file, etc...

>Create a file with the name listed below on the website you entered above.

What is this file that is being referenced on the enthusiast level test? Where can I find it?

6
whois says that my domain is using ns1.he.net and ns2.he.net. These are the namservers which I configured at my registrar.

Well, you should probably be using ns1.he.net through ns5.he.net inclusive.  Your registrar should have the ability to add additional nameservers. If that is the actual cause of the error, I don't know.

7
I don't know if it is relevant, but I just used your ns1.sharktech.network for my daily tests, and the ping gave double replies.

ping6 -c4 2001:470:d:117e:c01d:b00b:babe:fb1
PING 2001:470:d:117e:c01d:b00b:babe:fb1(2001:470:d:117e:c01d:b00b:babe:fb1) 56 data bytes
64 bytes from 2001:470:d:117e:c01d:b00b:babe:fb1: icmp_seq=1 ttl=55 time=172 ms
64 bytes from 2001:470:d:117e:c01d:b00b:babe:fb1: icmp_seq=1 ttl=55 time=172 ms (DUP!)
64 bytes from 2001:470:d:117e:c01d:b00b:babe:fb1: icmp_seq=2 ttl=55 time=186 ms
64 bytes from 2001:470:d:117e:c01d:b00b:babe:fb1: icmp_seq=2 ttl=55 time=186 ms (DUP!)
64 bytes from 2001:470:d:117e:c01d:b00b:babe:fb1: icmp_seq=3 ttl=55 time=167 ms
64 bytes from 2001:470:d:117e:c01d:b00b:babe:fb1: icmp_seq=3 ttl=55 time=167 ms (DUP!)
64 bytes from 2001:470:d:117e:c01d:b00b:babe:fb1: icmp_seq=4 ttl=55 time=167 ms

--- 2001:470:d:117e:c01d:b00b:babe:fb1 ping statistics ---
4 packets transmitted, 4 received, +3 duplicates, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 167.258/174.216/186.226/7.829 ms

8
I fear I get different results for that domain:

host -v -t ns sharktech.network.
Trying "sharktech.network"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65336
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;sharktech.network.             IN      NS

;; ANSWER SECTION:
sharktech.network.      3217    IN      NS      ns2.sharktech.network.
sharktech.network.      3217    IN      NS      ns1.sharktech.network.

;; ADDITIONAL SECTION:
ns1.sharktech.network.  86016   IN      AAAA    2001:470:d:117e:c01d:b00b:babe:fb1
ns2.sharktech.network.  86016   IN      AAAA    2001:470:d:117e:c01d:b00b:babe:c1a

Received 127 bytes from 192.168.222.47#53 in 3 ms


I also checked the network. nameservers, and both your listed nameservers, and everything was consistent.

I suspect the difference between what I see and what you showed either means you have a split horizon DNS, or you've changed it since then (which the SOA tends to deny).

I would expect what I see to work... except that maybe they are checking for IPv6 and IPv4?

9
A few thoughts occur:
  • It might be cached on their side.  Have you waited until the TTL expires?
  • There might be glue issues.  Have you updated the glue on the upstream nameservers?
  • Did you remember to update the SOA record?
  • If you want anyone else to look, you should consider identifying your domain.
--David

(I will admit I found this test ridiculously simple.  he.net is my DNS host.)

10
If you look in the "Packet Details" frame (the middle one), you should see both "Internet Protocol Version 4" and "Internet Protocol Version 6".  The former is the IPv4 header saying it's content is protocol 41.  The later is the protocol 41 content, which is to say the first IPv6 header.  Since Wireshark always shows the most decoded form, you will see this as IPv6 traffic.  If you really wanted to, you could disable the IPv6 decoder.

--David

11
My IP is A:B:C:D::2/128, while the routed /64 is A:B:E:F::/64 .

And you are right, others IP could be A:B:C:G::2/128, or even A:B:C:D:H::2/128, although the latter is becoming inconvenient.quickly. So I guess the /48 subnet could provide 64k single endpoints.

So I think my real question is: Why is my endpoint IPv6 address not inside my routed /64 subnet?

Actually, that can be done, but it requires such painful routing rules on both ends that it isn't worth doing.  The issue is that their router's endpoint IPv6 address would then also need to be in your routed /64 subnet, but would not be truly in that subnet.  As I said, painful routing rules.

--David

12
Yesterday I applied for a HE IPv6 tunnel, and got one. The default tunnel consists of an IPv6 address, ending on ::2, and a routed /64 subnet. What struck me is that the address is in a different /48 subnet than the routed /64 subnet. That means that a whole /48 subnet is burned just to provide my router an IPv6 address.

As my former Sixxs IPv6 address and subnet had the same peculiarity, I guess there is a technical reason for that. Which one?

Not quite right.

You got A:B:C:D::2/64 for your router, and A:B:E:D::/64 as your subnet. 

This means there is a /64 for your router to their router communication, and a /64 for your use.  And then, presumably, each tunnel through that HE node gets is own unique D value, and shares the A:B:C:: and A:B:E:: subnets.

Admittedly, it might have been a better use of resources to give out A:B:C:0:0:0:D:2/112 for the router and A:B:C:D::/64 for the subnet, but it's probably better just not to try to explain using /112 (or even /126 or /127) subnets.

--David

13
General Discussion / Re: Unable to establish Ipv6 connectivity
« on: March 13, 2017, 05:28:34 PM »
Quote
While I don't know the full details of 6in4, I'm not sure how well it will work through the NAT firewall. 

6in4 has no issue with NAT as long as the router knows what's going on and is able to pass the traffic without bothering it.
In which case, an obvious suggestion is: you might try putting the windows machine in the DMZ.

Quote
you might try putting your 112.xxx.xxx.xxx address in the localaddress= value. [guessing]

That'll make things worse, the 192.x is appropriate here.
I guess that means it is a bind address.  I found that omitting it on my Linux box did not affect functionality.

14
General Discussion / Re: Unable to establish Ipv6 connectivity
« on: March 13, 2017, 04:27:37 PM »
Well, I would think the following two lines are suspect:

netsh interface ipv6 add v6v4tunnel interface=IP6Tunnel localaddress=192.xxx.x.xxx remoteaddress=216.66.80.26

   IPv4 Address. . . . . . . . . . . : 192.xxx.x.xxx

While I don't know the full details of 6in4, I'm not sure how well it will work through the NAT firewall. 

You might try seeing if you can configure the tunnel directly on the TP Link router.
You might try securing your windows box and plugging it straight into the internet connection.  (This might at least let you get to the next step...)
you might try putting your 112.xxx.xxx.xxx address in the localaddress= value. [guessing]

--David G

(I stayed stuck at Explorer for 2 years on this issue.  Then I tried 6to4 and was Sage within two days. :) )

Edit: strike wrong suggestion.

15
In any case, I'll try targetting that address tomorrow.  (I've already done my points for today.  :-) )
Well, I tried it, and I removed the duplicate address I was suggesting, and it worked.  The other major differences were:
  • my addresses were in lower case
  • I had one more hop before reaching ve422.core1.nyc4.he.net
  • My traceroute doesn't assume the target's address gets the target's name, so the last line was:
    Quote
    9  juniper.webway.se (2a02:920:212e:1::213)  131.990 ms  132.554 ms  126.184 ms
Frankly, I would not have thought any of these would cause problems, but it gives me more things to test.   ;)

--David

Edit: correct list formatting

Edit: Upper case didn't make it fail.  Nor did lack of hostnames.

Edit: It appears that the line before the first trace line is important.  It appears that it having a hostname they can resolve is not.

Pages: [1] 2