Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  


Welcome to Hurricane Electric's forums!

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - snarked

Pages: [1] 2 3 ... 48
Questions & Answers / Re: Can't tracertv6 to host
« on: April 19, 2018, 11:00:52 AM »
Also, check your IPv4 address -- especially if you're on a dynamic link (including one that doesn't change often).

General Questions & Suggestions / Re: DNSSEC support?
« on: April 16, 2018, 12:30:43 AM »
Requesting an update on this 7-year-old thread.....

How is DNSSEC support coming along?

With the release of RFCs defining CDS, CDNSKEY, and CSYNC records more than a year ago, any chance on sub-zones of HE's address range (i.e. reverse zones under 2001:470::/32) being processed so that our sub-reverse zones will have recognized DNSSEC signatures (i.e, "chain of trust")?  :)

cf.  RFCs 7344 (Sept 2014), 7477 (March 2015), and 8078 (March 2017).

I see that PowerDNS through 4.1.2 has a lot of DNSSEC improvements (but no mention of the RRs above).  Meanwhile, ISC's BIND handles all of this.

Questions & Answers / Re: Western Canada?
« on: April 11, 2018, 05:51:03 PM »
Seattle, WA, USA can serve Vancouver.

Winnipeg, MB, CAN [tserv1.ywg1] has a tunnel server.

Certainly one of these two is close enough...

Could it be that your tunnel terminates in a "liberal state."   :)

Seriously:  No help here as I use a different tunnel server.

However, the "tunnels by server" page indicates your tunnel server has almost 4k tunnels in use (3,946 when I posted).  Maybe there's too many "power users" all sucking torrents or something....  Nothing looks strange on the "tunnel latency" page (although it only lists usually the "closest" tunnels).

PS:  Linux kernel 4.16.1 is out.

Try this:  First, set up the zone(s) as slave/secondary here, then use the "convert" button to convert to primary.

General Questions & Suggestions / Re: Hostname for IPV6 Tunnel Address
« on: March 21, 2018, 10:59:52 PM »
The IPv6 addresses on the tunnel itself do have names set up by HE.  HE controls the reverse zone - the names are static.
The IPv6 addresses on the routed subnet(s) do not have names.  You may set up the reverse zones for the routed space via HE's DNS portal.

As far as what names to set the routed reverse zones to point at is defined by you.  I do not believe that there is any naming structure that HE accepts here, and without your own domain name(s), you are out of luck.

However, I do note that there are a few DNS hosting services out there that allow dynamic names and such, and they work by users setting up sub-zones and/or host names under their domains.  These will not be under DNS.HE.NET's control.

The following is not an endorsement of any service:
Check out "" (shared subdomains) and "" (free dynamic DNS for 3 host names) as examples of solutions that may work for you (or possibly not).  There may be other similar services....

Alternatively, I note that the registration for a domain name (under some TLDs) may still be less than $10.00/year at some discount registrars.  A domain name is preferred if you intend to receive e-mail.

Questions & Answers / Re: Traffic appears to be coming from China
« on: January 08, 2018, 12:17:26 PM »
Note the differences in revision dates of the databases.  The one that has your proper location is the most recent update.  It may take time for that update to propagate to the other database versions, and then more time for the sites to fetch the update.  It should straighten out in a month.

1)  Look carefully at your "up ip -6" rules.  They are not parallel for the two interfaces.  The explicit interface declaration "dev xxx" isn't similar - it hops between the "rule" and "route" subcommands.

2)  If you want packets to go out via both interfaces, you need to do some sort of multi-routing.  This may entail running a routing protocol (BGP, OSPF, etc), or enabling multiple equal path routing in the kernel.  You have multiple default routes, so only the first one found in the routing table will be used in the absence of multi-routing.

IPv6 Basics & Questions & General Chatter / Re: How or Where to tell?
« on: November 27, 2017, 01:24:44 PM »
You're asking the wrong question.  The real question should probably be:  Why doesn't this person understand that a 404 means that the resource isn't there, and why they don't get the clue to give up on it....?

Who really cares if they continue to hold a defunct certificate?

There is a way to create a certificate revocation list (to revoke unexpired certificates, including CA certificates).  However, the details of this construct is beyond my knowledge.  Maybe that's what you need to do if you really care to....

IPv6 on Linux & BSD & Mac / Re: Joining Router to all-routers multicast
« on: October 24, 2017, 12:21:49 AM »
Interfaces have a "multicast" flag.  See if that flag matches the ones you see (it should) and if it is absent from the other interfaces.  If that's the case, then you need to use "ip" or "ifconfig" to set the multicast flag, and see if that fixed the issue.

Virtual interfaces based on a real one (or set, such as bond0) usually reflect the multicast flag of the real one(s).  Could it be that one of your bonded interfaces has an incorrect flag?  (That shouldn't happen, but it can).

I don't use the CentOS distribution, so you've probably reached the limit of my help and suggestions.

IPv6 on Linux & BSD & Mac / Re: Joining Router to all-routers multicast
« on: October 23, 2017, 01:40:02 PM »
Next issue: Are they configured as multicast routers?  That requires an additional kernel configuration item (and if you use modules, an additional module need be loaded).  The configuration item is called CONFIG_IP_MROUTE, so look for a module with "mroute" in its name if you use modules.  (CentOS uses the Linux kernel).

You cannot assign a multicast address to an interface as it is not valid to use as a SOURCE address.  "netstat -g" will tell you for which multicast addresses you're listening.

General Questions & Suggestions / Re: Dynamic Prefix for IPv6
« on: October 23, 2017, 01:30:17 PM »
A6 might still be implemented by some DNS software that never was updated to remove it.  Snoop around.

Questions & Answers / Re: Is an IPv6 tunnel applicable for Xbox One?
« on: October 22, 2017, 11:28:36 AM »
Your router should be set to "6in4".

IPv6 on Linux & BSD & Mac / Re: Joining Router to all-routers multicast
« on: October 20, 2017, 11:23:03 PM »
...  All is working well, however the boxes do not respond to FF01::2 "all-routers" address so I have a few questions....

Did you try FF02::2?

IPv6 on Linux & BSD & Mac / Re: IPv6-Tunnel on two DSL
« on: October 20, 2017, 11:39:26 AM »
...  Hosts don't end-up multicasting, so there isn't a problem.... 

You're wrong about that.  From where do you think multicast packets are sourced?

Pages: [1] 2 3 ... 48