Hurricane Electric's IPv6 Tunnel Broker Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - divad27182

Pages: [1]
1
General Discussion / "DIG PTR" problems?
« on: May 28, 2017, 10:04:08 PM »
Is anybody else having problems with the "DIG PTR" daily test today?  All the others worked fine for me, but not the reverse DNS lookup.  I've tried a number of addresses, and it always says (after correctly parsing the query), something like:
Summary of user's dig query
IPv6 Address: 2001:470:1f06:1356::2
Status: NOERROR
Reverse ip6.arpa:
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.5.3.1.6.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa.
Validating user's dig query
Result: Fail
Reason: Record mismatch

(It almost looks like the test machine can't do reverse DNS lookups as of today.)

--David

P.S. FYI: I find tunnel broker transit networks to be a wonderful source of DNS lookups.  They may not ping, but they are all wonderfully filled in.  Thank you he.net.   :)

2
General Discussion / "DIG AAAA" test bug
« on: May 27, 2017, 12:24:25 PM »
I tried to submit the following result:
Code: [Select]
; <<>> DiG 9.9.5-4~bpo70+1-Debian <<>> aa.net.uk AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33571
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;aa.net.uk. IN AAAA

;; ANSWER SECTION:
aa.net.uk. 53 IN AAAA 2001:8b0:0:30::68
aa.net.uk. 53 IN AAAA 2001:8b0:0:30::65

;; AUTHORITY SECTION:
aa.net.uk. 172793 IN NS primary-dns.co.uk.
aa.net.uk. 172793 IN NS secondary-dns.co.uk.

;; ADDITIONAL SECTION:
primary-dns.co.uk. 172793 IN A 81.187.30.41
primary-dns.co.uk. 172793 IN AAAA 2001:8b0:0:30::51bb:1e29
secondary-dns.co.uk. 172793 IN A 81.187.81.32
secondary-dns.co.uk. 172793 IN AAAA 2001:8b0:0:81::51bb:5120

;; Query time: 1 msec
;; SERVER: 192.168.222.47#53(192.168.222.47)
;; WHEN: Sat May 27 15:11:03 EDT 2017
;; MSG SIZE  rcvd: 239


It was refused, on the basis that "2001:8b0:0:30::68" did not match "2001:8b0:0:30::65".  It turns out that the server side DNS lookup gets the first address, and the parser gets the last address, so any hostname with two IPv6 addresses is rejected unless you cherry pick the submitted results.

3
IPv6 on Linux & BSD & Mac / RIP on IPv6 for Linux?
« on: March 03, 2017, 07:22:21 PM »
Once upon a time, I worked on a network of SunOS computers.  They all ran "routed" implementing the RIP protocol.  They all routed everything right.  At some point our network administrators decided that the 3 packets per router per minute was too much traffic on our network, and shut it down.  Routing problems started.

Does anyone known of a comparable lightweight routing daemon for IPv6 and IPv4, for the Linux (debian) platform?  As far as I'm concerned, Quagga or Zebra is to heavy.  I tried "babeld", but it was too much based on hosts instead if networks.

I'm looking for something that is single process, single thread, small executable, minimal configuration, and capable of running on every node in the network, including the non-routing nodes.  (Non-routing nodes should just be receive only, except for an initial broadcast like in RIP.)   Ideally, it could also replace radvd.

--David G

4
Suggest a Test! / IPv6 DNS lookup
« on: February 07, 2017, 09:45:05 AM »
How about doing a DNS lookup using IPv6.

In order to do this, one would need a DNS zone that is deliberately NOT delegated to, on a server that only accepts IPv6 requests.  Then the testee would fetch something from the server, and enter that as evidence of test completion. 

I suggest that it be a TXT record, using a domain name like <username>.hurricane-electric-certification-test.  and that the value be a nonce, followed by a hash of the nonce, username, and a secret shared between the dns server and the test server.  This would prevent sharing answers, or taking too long to enter the answer.

--David

Pages: [1]