- Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.
News:
Welcome to Hurricane Electric's Tunnelbroker.net forums!
Recent posts
#1
IPv6 on Windows / Re: unreachable from outside
Last post by cnsh - March 01, 2026, 04:38:50 AM
I have protocol 41 Core Networking enabled, I have no idea about 41 for IPv4...
Both inbound and outbound protocol 41 rules are set.
#2
General Questions & Suggestions / Re: SOA EXPIRE number is: 3600...
Last post by dizik - February 28, 2026, 05:48:04 AMThank you.
#3
General Questions & Suggestions / Re: SOA EXPIRE number is: 3600...
Last post by snarked - February 28, 2026, 01:25:10 AMThat DNS checker believes that the expire value should be between 2 to 4 weeks (14 to 28 days) per RFC 1912 section 2.2 (now 30 years old) which merely SUGGESTS the range. 1000 hours is 41 days 16 hours. I personally use 5 weeks (35 days), which it doesn't like either. I prefer to have a handful of days beyond 1 full month in case I'm having a hardware problem which requires buying replacement equipment.
The only TTL-type value I use in excess of 5w is for RFC-fixed values defined as constant such as (e.g.):
localhost. 13w IN AAAA ::1
localhost. 13w IN A 127.0.0.1
13 weeks is 91 days, or about 3 standard months, or a quarter of one year. A maximum TTL of 136.1+ years is overkill.
The minimum (negative cache) value should be close to the retry value for zones which are either dynamic or manually changed often, if not less. Exceeding (half of) the refresh value is definently bad.
Don't read too much into warnings. It's just the tool's opinion.
The only TTL-type value I use in excess of 5w is for RFC-fixed values defined as constant such as (e.g.):
localhost. 13w IN AAAA ::1
localhost. 13w IN A 127.0.0.1
13 weeks is 91 days, or about 3 standard months, or a quarter of one year. A maximum TTL of 136.1+ years is overkill.
The minimum (negative cache) value should be close to the retry value for zones which are either dynamic or manually changed often, if not less. Exceeding (half of) the refresh value is definently bad.
Don't read too much into warnings. It's just the tool's opinion.
#4
IPv6 on Windows / Re: unreachable from outside
Last post by snarked - February 28, 2026, 12:52:08 AMIn your firewall, do you allow protocol 41 (ipv6) for IPv4 packets? If not, that's (most likely) the problem.
#5
General Questions & Suggestions / SOA EXPIRE number is: 3600000....
Last post by dizik - February 26, 2026, 07:22:31 AMHello.
I checked my domain with Google: https://intodns.com/ and the check showed two warnings.
1. SOA EXPIRE. Your SOA EXPIRE number is: 3600000. That's NOT OK.
2. SOA MINIMUM TTL. Your SOA MINIMUM TTL value is: 172800. This value seems a bit high. You should consider decreasing this value to about 1-3 hours, as recommended by RFC2308. This value was used as a default TTL for records without a given TTL value and is now used for negative caching (indicates how long a resolver may cache the negative answer). RFC2308 recommends a value of 1-3 hours.
I can't fix these warnings. This is an automatically created record. What can I do? Just accept it? Or will you fix them according to RFC2308 recommendations?
I checked my domain with Google: https://intodns.com/ and the check showed two warnings.
1. SOA EXPIRE. Your SOA EXPIRE number is: 3600000. That's NOT OK.
2. SOA MINIMUM TTL. Your SOA MINIMUM TTL value is: 172800. This value seems a bit high. You should consider decreasing this value to about 1-3 hours, as recommended by RFC2308. This value was used as a default TTL for records without a given TTL value and is now used for negative caching (indicates how long a resolver may cache the negative answer). RFC2308 recommends a value of 1-3 hours.
I can't fix these warnings. This is an automatically created record. What can I do? Just accept it? Or will you fix them according to RFC2308 recommendations?
#6
IPv6 on Windows / Re: unreachable from outside
Last post by cnsh - February 24, 2026, 02:59:22 AMLittle update.
I knocked all firewalls down and then the port was reachable. (IPv4 host is reachable even when the firewall is up)
Wondering where I can make IPv6 firewall rules follow the ones of IPv4.
+ The IPv6 and Neighborhood Discovery Core Networking in advanced firewall is also enabled.
I knocked all firewalls down and then the port was reachable. (IPv4 host is reachable even when the firewall is up)
Wondering where I can make IPv6 firewall rules follow the ones of IPv4.
+ The IPv6 and Neighborhood Discovery Core Networking in advanced firewall is also enabled.
#7
IPv6 on Windows / unreachable from outside
Last post by cnsh - February 24, 2026, 02:52:33 AMI have set up an IPv6 tunnel, but cannot ping from outside, and cannot access open ports from outside.
Both ping and port scan works over IPv4, but IPv6 doesn't.
I'm using Frankfurt endpoint.
It's not my ISP's issue as they themselves have IPv6 services.
Both ping and port scan works over IPv4, but IPv6 doesn't.
I'm using Frankfurt endpoint.
It's not my ISP's issue as they themselves have IPv6 services.
#8
General Questions & Suggestions / Does not work site dns.he.net
Last post by worknd - February 02, 2026, 01:18:46 AMI can not get access to site dns.he.net
#9
Questions & Answers / Re: rwhois.he.net:4321 is down...
Last post by idealneck - January 29, 2026, 10:25:32 AMCloudflare does the following for their WARP service:
Code Select
$ whois 104.16.0.0
% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object
refer: whois.arin.net
inetnum: 104.0.0.0 - 104.255.255.255
organisation: ARIN
status: ALLOCATED
whois: whois.arin.net
changed: 2011-02
source: IANA
# whois.arin.net
NetRange: 104.16.0.0 - 104.31.255.255
CIDR: 104.16.0.0/12
NetName: CLOUDFLARENET
NetHandle: NET-104-16-0-0-1
Parent: NET104 (NET-104-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Cloudflare, Inc. (CLOUD14)
RegDate: 2014-03-28
Updated: 2024-09-04
Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
Comment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
Ref: https://rdap.arin.net/registry/ip/104.16.0.0
QuoteComment: Geofeed: https://api.cloudflare.com/local-ip-ranges.csv
#10
Questions & Answers / Re: rwhois.he.net:4321 is down...
Last post by idealneck - January 29, 2026, 10:18:26 AMI thought the whois referral might have a link to https://tunnelbroker.net/export/google.
I asked a geoip provider (forgot which, I had submitted to various different geoip providers asking for my geolocation to be updated; most have done so at this point) to fetch https://tunnelbroker.net/export/google but one of them stated that it had to be linked to in the whois data before they would trust it.
I asked a geoip provider (forgot which, I had submitted to various different geoip providers asking for my geolocation to be updated; most have done so at this point) to fetch https://tunnelbroker.net/export/google but one of them stated that it had to be linked to in the whois data before they would trust it.