Recent posts

#1

General Questions & Suggestions / bad horizontal referral

Last post by mauromarzorati - November 14, 2025, 07:38:11 AM

Hello, I'm trying to have a separate zone for a subdomain of my primary domain. I'm having trouble creating this zone (new domain) with the Free DNS GUI, which complains that the zone does not pass verification requiring delegation to ns[1-5].he.net be done first. I have done this, and yet the validation still fails with the new name. To verify that the NS records are active, I run `dig +trace` and receive bad (horizontal) referral message from ns[1-5].he.net. So I'm unclear how to overcome this blocker when creating the additional zone. The zone in question is `test.marzorati.us`

#2

Questions & Answers / Re: Changing tunnel servers

Last post by adayton01 - November 08, 2025, 11:11:05 AM

Have a Peplink BR1 MAX PRO 5G gateway/router. It "TALKs" to T-Mobile at Home Towers (Business Account w/Static IPv4 address)"WAN" feed for my Home test lab LAN.  (LTE & 5G). I just successfully installed HE Tunnel (dual stack also works :-) ) on my Windows 11 PRO for Workstation PC and am getting 10/10 green lights on IPv6 tests. Only took two years of procrastination to accomplish what turned out to by relatively trivially task.....OOooF! lol.
While this milestone is wonderful it is ONLY useful on that specific LAN PC client. Now I want to move/install the tunnel on the BR1 so that it applies on the WAN to feed the entire LAN. I need help with any specific configs applicable to the BR1.

#3

Questions & Answers / Re: Changing tunnel servers

Last post by ertyu - November 04, 2025, 05:15:30 PM

When I've changed tunnel servers in the past it did involve renumbering.
I believe you can have multiple active tunnels.

[Q:]

#4

Questions & Answers / Changing tunnel servers

Last post by cshilton - November 04, 2025, 07:39:20 AM

Since I've switched ISPs from Optimum to Frontier, it's looking like my closest tunnel server has changed from New York City to Ashburn Virginia. A quick traceroute to each shows NYC at 15ms and Ashburn at about 9ms. My reason for looking into this is that last night I noticed that there was a temporary problem with my link between my VA net egress and NYC tunnel servers. My ping times to Google, Yahoo, etc, shot up to 150ms. The problem is fixed this morning. And don't take my amateur's diagnosis on the location of the problem. But, it looks like it's probably worthwhile to change.

Q: When I change tunnel servers I also have to get a new /48?

This means renumbering the network which means renumbering the handful of static assignments that I've made.

Q: Can I keep two tunnels up for a weeks or two while I shake out potential problems?

#5

General Discussion / Re: Sage T-Shirt

Last post by ertyu - November 01, 2025, 11:59:38 AM

I'm just noticing the T-Shirt feature, been a Sage a long time and never received one, although it says shipped.

#6

Questions & Answers / Seattle Packet Loss

Last post by ertyu - November 01, 2025, 11:24:10 AM

I'm seeing ~25% packet loss on some routes from Seattle tunnel server. Started about 19 hours ago.

#7

Questions & Answers / Re: BGP tunnel no longer annou...

Last post by Haveanukacola - October 30, 2025, 10:01:19 AM

Ill look in to it if I'm able too

#8

Questions & Answers / BGP tunnel no longer announcin...

Last post by sesse - October 28, 2025, 12:31:08 PM

Hi,

I have a BGP tunnel to Frankfurt, and since last Monday or so, my network seems to no longer be announced; I get lots of routes from HE, and can send out packets, but outside networks don't see my route, so I cannot get anything back. (Well, if I ping my link address for the BGP, it works just fine!)

I've tried emailing he@ipv6.net, but no response except the automatic "a case has been created". Does anyone know what's going on?

#9

Questions & Answers / HE Tunnelbroker IP's marked as...

Last post by cshilton - October 27, 2025, 01:32:37 PM

This morning I tried to look at my local brewery's event schedule. I was immediately met by a page saying that my location was not served by the brewery's web site. Since I've been an tunnelborker user for many years, my first debugging move was to turn off ipv6 on my laptop and revisit the site. At the end of the day the problem turned out to be visiting: https://app.blocky-app.com from my IPv6 address over the HE tunnel. Since I have both controls for both IP addresses and DNS lookups at my edge, it was pretty simple to reconfigure the edge so I visit this site by IPv4 only. I should also note that these block came against my /48 allocation, not the far more often plagued automatic /64.

If the claim here is that tunnelbroker IPv6 blocks were used for fraud, I can't deny that as they were ten years ago but, I today, chalk this up to simple IPv4 centric zenophobia.

I wonder if we should setup a sticky thread of similarly IPv4 centric sites?

#10

General Questions & Suggestions / Re: Updating AAAA records when...

Last post by jschmedes - October 22, 2025, 07:13:34 AM

One option is to update the AAAA records using a dynamic DNS client / API call.

https://dns.he.net/ supports dynamic AAAA records. The homepage has examples.