- Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.
News:
Welcome to Hurricane Electric's Tunnelbroker.net forums!
Recent posts
#11
IPv6 Basics & Questions & General Chatter / TunnelBroker.net domain expire...
Last post by idealneck - March 11, 2026, 05:11:12 AMSeems like HE forgot to renew their TunnelBroker.net domain :(
#12
IPv6 on Windows / Re: unreachable from outside
Last post by cnsh - March 07, 2026, 06:22:48 PMI could solve the issue by allowing edge traversal on Core Networking protocol 41 firewall rule. And, I have moved my tunnel's endpoint to a physically closer geolocation, Hongkong.
#13
IPv6 on Windows / Re: unreachable from outside
Last post by cnsh - March 01, 2026, 04:38:50 AM
I have protocol 41 Core Networking enabled, I have no idea about 41 for IPv4...
Both inbound and outbound protocol 41 rules are set.
#14
General Questions & Suggestions / Re: SOA EXPIRE number is: 3600...
Last post by dizik - February 28, 2026, 05:48:04 AMThank you.
#15
General Questions & Suggestions / Re: SOA EXPIRE number is: 3600...
Last post by snarked - February 28, 2026, 01:25:10 AMThat DNS checker believes that the expire value should be between 2 to 4 weeks (14 to 28 days) per RFC 1912 section 2.2 (now 30 years old) which merely SUGGESTS the range. 1000 hours is 41 days 16 hours. I personally use 5 weeks (35 days), which it doesn't like either. I prefer to have a handful of days beyond 1 full month in case I'm having a hardware problem which requires buying replacement equipment.
The only TTL-type value I use in excess of 5w is for RFC-fixed values defined as constant such as (e.g.):
localhost. 13w IN AAAA ::1
localhost. 13w IN A 127.0.0.1
13 weeks is 91 days, or about 3 standard months, or a quarter of one year. A maximum TTL of 136.1+ years is overkill.
The minimum (negative cache) value should be close to the retry value for zones which are either dynamic or manually changed often, if not less. Exceeding (half of) the refresh value is definently bad.
Don't read too much into warnings. It's just the tool's opinion.
The only TTL-type value I use in excess of 5w is for RFC-fixed values defined as constant such as (e.g.):
localhost. 13w IN AAAA ::1
localhost. 13w IN A 127.0.0.1
13 weeks is 91 days, or about 3 standard months, or a quarter of one year. A maximum TTL of 136.1+ years is overkill.
The minimum (negative cache) value should be close to the retry value for zones which are either dynamic or manually changed often, if not less. Exceeding (half of) the refresh value is definently bad.
Don't read too much into warnings. It's just the tool's opinion.
#16
IPv6 on Windows / Re: unreachable from outside
Last post by snarked - February 28, 2026, 12:52:08 AMIn your firewall, do you allow protocol 41 (ipv6) for IPv4 packets? If not, that's (most likely) the problem.
#17
General Questions & Suggestions / SOA EXPIRE number is: 3600000....
Last post by dizik - February 26, 2026, 07:22:31 AMHello.
I checked my domain with Google: https://intodns.com/ and the check showed two warnings.
1. SOA EXPIRE. Your SOA EXPIRE number is: 3600000. That's NOT OK.
2. SOA MINIMUM TTL. Your SOA MINIMUM TTL value is: 172800. This value seems a bit high. You should consider decreasing this value to about 1-3 hours, as recommended by RFC2308. This value was used as a default TTL for records without a given TTL value and is now used for negative caching (indicates how long a resolver may cache the negative answer). RFC2308 recommends a value of 1-3 hours.
I can't fix these warnings. This is an automatically created record. What can I do? Just accept it? Or will you fix them according to RFC2308 recommendations?
I checked my domain with Google: https://intodns.com/ and the check showed two warnings.
1. SOA EXPIRE. Your SOA EXPIRE number is: 3600000. That's NOT OK.
2. SOA MINIMUM TTL. Your SOA MINIMUM TTL value is: 172800. This value seems a bit high. You should consider decreasing this value to about 1-3 hours, as recommended by RFC2308. This value was used as a default TTL for records without a given TTL value and is now used for negative caching (indicates how long a resolver may cache the negative answer). RFC2308 recommends a value of 1-3 hours.
I can't fix these warnings. This is an automatically created record. What can I do? Just accept it? Or will you fix them according to RFC2308 recommendations?
#18
IPv6 on Windows / Re: unreachable from outside
Last post by cnsh - February 24, 2026, 02:59:22 AMLittle update.
I knocked all firewalls down and then the port was reachable. (IPv4 host is reachable even when the firewall is up)
Wondering where I can make IPv6 firewall rules follow the ones of IPv4.
+ The IPv6 and Neighborhood Discovery Core Networking in advanced firewall is also enabled.
I knocked all firewalls down and then the port was reachable. (IPv4 host is reachable even when the firewall is up)
Wondering where I can make IPv6 firewall rules follow the ones of IPv4.
+ The IPv6 and Neighborhood Discovery Core Networking in advanced firewall is also enabled.
#19
IPv6 on Windows / unreachable from outside
Last post by cnsh - February 24, 2026, 02:52:33 AMI have set up an IPv6 tunnel, but cannot ping from outside, and cannot access open ports from outside.
Both ping and port scan works over IPv4, but IPv6 doesn't.
I'm using Frankfurt endpoint.
It's not my ISP's issue as they themselves have IPv6 services.
Both ping and port scan works over IPv4, but IPv6 doesn't.
I'm using Frankfurt endpoint.
It's not my ISP's issue as they themselves have IPv6 services.
#20
General Questions & Suggestions / Does not work site dns.he.net
Last post by worknd - February 02, 2026, 01:18:46 AMI can not get access to site dns.he.net