Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Pages: 1 [2] 3 4 ... 10
 11 
 on: February 10, 2020, 06:59:27 PM 
Started by JulianR.B - Last post by tjeske
Weird. How would the Draytek know where it should pass proto 41 to?

Maybe there's some 6rd or teredo/miredo going on in your network? What's your public IPv6 address? (you can find out by visiting ip6.me)

 12 
 on: February 10, 2020, 03:48:17 PM 
Started by kcochran - Last post by kcochran
The public recursors at 74.82.42.42 / 2001:470:20::2 / ordns.he.net now also support DNS over TLS (DoT) and DNS over HTTPS (DoH) for those who wish to use those interfaces.

How to adjust your applications or local resolver to use that functionality is very dependent on what you're using, so please check with your software's documentation if you decide to use the DoT/DoH access to the recursors.

 13 
 on: February 10, 2020, 02:21:04 PM 
Started by RGK1 - Last post by RGK1
Given my experience with Comcast throttling my proto 41 traffic on HE tunnel out of Chicago, I wouldn't expect his issue to be related to the tserv.

Hey thanks, @kritenetworks

I believe that virgin media and comcast use similar routers made by arius which may be to do with the routing but as your isp decides the route you take, would there be anyway to disguise the use of protocol 41 from the isp/router?

Many Thanks

Ryan


 14 
 on: February 10, 2020, 02:10:05 PM 
Started by eancode - Last post by kcochran
The registrars do their check in regards to ensure there's no lame delegation: a technical check.

We require it to ensure the assignee intends for the zone to be hosted here: a security check.

As there's no other means of indicating at the registrar that the zone should be here, we're left with a conflict.

 15 
 on: February 10, 2020, 12:46:38 PM 
Started by eancode - Last post by tjeske
This deadlock situation has been an issue with HE for a long time. In theory, HE is supposed to enable zone data first before registrar starts the delegation. However, HE does an automatic check if the registrar actually allows the delegation. Now if the registrar is conforming to the strict model, then it waits for HE to create the zone first. So as you said, hen-and-egg-deadlock. That's why I don't and can't use HE for DNS management.

Didn't know they enable it on request.

 16 
 on: February 10, 2020, 10:21:23 AM 
Started by hucste - Last post by hucste
Hi,
I attempt to add new slave zone DNS.
I manage the domain "stephane-huc.net", on OpenBSD, @home, with nsd, as:

Code: [Select]
$ grep -v '^;' /etc/ns/stephane-huc.net
$TTL 1H
$ORIGIN stephane-huc.net.
@   IN SOA  ns1.stephane-huc.net. postmaster.stephane-huc.net. (
    202002102 ;
    1D  ; refresh
    1H  ; retry
    2W  ; expire
    1H  ; negative
)

@   IN NS   ns1.stephane-huc.net.
@   IN NS   ledzep.ybad.name.
@   IN NS   slave.dns.he.net.

ns1 IN A    88.136.16.221
ns1 IN AAAA 2001:470:cc33:47:c107:b5d:0:3

@   IN  MX  5 mx.lautre.net.
@   IN  MX  10 mx3.lautre.net.

@   IN A    80.67.160.70
blog    IN A    80.67.160.70
ecrits  IN A    80.67.160.70
en  IN A    80.67.160.70
mail    IN A    80.67.160.70
www IN A    80.67.160.70

autoconfig  IN  CNAME   panel.lautre.net.
autodiscover    IN  CNAME   panel.lautre.net.

@   IN CAA  0 iodef "mailto:postmaster@stephane-huc.net"
@   IN CAA  0 issue "letsencrypt.org"
@   IN CAA  0 issuewild "letsencrypt.org"

@   IN  TXT "v=spf1 a mx include:spf.lautre.net ~all"
_dmarc  IN TXT    "v=DMARC1;p=none;pct=100;rua=mailto:postmaster@stephane-huc.net;"

_443._tcp.stephane-huc.net. IN TLSA 3 1 2 48295c1605d5ae91d40b536f4188bbf242efd28baaf425fc476a1324e1d0aa69fcfc3c77a7d4a8eda4f0e910fef827b5a58a89dd6d7dbd40cc1d6a6b5d035a70

As you see, "slave.dns.he.net" in on the zone.

And the nsd config file is:

Code: [Select]
# grep -v '^#' /var/nsd/etc/nsd.conf
server:
   hide-version: yes
   verbosity: 1
   database: "" # disable database

remote-control:
   control-enable: yes
   control-interface: /var/run/nsd.sock
key:
    name: "kshn"
    algorithm: hmac-sha512
    secret: "***********"
zone:
    name: "stephane-huc.net"
    zonefile: "signed/stephane-huc.net"
    #zonefile: "zones/master/stephane-huc.net"
    # yeuxdelibad/ybad.name
    notify: 93.6.177.187 kshn
    provide-xfr: 93.6.177.187 kshn
    # slave.dns.he.net
    notify: 216.218.133.2 NOKEY
    provide-xfr: 216.218.133.2 NOKEY
    notify: 2001:470:600::2 NOKEY
    provide-xfr: 2001:470:600::2 NOKEY
    # ns6.gandi.net
    notify: 217.70.177.40 NOKEY
    provide-xfr: 217.70.177.40 NOKEY

"NOKEY" specifies "NO TSIG"; and as you can see/read, I notify and provide xfr at the IPv4|6 adresses.

But, when I attempt to add as new slave into the web admin of HE, the system reply with:
You must delegate to one or more of the slave nameservers.----
----
Any idea/suggestion?!
----
Here, dig replies:

Code: [Select]
$ dig SOA stephane-huc.net @ns1.stephane-huc.net

; <<>> DiG 9.11.14-3-Debian <<>> SOA stephane-huc.net @ns1.stephane-huc.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42445
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;stephane-huc.net.        IN    SOA

;; ANSWER SECTION:
stephane-huc.net.    3600    IN    SOA    ns1.stephane-huc.net. postmaster.stephane-huc.net. 1581321072 86400 86400 1209600 3600

;; AUTHORITY SECTION:
stephane-huc.net.    3600    IN    NS    ns1.stephane-huc.net.
stephane-huc.net.    3600    IN    NS    slave.dns.he.net.
stephane-huc.net.    3600    IN    NS    ledzep.ybad.name.

;; ADDITIONAL SECTION:
ns1.stephane-huc.net.    3600    IN    AAAA    2001:470:cc33:47:c107:b5d:0:3
ns1.stephane-huc.net.    3600    IN    A    88.136.16.221

;; Query time: 1 msec
;; SERVER: 2001:470:cc33:47:c107:b5d:0:3#53(2001:470:cc33:47:c107:b5d:0:3)
;; WHEN: lun. févr. 10 18:18:43 CET 2020
;; MSG SIZE  rcvd: 211

$ dig NS stephane-huc.net @ns1.stephane-huc.net

; <<>> DiG 9.11.14-3-Debian <<>> NS stephane-huc.net @ns1.stephane-huc.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60361
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;stephane-huc.net.        IN    NS

;; ANSWER SECTION:
stephane-huc.net.    3600    IN    NS    ns1.stephane-huc.net.
stephane-huc.net.    3600    IN    NS    slave.dns.he.net.
stephane-huc.net.    3600    IN    NS    ledzep.ybad.name.

;; ADDITIONAL SECTION:
ns1.stephane-huc.net.    3600    IN    AAAA    2001:470:cc33:47:c107:b5d:0:3
ns1.stephane-huc.net.    3600    IN    A    88.136.16.221

;; Query time: 0 msec
;; SERVER: 2001:470:cc33:47:c107:b5d:0:3#53(2001:470:cc33:47:c107:b5d:0:3)
;; WHEN: lun. févr. 10 18:19:01 CET 2020
;; MSG SIZE  rcvd: 164

$ dig SOA stephane-huc.net @ledzep.ybad.name

; <<>> DiG 9.11.14-3-Debian <<>> SOA stephane-huc.net @ledzep.ybad.name
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61342
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;stephane-huc.net.        IN    SOA

;; ANSWER SECTION:
stephane-huc.net.    3600    IN    SOA    ns1.stephane-huc.net. postmaster.stephane-huc.net. 2020020916 86400 86400 1209600 3600

;; AUTHORITY SECTION:
stephane-huc.net.    3600    IN    NS    ns1.stephane-huc.net.
stephane-huc.net.    3600    IN    NS    slave.dns.he.net.
stephane-huc.net.    3600    IN    NS    ledzep.ybad.name.

;; ADDITIONAL SECTION:
ns1.stephane-huc.net.    3600    IN    A    88.136.16.221
ns1.stephane-huc.net.    3600    IN    AAAA    2001:470:cc33:47:c107:b5d:0:3

;; Query time: 49 msec
;; SERVER: 93.6.177.187#53(93.6.177.187)
;; WHEN: lun. févr. 10 19:19:57 CET 2020
;; MSG SIZE  rcvd: 211

$ dig NS stephane-huc.net @ledzep.ybad.name

; <<>> DiG 9.11.14-3-Debian <<>> NS stephane-huc.net @ledzep.ybad.name
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26688
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;stephane-huc.net.        IN    NS

;; ANSWER SECTION:
stephane-huc.net.    3600    IN    NS    ns1.stephane-huc.net.
stephane-huc.net.    3600    IN    NS    slave.dns.he.net.
stephane-huc.net.    3600    IN    NS    ledzep.ybad.name.

;; ADDITIONAL SECTION:
ns1.stephane-huc.net.    3600    IN    A    88.136.16.221
ns1.stephane-huc.net.    3600    IN    AAAA    2001:470:cc33:47:c107:b5d:0:3

;; Query time: 51 msec
;; SERVER: 93.6.177.187#53(93.6.177.187)
;; WHEN: lun. févr. 10 19:20:06 CET 2020
;; MSG SIZE  rcvd: 164


 17 
 on: February 07, 2020, 02:38:02 AM 
Started by eancode - Last post by eancode
I decided to contact the dnsadmin @ he and they enabled the delegation so I was able to complete the registration process with RIPE.

 18 
 on: February 05, 2020, 09:01:06 PM 
Started by Hexhu - Last post by Hexhu
Wow that's very nice of HE!
Thanks!

 19 
 on: February 05, 2020, 10:07:28 AM 
Started by JulianR.B - Last post by JulianR.B
Definitely have IPv6 access as I disabled IPv6 for the adaptor in the Linux box and have access to an IPv6 only website when the tunnel-broker is up and don't have access when it's down.

I never enabled proto 41 in the Draytec. Initially it did not work when I used my public IP address of the router but then changed to using my local IPv4 address (192.168.xxx.xxx) as it suggests in the setup guide and it all started working. So I assumed proto 41 is being passed.

 20 
 on: February 05, 2020, 09:49:05 AM 
Started by JulianR.B - Last post by tjeske
I don't know...if the tunnel works in general and you can access IPv6 resources (are you really sure about that???), then the Draytek seems to pass proto 41 successfully. Why it doesn't work in DMZ, no idea. How did you make the Draytek to forward proto 41 to your linux box?

Pages: 1 [2] 3 4 ... 10