Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  


Welcome to Hurricane Electric's forums!

Pages: 1 ... 8 9 [10]
 on: December 08, 2019, 08:22:29 AM 
Started by holgermarzen - Last post by broquea
No plans for 6in6 tunnels or getting rid of ICMP check. The goal is native IPv6. If the native IPv6 you get isn't what you want, ideally you can shop around or see if they have pricing on static options.

 on: December 08, 2019, 07:23:31 AM 
Started by holgermarzen - Last post by holgermarzen
More and more providers offer DS-Lite only since they run out auf ipv4 addresses. With such a connection I have native ipv6 but no fixed prefix that's needed for running a private server (dyndns is more a problem than a solution).

So there is some demand (e.g. by me :) ) to run tunnels from a DS-Lite connection. Unfortunately by now tunnels need a pingable ipv4 adress.

Is there any solution planned or is there a workaround besides getting an ipv4 tunnel with a fixed address anywhere?

 on: December 08, 2019, 05:10:31 AM 
Started by deags - Last post by rahulparekh
@Kasper Dupont - I am impressed with your public DNS64+NAT64 service! Thanks

 on: December 04, 2019, 04:21:23 PM 
Started by thekrugers - Last post by engyak
I can confirm it's now fixed - thekrugers, you will probably need to reset to explorer as well - it wouldn't take without it for me.

 on: December 04, 2019, 02:18:21 PM 
Started by thekrugers - Last post by kcochran
This should be fixed.  If you still see the error, you may need to reset down to Explorer level by visiting

 on: December 03, 2019, 04:57:53 PM 
Started by cdanis - Last post by kumowoon1025
Many name server hosting providers will have a way to "purge cache" either automated or by submitting a ticket. Google for example.

But also there's nothing that stops you from having more than one authoritative ns for a domain, so as long as you have NS delegation records for ns1, ns2, ... at the root in addition to what you have now, you should be able to add your domain as primary. There still may be some interruption if you don't replicate the RRs by hand quickly, so it would be better to add it as a slave, and when the records are automatically replicated, convert it to primary (kind of like "promoting") and remove the old NS records after everything is working, but this would require the current DNS provider to allow axfr, may be issues if your domain is DNSSEC signed, etc.

 on: December 03, 2019, 03:00:30 PM 
Started by deags - Last post by kasperd
I don't know if the A&A NAT64 was a public NAT64 at some point. But these days it's not. Even for their own customers the NAT64 was not particular reliable, which I find a bit odd for an otherwise excellent ISP.

Of still operational public NAT64s I knew of only and of which the TREX NAT64 was the most reliable even though it only had a single NAT64 prefix compared to the four which Go6lab has.

I eventually wrote a health checker that one can run along with a BIND DNS server to achieve redundancy across multiple NAT64 prefixes:

Finally I took this futher and implemented my own public DNS64+NAT64 service:

Unlike the others I have redundancy across four geographical locations and two hosting providers. Each of my DNS64 health checks the NAT64 prefixes to ensure it's handing out AAAA records for NAT64s that are operational.

Unlike other NAT64 mine does not let you completely hide your real IPv6 address. I hope that will help prevent abuse. I also have a few other tricks up my sleeve to deal with abuse.

 on: November 30, 2019, 01:41:19 AM 
Started by shirakun - Last post by skyblack
I have the same problem: "Status: Pending" and Prefix with "No auth on file"

I send loa through e-mail like for review
But I didn't get any reply.

How log does it normaly take to setup BGP after sending the LOA and can I check if something is wrong with my IRR?


 on: November 29, 2019, 03:10:18 PM 
Started by thekrugers - Last post by engyak
Retried on both my /64 and /48 (allocated by

Reset to explorer, made it back to Administrator without any mail transfer is working...

Still getting "unable to find MX for domain," which is odd, because my postfix server is receiving emails from without any issues.

Whatever it is, it's failing quickly. I guess we'll wait and see on our respective support tickets...

 on: November 29, 2019, 08:23:59 AM 
Started by cdanis - Last post by cdanis
I'm in the middle of moving one of my DNS zones from another provider onto

However, it looks like the old NS and SOA records have quite a long TTL (1 day), and I can't do anything to decrease the TTL at the old provider.

These records seem to have been cached by HE.  So now, despite the authoritative servers for the TLD serving the new delegation, I'm still unable to get HE to serve the zone, which means my site is down.

It'd be really really nice if there was a way to ask HE to ignore its cache of such records when re-checking delegation, to avoid this scenario.

Pages: 1 ... 8 9 [10]