• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

IPv6 glue test impossible with afraid.org domains?

Started by miloszgancarz, August 03, 2009, 12:52:39 PM

Previous topic - Next topic

jimb

Quote from: dielaughing on August 09, 2009, 01:27:23 AM
This is one of those things that makes me angry because it wastes my time. IF IT IS IMPOSSIBLE TO USE AFRAID.ORG YOU NEED TO STATE THAT IN BIG FREAKING WORDS ON YOUR HOME PAGE! Otherwise you are real jerks wasting lots of people's time. Time to chalk he.net as another horribly stupid site with an eye bleeding design. Your language is vague, your directions are incomplete, and you are underhandedly biasing people against IPv6. TRY AND MAKE IT MORE DIFFICULT, WHY DON'T YOU. I mean, sheesh, life is hard enough without unnecessarily complicating things. EPIC FAILURE. >:(
IMHO, I'm grateful that HE is providing the tunnels, this forum, and the certification tests, which are both very useful, fun, and do I even need to mention, free?

Part of the fun of doing the certification is actually learning about IPv6 and configuring and operating services in a v6 environment.  It's not HE's place to handhold people through the process.  I suggest you google "DNS glue records" and try to understand what it means. 

Do you really expect HE to provide some sort of list of registrars that support v6 glue?  It would be ridiculous to ask them.  And it's not their job, it's yours.  Google is your friend here too.  (suggestion: godaddy supports it, at least under the .cc TLD, others?  Find out!  Do your homework!)  Perhaps there should be a sticky thread listing these to help out a bit (if there isn't one already), but HE should have no obligation to come up with the list themselves.

Honestly, the cert process shouldn't be very difficult to anyone with a bit of systems and/or network administration experience.  Most things, particularly DNS glue, work the same way it does under IPv4.  So it should be familiar.  For "curious users" or students, well, there's obviously a learning curve.  But that's sort of the point, isn't it?  Google, wikipedia, etc, etc, are there for you.

I realize that your post was probably made whilst experiencing immense frustration, but a post like yours isn't just looking a gift-horse in the mouth, it's kicking it.  Perhaps you should take after your nick a bit more, and not take this stuff quite so seriously?

dielaughing

Your requirements are false, your use of terms like "end point" only serves to create useless, redundant, and confusing jargon, and I ALREADY KNOW EVERYTHING ABOUT IPv6! I'm flat out calling your methods frustratingly retarded. I'm not angry because I don't understand. I'm angry because you are calling your stupid tutorial quiz a "certification test". While it might be great for noobs, you site design is so bad, so thoroughly counterintuitive, that it just pisses me off. Taking you at your word, following the requirements, will not suffice to complete the exam. Go back and read the "All you need" part and contrast that with the actual records you are trying to retrieve. Ah ha! Maybe you should point out either exactly what you seek, or fix the tragic clusterf**k that is your site design and requirement information. I know you won't because this is just a giant social engineering experiment to scrape a bunch of info from the witless masses. You get that when they sign up. You don't need them to complete it. That would only cost you money. You have a financial interest in keeping it as f**king lame as it is now.

jimb


broquea

#18
If you have any positive constructive criticism now is the time to share. We're always more than happy to listen to suggestions and work to implement changes for the better. Also if you need help getting beyond Explorer, please feel free to ask for help or advice. We're absolutely willing to help anyone that is stuck, especially those that know everything about IPv6 like configuring web-servers. In point, we're also working on some presentations (video, and not outright walk-throughs) about the certification program that will contain some explanation about each level, and how to progress.

If you are truly this upset and reconciliation appears impossible, and would like to no longer participate in the certification program and tunnelbroker.net, you can ask us to close out the account and remove all personal information. We will honor such a request. If this is just honest to goodness trolling, then I don't feel a need to continue this discussion, and won't.

dataless

Quote from: dielaughing on August 09, 2009, 05:03:09 AM
Your requirements are false, your use of terms like "end point" only serves to create useless, redundant, and confusing jargon, and I ALREADY KNOW EVERYTHING ABOUT IPv6! I'm flat out calling your methods frustratingly retarded. I'm not angry because I don't understand. I'm angry because you are calling your stupid tutorial quiz a "certification test". While it might be great for noobs, you site design is so bad, so thoroughly counterintuitive, that it just pisses me off. Taking you at your word, following the requirements, will not suffice to complete the exam. Go back and read the "All you need" part and contrast that with the actual records you are trying to retrieve. Ah ha! Maybe you should point out either exactly what you seek, or fix the tragic clusterf**k that is your site design and requirement information. I know you won't because this is just a giant social engineering experiment to scrape a bunch of info from the witless masses. You get that when they sign up. You don't need them to complete it. That would only cost you money. You have a financial interest in keeping it as f**king lame as it is now.

Wow, you need to try and relax some...

The "Certification" is an unofficial process where people can basically prove to themselves they understand and can work with IPv6 technology.  To complete the tests you need to be able to complete a number of tasks, one of them is the test you seem to be so upset about.  The test is not there to make you mad, it's there to help you understand more about IPv6.  If your registrar doesn't support IPv6 glue contact them and ask them to add support.  Do some research on IPv6 glue and see who does and does not support it.

Like any type of training or certification HE seeks to help people understand IPv6 from top to bottom and encourage the growth of the system.  You say you fully understand IPv6, that's great.  Not everyone does when they first get here and they can learn a lot from the system.  The certification isn't going to get you an extra 10k a year at your job or anything, so why stress it?

Is this site the most interesting looking one I have ever seen?  No, not even close.  But it is very functional and fast.  It gets the job done, I'm glad they didn't spend all the time and effort on making it pretty and worked on it's functionality instead.  I have yet to find another Tunnel Broker in the US that allows you to create an account and setup a tunnel in under 5 minutes.  But not all services are for all people, nobody is forcing you to use HE, if you do not like them then do not use them.

HE has the ability to get a lot of useful data from their IPv6 tunnel system.  Take for example the daily tests where people send in traceroutes, pings and other information.  It bumps your cert numbers but more importantly for them it helps them log valuable data about their network.  What other providers do and do not have IPv6 support, how well does HE's peering allow access to networks around the world, what kind of speeds do you get around the world, etc. It's a win win system, I as the user of HE's tunnel service learn how to work with IPv6 and they improve their network at the same time.

How much money do you think HE spends on these free services they provide us?  Don't you think they are due something in return?  I salute HE and any Tunnel Broker for helping the Internet community test and grow the IPv6 system.  It's enthusiast that made the Internet what it is today, and that very same type of person is what is needed to drive IPv6 expansion.

The bottom line is HE is doing this on their dime, they are spending resources on something to try and help people understand and expand IPv6.  If the hand out isn't up to your standards, go look for someone else to spend their money to give you something for free the way you want to receive it.  When you spend your money for a service like this then you can complain about it.  Until that day comes either accept the free service or move on, there is no need to bash HE or any other service provider because your registrar isn't up to par.

snarked

I don't see how a domain under the .COM TLD would have glue records for afraid.org (since the latter is under the .ORG TLD).  PIR does implement IPv6 glue in the .ORG TLD.

Being IPv6 reachable and having IPv6 glue are separate things.

If you want an IPv6 reachable free DNS service in .ORG, try Xname.  Its "ns2" has IPv6 glue.

leenoux

that's true, .com TLD cannot have glue record for *.afraid.org or any sub.domain.org.
in my real practise i cannot add out-of-zone ns with host(a/aaaa) record on registrar.but i can add them as authoritative ns.
*.afraid.org is just  a zones, any NS on different TLD(with ipv6 glue on its own zone) can be authoritative for *.afraid.org zones.

CMIIW


yorick

Quote from: snarked on August 09, 2009, 12:07:33 PM
Being IPv6 reachable and having IPv6 glue are separate things.

Yes.

Quote from: snarked on August 09, 2009, 12:07:33 PM
I don't see how a domain under the .COM TLD would have glue records for afraid.org (since the latter is under the .ORG TLD).  PIR does implement IPv6 glue in the .ORG TLD.

Well, I feel like a broken record at this point, so I'll just point these out - some fiddling and hitting the "Sage" test button will show you what I'm talking about:

- Think out-of-bailiwick - think NS record on your subdomain - you're not going to use the afraid.org name servers for anything but delivering your NS record. What matters is what .TLD your NS is under, since that's where the Sage test does its glue checking.
- I finished Sage on this account with yorick.mooo.com (hosted by afraid.org) and an out-of-bailiwick NS on a .com I own. I tried finishing it with an out-of-bailiwick subdomain on v6ns.org, but that failed because of lack of glue.


snarked

QuoteI tried finishing it with an out-of-bailiwick subdomain on v6ns.org, but that failed because of lack of glue.
There shouldn't be any glue as your domain is a .com and your name servers are .org.

Glue isn't merely an additional record that provides an address for a name server.  Glue is the provision of an address for a name server that exists in the ZONE it is serving that would be unreachable if it weren't for the glue record itself.


jimb

I noticed a few people mentioned on here that the glue records are kept on registrar's name servers for a given TLD.

I've always been under the impression that the registrars just submitted these host/glue records to whoever actually maintained the master name servers for a particular TLD via a back channel/process of some type.  Then they'd be distributed via normal DNS processes or whatever.

Is this a false impression?  Perhaps the registrars themselves all run servers for the TLDs they participate in, in a distributed fashion, and have some process whereby the can all enter the glue and domains, etc, into the TLD zone master servers? 

I guess I'm curious how things work at that level.  Of course it could also vary by TLD.

Also, nostalgia:  anyone remember the times when one would have to submit new domain requests and/or host record requests to NIC.DDN.MIL or hostmaster@internic.net via emailed templates?  :P

yorick

Quote from: jimb on August 10, 2009, 04:43:36 PM
I noticed a few people mentioned on here that the glue records are kept on registrar's name servers for a given TLD.

I've always been under the impression that the registrars just submitted these host/glue records to whoever actually maintained the master name servers for a particular TLD via a back channel/process of some type.  Then they'd be distributed via normal DNS processes or whatever.

Kept on the registry's, not registrar's, name servers for a given TLD.

So, yes, you are right: Glue is a host record for your NS kept by "whoever maintains the authoritative name servers for a particular TLD" - the registry for that TLD.

yorick

Quote from: snarked on August 10, 2009, 01:18:49 PM
QuoteI tried finishing it with an out-of-bailiwick subdomain on v6ns.org, but that failed because of lack of glue.
There shouldn't be any glue as your domain is a .com and your name servers are .org.

Oh, blood and shale. Snarked, we're running in circles. This isn't about what should be, it's about what is. Specifically, it's about how the Sage test behaves. From a functional perspective, sure, you are right - v6ns.org's NS is AAAA reachable with ipv6 glue at .org, it has the AAAA records for ns1.sub.v6ns.org, and therefore the "ipv6 chain" is not broken, and everyone should go home happy.

Except, this is about what Sage tests for - and it tests for a AAAA record for your NS at the TLD, whether you're in-bailiwick or out-of-bailiwick, whether your NS is reachable purely through v6 by other means or whether it is not. Doesn't matter to the Sage test.

Do me a favor - just test it. Start a cert process with a domain hosted on afraid.org - use something not ending in .org for giggles - then set out-of-bailiwick NS from yoursub.v6ns.org, and see how the tests behave. You'll pass Guru and be stuck at Sage.

Railing against that with "shoulds" is not very useful, in my book - that doesn't get the job done. The job in this case is to pass Sage. And that's what I aim to provide advice for.

snarked

I'm not saying that there isn't a problem with an IPv6-only DNS walk that is required to pass the test.

However, the cause is NOT due to IPv6 glue records.  The cause is not having DNS servers with IPv6 addresses (which need NOT be glue records).  When the target zone is under a different TLD than the TLD(s) of the name servers that serve it, glue records don't exist (by definition).

yorick

Quote from: snarked on August 11, 2009, 11:01:12 AM
However, the cause is NOT due to IPv6 glue records.  The cause is not having DNS servers with IPv6 addresses (which need NOT be glue records).  When the target zone is under a different TLD than the TLD(s) of the name servers that serve it, glue records don't exist (by definition).

Well, hmm, no? The DNS Servers still have AAAA records, and IPv6 addresses - needed for Guru. And that works fine.

As for out-of-bailiwick not having glue records by definition - whelp, that depends on what your definition of the word "is" is. Heh. In an ipv4 world, sure, you're right. In an IPv6 world, it's all about that unbroken v6 chain - so maybe "glue" isn't really the right term, and we should just call it a TLD AAAA host record - but then, that's a mouthful, and v6 glue is easier to say.

At any rate, that is what Sage tests for - the AAAA host record existing at the TLD level, whether you're in, out or between bailiwicks.

I think I'll rest my case, now.

jimb

Quote from: yorick on August 11, 2009, 03:59:05 AM
Quote from: jimb on August 10, 2009, 04:43:36 PM
I noticed a few people mentioned on here that the glue records are kept on registrar's name servers for a given TLD.

I've always been under the impression that the registrars just submitted these host/glue records to whoever actually maintained the master name servers for a particular TLD via a back channel/process of some type.  Then they'd be distributed via normal DNS processes or whatever.

Kept on the registry's, not registrar's, name servers for a given TLD.

So, yes, you are right: Glue is a host record for your NS kept by "whoever maintains the authoritative name servers for a particular TLD" - the registry for that TLD.
Ah.  Maybe I misread registry as registrar.  Thanks for clearing it up for me.