• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Guru Level Test failing using HE's DNS?

Started by cessnaflyer, June 04, 2010, 06:08:43 PM

Previous topic - Next topic

cessnaflyer

My domains NS records currently point to ns[1-5].he.net, yet I can't seem to pass the Guru level test with the error "Couldn't get AAAA for NS".

Using HE's anycast DNS server, I see the following for my domain:

$ dig ip6.jameshamilton.us NS @2001:470:20::2

; <<>> DiG 9.6.2-P2-RedHat-9.6.2-4.P2.fc12 <<>> ip6.jameshamilton.us NS @2001:470:20::2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6427
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 9

;; QUESTION SECTION:
;ip6.jameshamilton.us.          IN      NS

;; ANSWER SECTION:
ip6.jameshamilton.us.   210771  IN      NS      ns4.he.net.
ip6.jameshamilton.us.   210771  IN      NS      ns2.he.net.
ip6.jameshamilton.us.   210771  IN      NS      ns5.he.net.
ip6.jameshamilton.us.   210771  IN      NS      ns1.he.net.
ip6.jameshamilton.us.   210771  IN      NS      ns3.he.net.

;; ADDITIONAL SECTION:
ns4.he.net.             40906   IN      A       216.66.1.2
ns5.he.net.             40906   IN      A       216.66.80.18
ns3.he.net.             40906   IN      A       216.218.132.2
ns3.he.net.             40906   IN      AAAA    2001:470:300::2
ns4.he.net.             40906   IN      AAAA    2001:470:400::2
ns2.he.net.             40906   IN      A       216.218.131.2
ns1.he.net.             40906   IN      A       216.218.130.2
ns5.he.net.             40906   IN      AAAA    2001:470:500::2
ns2.he.net.             40906   IN      AAAA    2001:470:200::2

;; Query time: 34 msec
;; SERVER: 2001:470:20::2#53(2001:470:20::2)
;; WHEN: Fri Jun  4 20:57:18 2010
;; MSG SIZE  rcvd: 326


Am I getting fouled up because ns1.he.net doesn't have a AAAA record, or is there something cached incorrectly that I can't see?

Thanks for any help!

It makes perfect sense that every household should have its own /48 once IPv6 is more widely used.  After all, it's not like we'll run out of IP addresses... again.

broquea

Either negative caching, or the ip6 is trimmed off

~$ dig jameshamilton.us NS

; <<>> DiG 9.4.2-P2.1 <<>> jameshamilton.us NS
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50015
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4

;; QUESTION SECTION:
;jameshamilton.us.              IN      NS

;; ANSWER SECTION:
jameshamilton.us.       7190    IN      NS      ns1.mydomain.com.
jameshamilton.us.       7190    IN      NS      ns3.mydomain.com.
jameshamilton.us.       7190    IN      NS      ns2.mydomain.com.
jameshamilton.us.       7190    IN      NS      ns4.mydomain.com.

;; ADDITIONAL SECTION:
ns4.mydomain.com.       1790    IN      A       63.251.83.74
ns1.mydomain.com.       1790    IN      A       64.94.117.193
ns2.mydomain.com.       1790    IN      A       64.94.31.67
ns3.mydomain.com.       1790    IN      A       66.150.161.137


cessnaflyer

Ok, I think I know part of the reason I had been failing: the test was running against what I put in for my webserver, www.ip6.jameshamilton.us:8086.  If I trim off the www and the port number, I can get the first part (AAAA records for the NS) to report Success.  However, the second part, NS reachable via IPv6, still fails.  (Screenshot attached for maximum clarity.)

It makes perfect sense that every household should have its own /48 once IPv6 is more widely used.  After all, it's not like we'll run out of IP addresses... again.

cessnaflyer

I gave up on my cheap, IPv6-unfriendly registrar and registered a new domain with a cheaper-yet-friendlier registrar that allowed me to register the glue records I needed for the Sage test.  (I would have failed that anyway, even if this problem had been solved.)

It makes perfect sense that every household should have its own /48 once IPv6 is more widely used.  After all, it's not like we'll run out of IP addresses... again.