• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Problem resolving *.google.com

Started by davygrvy, May 13, 2011, 11:22:47 AM

Previous topic - Next topic

davygrvy

Hi,

Problem just stated this morning.  I'm using the HE.net nameserver @ 74.82.42.42 setup as a local resolver with dnsmask.  It has worked flawlessly since it was announced http://www.tunnelbroker.net/forums/index.php?topic=459.0 and I added the feature to my router.

But today, all google links are dead.  The HE.net nameserver can't resolve any google.com queries.

example:$ dig @74.82.42.42 AAAA www.google.com

; <<>> DiG 9.7.0-P1 <<>> @74.82.42.42 AAAA www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53520
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN AAAA

;; ANSWER SECTION:
www.google.com. 57315 IN CNAME www.l.google.com.

;; Query time: 26 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Fri May 13 11:13:50 2011
;; MSG SIZE  rcvd: 52


Not even an A record, either:
$ dig @74.82.42.42 www.google.com

; <<>> DiG 9.7.0-P1 <<>> @74.82.42.42 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 16303
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 56847 IN CNAME www.l.google.com.

;; Query time: 25 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Fri May 13 11:21:43 2011
;; MSG SIZE  rcvd: 52

davygrvy

Works when I force to my ISP nameserver, though.  But, I don't get any google site in IPv6 without the HE.net whitelisted nameserver (that is apparently broken)

$ dig @75.75.75.75 www.google.com

; <<>> DiG 9.7.0-P1 <<>> @75.75.75.75 www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2360
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 441525 IN CNAME www.l.google.com.
www.l.google.com. 292 IN A 74.125.224.48
www.l.google.com. 292 IN A 74.125.224.50
www.l.google.com. 292 IN A 74.125.224.49
www.l.google.com. 292 IN A 74.125.224.51
www.l.google.com. 292 IN A 74.125.224.52

;; Query time: 10 msec
;; SERVER: 75.75.75.75#53(75.75.75.75)
;; WHEN: Fri May 13 11:24:51 2011
;; MSG SIZE  rcvd: 132

broquea

#2
Not seeing an issue in Fremont, where your tunnel is:

~# dig aaaa www.google.com @74.82.42.42

; <<>> DiG 9.7.1-P2 <<>> aaaa www.google.com @74.82.42.42
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14872
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN AAAA

;; ANSWER SECTION:
www.google.com. 60400 IN CNAME www.l.google.com.
www.l.google.com. 24 IN AAAA 2001:4860:b006::93

;; Query time: 0 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Fri May 13 12:20:38 2011
;; MSG SIZE  rcvd: 80


~# dig aaaa www.google.com @2001:470:20::2

; <<>> DiG 9.7.1-P2 <<>> aaaa www.google.com @2001:470:20::2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28129
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN AAAA

;; ANSWER SECTION:
www.google.com. 60359 IN CNAME www.l.google.com.
www.l.google.com. 283 IN AAAA 2001:4860:b006::63

;; Query time: 5 msec
;; SERVER: 2001:470:20::2#53(2001:470:20::2)
;; WHEN: Fri May 13 12:21:19 2011
;; MSG SIZE  rcvd: 80


~# dig a www.google.com @74.82.42.42

; <<>> DiG 9.7.1-P2 <<>> a www.google.com @74.82.42.42
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63763
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 60275 IN CNAME www.l.google.com.
www.l.google.com. 121 IN A 74.125.224.83
www.l.google.com. 121 IN A 74.125.224.81
www.l.google.com. 121 IN A 74.125.224.82
www.l.google.com. 121 IN A 74.125.224.80
www.l.google.com. 121 IN A 74.125.224.84

;; Query time: 0 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Fri May 13 12:22:43 2011
;; MSG SIZE  rcvd: 132


~# dig a www.google.com @2001:470:20::2

; <<>> DiG 9.7.1-P2 <<>> a www.google.com @2001:470:20::2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54105
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN A

;; ANSWER SECTION:
www.google.com. 60266 IN CNAME www.l.google.com.
www.l.google.com. 112 IN A 74.125.224.83
www.l.google.com. 112 IN A 74.125.224.81
www.l.google.com. 112 IN A 74.125.224.82
www.l.google.com. 112 IN A 74.125.224.80
www.l.google.com. 112 IN A 74.125.224.84

;; Query time: 5 msec
;; SERVER: 2001:470:20::2#53(2001:470:20::2)
;; WHEN: Fri May 13 12:22:52 2011
;; MSG SIZE  rcvd: 132

davygrvy


davygrvy

Still isn't working here and I don't know what to do to debug this any further ???
$ dig @74.82.42.42 AAAA www.google.com

; <<>> DiG 9.7.0-P1 <<>> @74.82.42.42 AAAA www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21347
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN AAAA

;; ANSWER SECTION:
www.google.com. 25322 IN CNAME www.l.google.com.

;; Query time: 27 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Fri May 13 20:06:59 2011
;; MSG SIZE  rcvd: 52

davygrvy

#5
odd..  this seemed to work with dnsmasq:

--server=/google.com/2001:470:20::2

instead of the ipv4 of 74.82.42.42.  I didn't think dnsmasq supported v6 addresses for that option :)

Anyone think Comcast is deep packet filtering again?  That's my only guess as to what's happening for me

mikesampson

I'm seeing a similar problem since about 48 hours ago. I'm not using comcast and use the tserv15 endpoint. Definitely something up. I emailed support but haven't heard back yet. All my queries to he.net dns result in SERVFAIL. I have switched to my own DNS resolver but now don't get the ipv6 google services. Using he.net's ipv6 dns doesn't help in my case.


$ dig @74.82.42.42 AAAA www.google.com

; <<>> DiG 9.8.0-P1 <<>> @74.82.42.42 AAAA www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35393
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN AAAA

;; Query time: 260 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Sun May 15 19:03:15 2011
;; MSG SIZE  rcvd: 32