• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Two new levels available.

Started by broquea, November 19, 2008, 08:36:51 PM

Previous topic - Next topic

broquea

We've revamped some stuff, and have added two new levels to attain for your entertainment:

Explorer - The Enthusiast level (consisting of IPv6 HTTP Client and Server tests) has been split into the Explorer (HTTP Client test) and Enthusiast (HTTP Server test) levels. This should allow many people stuck at NewB to move up who can view IPv6 enabled websites, but don't have an IPv6 webserver running yet.

Sage - This tests for IPv6 glue on the nameservers that are authoritative for your domain.

Anyone that has already gone beyond Enthusiast will be able to take the explorer test to get credit/score. Sage is available if you have completed Guru.

And as always, if you encounter an issue, please email ipv6@he.net

broquea

Clarification on the Sage exam. We look for host records on the TLD servers themselves (with a direct query) for the AAAA of your domain's authoritative name servers. We see this available from a few registrars that we've sampled, like GoDaddy and NetSol (just to name larger ones). Obviously we have a bunch of Sage certs issued, so it appears users can accomplish this.

snarked

Sage - question:  Does it require that at least ONE of the DNS servers be IPv6 reachable, or ALL?

It appears that your tests are looking for ALL.

broquea

Quote from: snarked on November 23, 2008, 02:13:51 PM
Sage - question:  Does it require that at least ONE of the DNS servers be IPv6 reachable, or ALL?

It appears that your tests are looking for ALL.

We're looking for 1 nameserver with an IPv6 host record in any one of the TLD servers. If we find at least 1, its a pass.

piojan

#4
Quote from: broquea on November 22, 2008, 11:30:46 AM
We look for host records on the TLD servers themselves (with a direct query) for the AAAA of your domain's authoritative name servers.

Do I understand this correctly
sample domain: a.b.c.tld
$ dig ns tld
got a/b/c.dns.tld
$ dig aaaa a.b.c.tld @a-dns.tld
and are looking for a ipv6 address of a ns?

Is this correct?
Probably I am mising something.

kriteknetworks


snarked

QuoteWe're looking for 1 nameserver with an IPv6 host record in any one of the TLD servers. If we find at least 1, its a pass.
Then I must suggest that it isn't working.
Quote; <<>> DiG 9.6.0b1 <<>> snarked.org any @a0.org.afilias-nst.info
...
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61491
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 11, ADDITIONAL: 5

;; AUTHORITY SECTION:
snarked.org.            86400   IN      NS      ns.snarked.org.
...

;; ADDITIONAL SECTION:
ns.snarked.org.         86400   IN      A       67.43.172.250
...
ns.snarked.org.         86400   IN      AAAA    2607:f350:1::1:1

;; Query time: 241 msec
;; SERVER: 199.19.56.1#53(199.19.56.1)
;; WHEN: Mon Nov 24 19:11:54 2008
;; MSG SIZE  rcvd: 359
As noted, "ns.snarked.org" has IPv6 glue at the .ORG parent servers, yet the test fails ("Couldnt get AAAA for NS").

Similarly, the web server test for "www.snarked.org" also fails despite it having an IPv6 address and being reachable.

piojan

#7
Quote from: snarked on November 24, 2008, 11:29:13 AMThen I must suggest that it isn't working.

Lets put it this way - I know someone that had there domain passed but probably it shouldn't have been validated for having correct ipv6 glue - this is why I was asking for a more technical specification of how HE is tesing this glue.

Cheers,
PJ

snarked

...And conversely, I have a domain where it should work yet is failing.  I hope they're looking into this.