• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

test-ipv6.com DNS wierdness

Started by ravenstar, February 21, 2013, 12:06:55 PM

Previous topic - Next topic

ravenstar

OK

Can someone please explain why, when I set my DNS servers to 2001:470:200::2 and 2001:470:300::2 I am getting marked down on test-ipv6.com

It tells me that the DNS servers do not appear to have IPv6 access.

Using nslookup I have confirmed it is using he's nameservers rather than my ISP's.  And changing the servers to Googles public DNS addresses gives me 10/10 score again.

Any ideas?

Ravenstar

broquea

Those are not recursors, they are authoritative only for the domains they host. You want to use 2001:470:20::2

kasperd

Quote from: broquea on February 21, 2013, 12:38:10 PMYou want to use 2001:470:20::2
But having only a single DNS server isn't good for reliability. You should configure 2 or 3. Last I checked HE provided only a single official anycast IP for the purpose. But you can actually use unicast addresses of the individual DNS servers as well.

A configuration that has worked for me is to use 2001:470:20::2 as primary and then the unicast address of another DNS server as secondary. Another way to configure it is to use 2001:470:20::2 as primary and a completely different provider as secondary.

broquea

And going a step farther, relying on 2 dns provided by the same provider is potentially just as bad as a single resolver, so maybe use Google's anycasted recursor on IPv6 in addition to the anycasted one from HE :D

ravenstar

Thanks for the info

Only one thing to say to that - "Doh"  : ;D

Ravenstar

snarked

Note the difference between a RECURSIVE RESOLVER and an AUTHORITATIVE SERVER.

Although there is no RFC or standard which mandates two or more resolvers be used, it is still a good practice to do so.  HE offers only one, and that's their choice.