• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Why IPv6 AXFR transfer is not supported?

Started by lorenzoz, July 17, 2010, 12:42:34 PM

Previous topic - Next topic

lorenzoz

I don't think there is any technical issue, because i have found this service [ https://puck.nether.net/dns/login ] that doesn't have any problem making AXFR request via IPv6 to my DNS primary server.
I'm wondering why dns.he.net doesn't allow me to do this

broquea

Because the software doesn't support it yet. When it does, it will.

porjo

I'm wondering if there's been any progress on this? I take it this is still not supported as I'm see the following in my DNS master log after a zone file update:

Jun 18 12:53:25 dev pdns_server: Jun 18 12:53:25 Queued notification of domain 'example.com' to [2001:470:200::2]:53
Jun 18 12:53:25 dev pdns_server: Jun 18 12:53:25 Queued notification of domain 'example.com' to [2001:470:300::2]:53
Jun 18 12:53:25 dev pdns_server: Jun 18 12:53:25 Queued notification of domain 'example.com' to [2001:470:400::2]:53
Jun 18 12:53:25 dev pdns_server: Jun 18 12:53:25 Queued notification of domain 'example.com' to [2001:470:500::2]:53
Jun 18 12:53:59 dev pdns_server: Jun 18 12:53:59 Notification for example.com to [2001:470:200::2]:53 failed after retries
Jun 18 12:53:59 dev pdns_server: Jun 18 12:53:59 Notification for example.com to [2001:470:300::2]:53 failed after retries
Jun 18 12:53:59 dev pdns_server: Jun 18 12:53:59 Notification for example.com to [2001:470:400::2]:53 failed after retries
Jun 18 12:53:59 dev pdns_server: Jun 18 12:53:59 Notification for example.com to [2001:470:500::2]:53 failed after retries

divad27182

#3
I think it is supported.  My DNS slave zones on dns.he.net have an IPv6 address listed as the master, and have successfully downloaded.

The bit that you are showing, that might still not be supported, is notification to the slave that the master has changed. 

--David

divad27182

You might try seeing if sending your notification to slave.dns.he.net works any better.  That machine does all the slave transfers anyway.

Failing that, you might write to dnsadmin@he.net.

--David

porjo

Quote from: divad27182 on June 18, 2017, 10:54:35 AM
You might try seeing if sending your notification to slave.dns.he.net works any better.

Thanks for the suggestion, I've tried the v6 IP for 'slave.dns.he.net' unfortunately it doesn't respond either:

Jul 30 20:32:45 dev pdns_server[1708]: Jul 30 20:32:45 Notification for example.com to [2001:470:600::2]:53 failed after retries


divad27182

At this point, I would suggest packet sniffing the network connection to determine if the request is being lost or ignored, or if it has an error.  If the former, I would suspect you have network problems.  If the later, I would suspect DNS configuration problems.  Since the error talks of retries, I suspect the network problems.

OK, I decided to test before posting, and now I am really confused.  I can't seem to get an update to go through, though I have seen the transfer to slave happen.
I can report that ns1.he.net returns error "refused" (5), ns2 through ns5 return error "not implemented" (4), and slave.dns.he.net seems to not respond at all.

At this point, I suspect a problem inside he.net's DNS, and plan to write in.

divad27182

I wrote in, talked a bit, and they found out the problem I was having.  It turns out that

  • You should send the NOTIFYs to ns1.he.net.  The other I don't think matter, or work at all.  slave.dns.he.net does not work at all.
  • You MUST send the NOTIFYs with a source address equal to one of the registered master addresses.  This I had to be told by he.net staff, and is apparently what causes a "Refused" error.

Yes, IPv6 notifications do work, at least if you get your source address correct.  IPv6 transfers do work.

--David