• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

nameserver's problem

Started by helel, June 11, 2008, 01:35:41 PM

Previous topic - Next topic

helel

Hi to all
I've got a big problem on setting my nameserver on my subnet classes.
What I should do ?
Can you see if there are problems on dns settings ?
Thank you a lot!

broquea

I see that you've set delegation to ns1-3.afraid.org

What exactly is the problem, we need more details.

Also remember that you can only delegate for your routed /64 and /48 allocations, and never the point-to-point /64.

helel

debian:~# host -n 2001:470:1f0b:40c:: ns1.he.net
Using domain server:
Name: ns1.he.net
Address: 216.218.130.2#53
Aliases:

0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.4.0.b.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa has no PTR record

debian:~# dig 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.4.0.b.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa NS

; <<>> DiG 9.4.2 <<>> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.4.0.b.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa NS
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 18631
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.4.0.b.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. IN NS

;; Query time: 1008 msec
;; SERVER: 85.37.17.43#53(85.37.17.43)
;; WHEN: Thu Jun 12 00:14:01 2008
;; MSG SIZE  rcvd: 90


This is my problem, no NS setted

broquea

All 5 HE.NET nameservers know to delegate to ns1-3.afraid.org

Query against ns1.he.net shows delegation:
dig @ns1.he.net -x 2001:0470:1f0b:40c::1

; <<>> DiG 9.5.0rc1 <<>> @ns1.he.net -x 2001:0470:1f0b:40c::1
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32548
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.4.0.b.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. IN PTR

;; AUTHORITY SECTION:
c.0.4.0.b.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 4900 IN NS ns1.afraid.org.
c.0.4.0.b.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 4900 IN NS ns2.afraid.org.
c.0.4.0.b.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. 4900 IN NS ns3.afraid.org.

;; Query time: 3 msec
;; SERVER: 216.218.130.2#53(216.218.130.2)
;; WHEN: Wed Jun 11 15:23:49 2008
;; MSG SIZE  rcvd: 154


Query against delegated server ns1.afraid.org shows the REFUSED status
dig @ns1.afraid.org -x 2001:0470:1f0b:40c::1

; <<>> DiG 9.5.0rc1 <<>> @ns1.afraid.org -x 2001:0470:1f0b:40c::1
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 31806
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.4.0.b.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa. IN PTR

;; Query time: 44 msec
;; SERVER: 67.19.72.206#53(67.19.72.206)
;; WHEN: Wed Jun 11 15:23:59 2008
;; MSG SIZE  rcvd: 90


You'll want to check your rDNS configuration with afraid.org.

snarked

I note that the IPv6 lookups do reference all 5 of HE's name servers.  However, the forward lookup does not.

Quotehe.net.              170251  NS      ns1.he.net.
                        170251  NS      ns2.he.net.
                        170251  NS      ns3.he.net.

No ns4 or ns5.  Intentional or an oversight?

broquea

Quote from: snarked on July 04, 2008, 07:57:47 PM
I note that the IPv6 lookups do reference all 5 of HE's name servers.  However, the forward lookup does not.

Quotehe.net.              170251  NS      ns1.he.net.
                        170251  NS      ns2.he.net.
                        170251  NS      ns3.he.net.

No ns4 or ns5.  Intentional or an oversight?

ns4-5 are recently added (last 6mo+) to our production authoritative nameserver pool. The first step was to migrate the rDNS for our /32 from ns1.ipv6.he.net/ns2.ipv6.he.net to all 5 nameservers. The next phase is working with the registrar to get glue, as well as updating to have all 5 listed for our domain. Since the first 3 work without issue serving all the forward entries we host, we haven't felt pressed for time on adding the remaining 2 nameservers so we don't have an ETA on when the other 2 will be added at the registrar.