• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Is there a way to see what he's servers see?

Started by bombcar, October 21, 2010, 11:22:42 AM

Previous topic - Next topic

bombcar

I had an error in my DNS, I have a TTL of 84600, and I can't pass the mail test; I think the cache is pulling the old data.

Is there a way to use he's servers to verify it's a caching issue and not something else? I've tried to resolve from a few places but since this domain is IPv6 only it's been a bit difficult.

http://www.nabber.org/projects/dnscheck/?domain=ipadapplesale.com&ipv6=on&nocache=on

looks good but it doesn't show the MX test.

snarked

Use http://network-tools.com/nslook/ and specify HE's name servers (one at a time; there are five).

bombcar

Are they ns1-ns5.he.net? Because I get a straight-up failure on them with that tool.

Isn't that the same as:

dig @ns1.he.net google.com

which fails because they don't recurse?

bombcar


snarked

Re-Reply #2:  Yes, those are the servers' names.  However, do not query them with type "ANY" as they don't seem to support that.  A query with a specific RR-type should work.

bombcar

Hmm. They don't love me:
dig @ns1.he.net ipadapplesale.com aaaa

; <<>> DiG 9.7.1 <<>> @ns1.he.net ipadapplesale.com aaaa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 45353
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;ipadapplesale.com.             IN      AAAA

;; Query time: 27 msec
;; SERVER: 216.218.130.2#53(216.218.130.2)
;; WHEN: Fri Oct 22 16:48:40 2010
;; MSG SIZE  rcvd: 35


I have my suspicions about a domain that has NOTHING but AAAA available, and no A glue.

broquea

#6
Not seeing us host that domain (not a webhosting account, not in dns.he.net...), so no idea why you are querying AUTHORITATIVE servers and think they are CACHING RECURSORS:

 Domain servers in listed order:
     IPV6.IPADAPPLESALE.COM
     NS1.IPADAPPLESALE.COM


NS1-5.HE.NET != caching recursors

bombcar

That's what I thought. There's no way to see what he.net sees.

lukec

Forgive me for plagerising broquea

HE do run recursive nameservers for their co-location customers and their tunnelbroker.net users.
If you look at your tunnel's details page, HE list the anycasted IPv4
and IPv6 address of the recursor. Their recursor also participates in the
Google Whitelisting.

I made the same mistake...
Regards
lukec