• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

both IPv6 and IPv4 he.net resolvers are nto working

Started by techniq, May 11, 2011, 04:16:41 AM

Previous topic - Next topic

techniq

The DNS servers 2001:470:20::2 and 74.82.42.42 are not resolving names.  Anyone else see the same?

cholzhauer

Seems to work



[carl@mars ~]$ dig aaaa google.com @2001:470:20::2

; <<>> DiG 9.6.2-P2 <<>> aaaa google.com @2001:470:20::2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19744
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.                    IN      AAAA

;; ANSWER SECTION:
google.com.             247     IN      AAAA    2001:4860:800b::63

;; Query time: 41 msec
;; SERVER: 2001:470:20::2#53(2001:470:20::2)
;; WHEN: Wed May 11 07:24:45 2011
;; MSG SIZE  rcvd: 56


cessnaflyer

I'm seeing extreme slowness and SERVFAILs.  I've fallen back to OpenDNS for the moment.

It makes perfect sense that every household should have its own /48 once IPv6 is more widely used.  After all, it's not like we'll run out of IP addresses... again.

johnpoz

I run my own dns, but just queried theirs and not seeing any issues.

cessnaflyer

Perhaps the varying problems (or not) are because the address is Anycasted. Which Tunnel endpoint is everybody using? I'm on Ashburn, VA.

It makes perfect sense that every household should have its own /48 once IPv6 is more widely used.  After all, it's not like we'll run out of IP addresses... again.

cholzhauer


SirLauncelot

I can't get to the HE IPv4 Anycast DNS, but can get to the IPv6 site.  I don't know if HE started blocking outside access to their v4 address?  Considering most do not route the IPv4 across the tunnel, they take two paths.


mills@Dilbert:~> dig aaaa google.com @2001:470:20::2

; <<>> DiG 9.7.3 <<>> aaaa google.com @2001:470:20::2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7546
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.         IN   AAAA

;; ANSWER SECTION:
google.com.      190   IN   AAAA   2001:4860:800c::67

;; Query time: 14 msec
;; SERVER: 2001:470:20::2#53(2001:470:20::2)
;; WHEN: Wed May 11 09:52:42 2011
;; MSG SIZE  rcvd: 56

mills@Dilbert:~> dig aaaa google.com @74.82.42.42

; <<>> DiG 9.7.3 <<>> aaaa google.com @74.82.42.42
;; global options: +cmd
;; connection timed out; no servers could be reached



mills@Dilbert:~> ping 74.82.42.42
PING 74.82.42.42 (74.82.42.42) 56(84) bytes of data.
^C
--- 74.82.42.42 ping statistics ---
9 packets transmitted, 0 received, 100% packet loss, time 7995ms

mills@Dilbert:~> ping6 2001:470:20::2
PING 2001:470:20::2(2001:470:20::2) 56 data bytes
64 bytes from 2001:470:20::2: icmp_seq=1 ttl=63 time=16.6 ms
64 bytes from 2001:470:20::2: icmp_seq=2 ttl=63 time=17.4 ms
64 bytes from 2001:470:20::2: icmp_seq=3 ttl=63 time=15.3 ms
^C
--- 2001:470:20::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 15.339/16.474/17.433/0.876 ms

cholzhauer

No problems with IPv4 here either



[carl@mars ~]$ dig aaaa google.com @74.82.42.42

; <<>> DiG 9.6.2-P2 <<>> aaaa google.com @74.82.42.42
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27964
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.                    IN      AAAA

;; ANSWER SECTION:
google.com.             236     IN      AAAA    2001:4860:800b::67

;; Query time: 81 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Wed May 11 09:59:11 2011
;; MSG SIZE  rcvd: 56


jgeorge


johnpoz

Here in Chicago tried some odd ball site pulled from sixy.ch ipv6 site feed no issues

; <<>> DiG 9.7.3 <<>> @74.82.42.42 brabbelaar.nl AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20054
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;brabbelaar.nl.                 IN      AAAA

;; ANSWER SECTION:
brabbelaar.nl.          3600    IN      AAAA    2a02:cc8::96:52

;; Query time: 196 msec
;; SERVER: 74.82.42.42#53(74.82.42.42)
;; WHEN: Wed May 11 11:17:25 2011
;; MSG SIZE  rcvd: 59

; <<>> DiG 9.7.3 <<>> @2001:470:20::2 brabbelaar.nl AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16280
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;brabbelaar.nl.                 IN      AAAA

;; ANSWER SECTION:
brabbelaar.nl.          3515    IN      AAAA    2a02:cc8::96:52

;; Query time: 37 msec
;; SERVER: 2001:470:20::2#53(2001:470:20::2)
;; WHEN: Wed May 11 11:18:51 2011
;; MSG SIZE  rcvd: 59



broquea

There was a large DDOS against Ashburn's regular tserv last night, that needed a pretty gnarly filter applied. I tried to minimize what services would get impacted, and for the most part the tunnels themselves were unaffected, however DNS might have been not 100%. The DDOS is gone and so is the filter. Please retest.

jimb

Are you guys using anything like SRTBH to combat DOS attacks?