• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Enthusiast test error: Could not grab the file via IPv6 HTTP

Started by rd85, April 25, 2012, 09:44:35 PM

Previous topic - Next topic

rd85

Hi all,
Not sure what I am doing wrong, but I cannot get the Enthusiast test work properly.

1. I registered a domain name at godaddy.com: dostiedemo.info
2. I created a AAAA record to point to the local endpoint address of my tunnel: 2001:5c0:1000:a::d07 (I used the gogo6 client to create the tunnel)
3. I set up an IIS web server and placed a file named dydrh6atcb.txt in the wwwroot folder.
4. I can access the full URL - http://dostiedemo.info/dydrh6atcb.txt - and I can also access the site via its IPv6 address from outside my local network.

Yet, the test keeps returning the same error:

Could not grab the file via IPv6 HTTP
[Reset Test]
Help   Step   Description   Data
   [1]   Completed: Code generated    dydrh6atcb
   [2]   Completed: Valid FQDN entered    http://dostiedemo.info /
   [3]   Completed: URL created:    http://dostiedemo.info/dydrh6atcb.txt

Any suggestions or ideas to try would be appreciated!
Thanks!

jtcloe

First time I tried, it couldn't resolve the name, second time I tried it worked.

I didn't really do any trouble shooting, but, possibilities are:

  • Flaky DNS server
  • Zone isn't replicating correctly between DNS servers
  • HE could have cached DNS data from an earlier but incorrect zone file, in which case after TTL, it will try again
I don't know if HE gave you any specific error, but other possibilities are:

  • Firewall issue (could be yours, could be whoever you are getting your IP from)
  • Peering issue (since you aren't using an  HE ip address, are you sure HE and whoever your IP is from have a peering agreement?)

Why not use a tunnel from HE that you actually configure yourself on your own router or computer?  Using a "cheater box" seems a little like, well, cheating...


kasperd

Quote from: jtcloe on April 25, 2012, 10:26:05 PMFirst time I tried, it couldn't resolve the name, second time I tried it worked.
For me it worked the first time. Then it failed the second time and kept failing a few times. Before I figured out the reason the proper record was cached on both the recursive resolvers I have configured (2001:470:0:11e::2 and 2001:470:20::2).

After that I was able to reproduce the problem attempting to look up the A record of the domain. The failing lookup did not return an error, rather it returned no record. In other words the answer indicates the domain exists, but has no record of that type. Such a reply is usually served with an additional SOA record indicating for how long it should be cached. But there is no SOA record, which AFAIR means the recursive resolver is supposed not to cache it.

Quote from: jtcloe on April 25, 2012, 10:26:05 PMI didn't really do any trouble shooting, but, possibilities are:

  • Flaky DNS server
  • Zone isn't replicating correctly between DNS servers
That is it. The domain has four authoritative DNS servers. Two of them returns answers, two of them return no answers. Either replicate the same data on all four DNS servers, or remove the NS records pointing at the two DNS servers that have no records for the zone.

Quote from: jtcloe on April 25, 2012, 10:26:05 PMWhy not use a tunnel from HE that you actually configure yourself on your own router or computer?  Using a "cheater box" seems a little like, well, cheating...
Ain't the service provided by gogo6 essentially the same as what is provided by HE? Whether you use one tunnelbroker or another or even native IPv6 from your ISP shouldn't affect the result.

cholzhauer

Quote
Ain't the service provided by gogo6 essentially the same as what is provided by HE? Whether you use one tunnelbroker or another or even native IPv6 from your ISP shouldn't affect the result.

You're exactly right, but that doesn't mean isn't better than the other ;)

rd85

Thanks for the feedback everyone, I really appreciate it!
I should have done this before, but I just did an nslookup using HE's name servers, and they still don't seem to know about my domain:

>nslookup dostiedemo.info ns2.he.net
Server: ns2.he.net
Address: 216.66.80.18

***No internal type for both IPv4 and IPv6 Addresses (A+AAAA) records available for dostiedemo.info

Google and other public DNS servers do return the quad-A record. Does it usually take a long time for HE's name servers to catch up? Should I transfer my DNS records to HE's name servers?

As to the tunnel broker, I only used gogo6 because it was the first one I came across awhile back and it hasn't given me any problems, but I can certainly give it a try using HE's service.

broquea

Your domain lists ns1 and ns5 in whois, however they don't seem to know anything like a zone. dig +trace shows that only the domaincontrol.com name servers have the AAAA records, but are IPv4 only. You should go check that you created the zone correctly in dns.he.net if that is what you used in order to list HE name servers.

jtcloe

Quote from: cholzhauer on April 26, 2012, 05:26:31 AM
Quote
Ain't the service provided by gogo6 essentially the same as what is provided by HE? Whether you use one tunnelbroker or another or even native IPv6 from your ISP shouldn't affect the result.

You're exactly right, but that doesn't mean isn't better than the other ;)
Should be right, except its wrong.

Just google ipv6 Cogent HE, or ipv6 Cogent Google.  Basically, Cogent is a big *** when it comes to peering, so had this ip ultimately gone through cogent (which I've since researched and it doesn't) the test would have failed, even if the rest of the world could have seen it.

To over simplify it, there are TWO versions of the ipv6 internet, Cogent, and everyone else.

Unfortunately a lot of people either peer with Cogent, or directly or indirectly get their pipe from Cogent.

rd85

Quote from: broquea on April 26, 2012, 07:49:09 AM
You should go check that you created the zone correctly in dns.he.net if that is what you used in order to list HE name servers.
This was it! It's working fine now. I was originally using the godaddy name servers, but changed over to HE after finding out that godaddy doesn't support reverse DNS. Thought I had already added the AAAA record under dns.he.net, but apparently not, as I discovered when I double-checked today... This is what I get for trying to set this up at 1:00am, with insufficient quantities of caffeine  ;D
Thanks for the extra set of eyes and for putting up with a noob...

kasperd

Quote from: rd85 on April 26, 2012, 04:27:07 PMI was originally using the godaddy name servers, but changed over to HE after finding out that godaddy doesn't support reverse DNS.
Who is telling all those noobs, that they have to host forward DNS and reverse DNS on the same authoritative DNS servers? It is perfectly sensible to leave forward DNS wherever it is already hosted, and have the reverse DNS hosted on HE DNS servers. Of course where you will be able to host reverse DNS will ultimately depend on your tunnel provider. If you use tunnelbroker.net for your tunnels, you are given freedom to choose where you want reverse DNS hosted, you can even host it yourself. I don't know if other tunnel providers give the same freedom.