.tk registry does not seem to support AAAA glue

[somedood]

Hi,
although it is stated here that it would work: http://bgp.he.net/report/dns/tk
I cannot set NS AAAA Glue records via their end user forms (my.dot.tk) or via the reseller API:
http://www.nic.tk/en/domainshareapi.html#H12-05

Their server would only accept IPv4 addresses.

Did anyone succeed in creating such a record, or is the report just wrong?
Or am I doing it wrong (Do they check SOA records on the DNS?)?

[kcochran]

The report is based on observed information.  Whether or not the registrar will let you set it via their normal channels or at all isn't reflected on the report, it just means the report generation saw some AAAA glue in the root for .tk.

Best suggestion for if they will let you set glue yourself is to contact the registrar.  This sort of manual involvement isn't too uncommon.  I know Network Solutions has required that for AAAA host records in the past.

[somedood]

Thanks for the info. I will try to contact them...

[arader]

I used a .tk domain just fine without having to set any glue records. Once I finished setting up the PTR record for my mail domain and passed the Professional test, I didn't need to do any additional configuration to pass the rest of the tests.

I use cloudns.net as my dns provider.

[somedood]

Maybe you took the old test. There was a topic somewhere describing that the test was changed. It should now be querying root DNS Servers of the registry, so there is no way to pass without proper glue records. Or am I mistaken?

[d3xt3r01]

Yes .. I've tried contacting them for the past > 2 years now ( really, I've asked 2 times every year since 2011 ).. same answer every time .. "We do not support IPv6 at this time and do not have any immediate plans to upgrade."
So, what should one do to pass the sage test !?

[kcochran]

The .tk roots have IPv6 IPs.  Now, if you go outside of the .tk hierarchy for your NS records on your .tk domain, then whether or not they do glue for .tk is irrelevant, since those glue records would be handled by the other TLD.

Process for that would be something like the following:
Find nameservers for foo.tk
.(NSs with AAAA)
.tk(NSs with AAAA)
   delegation to ns1.example.com

Resolve ns1.example.com
.(cached NSs)
.com(NSs with AAAA)
  example.com(NSs with AAAA)
  ns1.example.com(AAAA)

Finish resolution of foo.tk against ns1.example.com (same routine as Guru)

[d3xt3r01]

So it goes like this
find nameservers for d3xt3r01.tk:
. NSs with AAAA
a.root-servers.net.     604709  IN      AAAA    2001:503:ba3e::2:30
d.root-servers.net.     604709  IN      AAAA    2001:500:2d::d
f.root-servers.net.     604710  IN      AAAA    2001:500:2f::f
h.root-servers.net.     604710  IN      AAAA    2001:500:1::803f:235
i.root-servers.net.     604710  IN      AAAA    2001:7fe::53
j.root-servers.net.     604709  IN      AAAA    2001:503:c27::2:30
l.root-servers.net.     604710  IN      AAAA    2001:500:3::42
m.root-servers.net.     604710  IN      AAAA    2001:dc3::35

.tk NSs with AAAA
a.ns.tk.                14128   IN      AAAA    2001:678:50::1
b.ns.tk.                14128   IN      AAAA    2001:678:54::1
c.ns.tk.                14129   IN      AAAA    2001:678:58::1
d.ns.tk.                14110   IN      AAAA    2001:678:5c::1

d3xt3r01.tk.            300     IN      NS      ns1.d3xt3r01.tk.

Unfortunately .tk's doesn't allow me to set ipv6 for my ns :) only v4 .
Even if I have an aaaa entry in my NS

ns1.d3xt3r01.tk.        259200  IN      AAAA    2001:470:1f0b:1186::2

[kcochran]

Right.  You'd need an NS out of the .tk zone, and with sufficient glue to permit a v6-only resolution from the root.

And to clarify a comment earlier in the thread, the Sage test wasn't really changed in purpose, just in implementation.  The overall goal for the test has been to be able to resolve fully in a v6-only environment.  The earlier test was just not the smartest about handling how it verified this, and would fail at times it shouldn't, and potentially succeed on the rare case it shouldn't.  It's far more robust now, and eliminated the manual override that was sometimes needed for certain zones that would fail on the old test, when they were perfectly valid.

[d3xt3r01]

So ..I can't pass it because of my TLD :| And there's nothing I can do about it ! :| Or is there ?

"Congratulations, you are an IPv6 Guru! To complete the Sage Test you will need the authoritative nameservers for your domain, ipv6.d3xt3r01.tk have IPv6 glue at the registrar"

Any way to change that domain with another one ?

[kcochran]

The TLD isn't the failing point here.  It's that you have no nameservers for the domain that have IPv6.  .tk won't let you put in the AAAAs on NS records within .tk, but if you had a nameserver on a domain not within .tk, but in a TLD that has v6 glue, this could work.

If you want to reset the hostname you're using, from the FAQ:

If possible, could I have the certification test reset?

You can reset your certification level back to the 'Explorer' level. Simply log into your account and visit http://ipv6.he.net/certification/reset_explorer.php. Please remember that once you set back your certification level, you must retake all the certification tests

[d3xt3r01]

Got it :) Will fix soon :) ( will make my .tk ns point to something that supports v6 :D )
Thanks for your patience and understanding.