• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Configuring for a newbie

Started by jamescoyle1, January 22, 2014, 06:33:21 PM

Previous topic - Next topic

jamescoyle1

Okay, so I got my tunnel configured and all the tests say I'm ready to go..BUT since I really don't know what I'm doing yet I want to be sure I've got everything configured correctly. Attached at the pertinent screen shots. My biggest question is whether the Network System Preference has to be manually configured in a way similar to the manual configuration on the Airport. I'd be grateful for any help with this. Thanks.

cholzhauer


jamescoyle1


broquea

Usually the IPv6 lan address should end with ::1 not :: but otherwise looks like a sane config. Also, no native on your comcast connection? Do their recursors allow non-comcast IPv6 address space to access them?

jamescoyle1

I really don't know enough to provide an intelligent answer. I think the missing digit was because I didn't know what to enter...  Also, I'm ostensibly trying to use Open DNS for my iPv4 access...perhaps that's why things may look a little strange to you...thanks for the input.

kasperd

Quote from: jamescoyle1 on January 22, 2014, 07:43:37 PMI'm ostensibly trying to use Open DNS for my iPv4 access...
Given their history of injecting their own IP address into DNS replies, where they should not have done so, I suggest using another provider. I'd much rather use DNS servers provided by HE or Google.

jamescoyle1

Pardon my ignorance, by why is that a bad thing?

kasperd

Quote from: jamescoyle1 on January 23, 2014, 12:41:23 AMPardon my ignorance, by why is that a bad thing?
If you try to resolve a domain name, which does have an A (or AAAA) record, and they inject their own IP address instead of the correct one, that means your traffic will be sent through the OpenDNS server, instead of directly to the correct server.

That means a slower connection, and OpenDNS will be able to log and/or modify the traffic. And one would guess they do either log or modify the traffic, as otherwise there wouldn't be any point in them injecting their own IP address in the first place.

When they inject their own IP address on a nonexisting domain (or an existing domain with no such record in the first place), they can break applications, which rely on getting a correct response. For example when using domain names, which are not fully qualified, there are multiple possible variations of the name to resolve. The order in which they are resolved depends on a few different factors, but the exact order is not important in order to see the problem. When an application is resolving the possible variations one by one, until it finds the one, which does exist, you can get broken behaviour by a DNS server inserting fake responses on queries for non-existing names.

jamescoyle1

Thanks. You made it clear for me.  I've switched to the Comcast entries.

jamescoyle1

Quote from: broquea on January 22, 2014, 06:42:29 PM
Usually the IPv6 lan address should end with ::1 not :: but otherwise looks like a sane config. Also, no native on your comcast connection? Do their recursors allow non-comcast IPv6 address space to access them?

The Airport config example says "Routed \64 connection without \64 suffix" - Hence I left the "64" off at the end. Please correct me if I'm in error.

Thanks.

jamescoyle1

Still wondering what I should be entering for DNS.  Currently, I'm trying to use Comcast's which is I think 2001:558:feed:1 & 2.  Their web site shows FEED rather than "feed,' - I don't know whether that's case sensitive or not. Should I instead be using the DNS settings suggested here?

I've noticed that since configuring everything that Safari is considerably slower (although I haven't really noticed it as much in Chrome and Firefox).


kasperd

Quote from: jamescoyle1 on January 24, 2014, 06:47:16 PMCurrently, I'm trying to use Comcast's which is I think 2001:558:feed:1 & 2.  Their web site shows FEED rather than "feed,' - I don't know whether that's case sensitive or not.
It is not case sensitive. However the address you wrote is not syntactically correct. Perhaps you forgot a : somewhere. It looks like 2001:558:feed::1 is a DNS resolver, but it does not accept requests from HE IPv6 addresses, so if you try to use that through your tunnel, don't expect it to work.

Instead I recommend trying this list of anycast DNS resolvers:
  • 2001:470:20::2
  • 2001:4860:4860::8844
  • 2001:4860:4860::8888
The first is from HE the other two are from Google.