Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Guru test - Couldn't get AAAA for NS  (Read 1717 times)

jnojr

  • Newbie
  • *
  • Posts: 1
    • View Profile
Guru test - Couldn't get AAAA for NS
« on: April 11, 2014, 01:58:04 PM »

Butů

Code: [Select]
flamingo:~ joliver$ dig -6 aaaa ns2.sdsitehosting.net

; <<>> DiG 9.8.5-P1 <<>> -6 aaaa ns2.sdsitehosting.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21205
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; QUESTION SECTION:
;ns2.sdsitehosting.net. IN AAAA

;; ANSWER SECTION:
ns2.sdsitehosting.net. 476 IN AAAA 2600:3c01::f03c:91ff:fe96:bbec

;; AUTHORITY SECTION:
sdsitehosting.net. 163029 IN NS puck.nether.net.
sdsitehosting.net. 163029 IN NS ns2.sdsitehosting.net.

;; ADDITIONAL SECTION:
puck.nether.net. 9093 IN A 204.42.254.5
puck.nether.net. 79745 IN AAAA 2001:418:3f4::5
ns2.sdsitehosting.net. 476 IN A 173.230.157.122

;; Query time: 2 msec
;; SERVER: 2001:480:10:4::2#53(2001:480:10:4::2)
;; WHEN: Fri Apr 11 13:14:30 PDT 2014
;; MSG SIZE  rcvd: 167

flamingo:~ joliver$ dig -6 aaaa puck.nether.net

; <<>> DiG 9.8.5-P1 <<>> -6 aaaa puck.nether.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63474
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4

;; QUESTION SECTION:
;puck.nether.net. IN AAAA

;; ANSWER SECTION:
puck.nether.net. 79736 IN AAAA 2001:418:3f4::5

;; AUTHORITY SECTION:
nether.net. 92962 IN NS puck.nether.net.
nether.net. 92962 IN NS anyns.pch.net.
nether.net. 92962 IN NS thorn.blackrose.org.

;; ADDITIONAL SECTION:
puck.nether.net. 9084 IN A 204.42.254.5
thorn.blackrose.org. 79736 IN A 204.42.254.7
anyns.pch.net. 86933 IN A 204.61.216.4
anyns.pch.net. 533 IN AAAA 2001:500:14:6004:ad::1

;; Query time: 37 msec
;; SERVER: 2001:480:10:4::2#53(2001:480:10:4::2)
;; WHEN: Fri Apr 11 13:14:39 PDT 2014
;; MSG SIZE  rcvd: 208

I did search, and there are several threads about this, but a plethora of possible causes.  One of these name servers I have no control over, and if there's no glue record for it, there's nothing I can do.  My IPv6 has been set up for months now, so this shouldn't (famous last words!) have to do with caches.  I did just get the reverse DNS for my v6 address set, and that record has a TTL of 10800, but that shouldn't be the issue here...
Logged

tsprinzing

  • Newbie
  • *
  • Posts: 1
    • View Profile
Re: Guru test - Couldn't get AAAA for NS
« Reply #1 on: January 06, 2017, 07:05:57 AM »



I did search, and there are several threads about this, but a plethora of possible causes.  One of these name servers I have no control over, and if there's no glue record for it, there's nothing I can do.  My IPv6 has been set up for months now, so this shouldn't (famous last words!) have to do with caches.  I did just get the reverse DNS for my v6 address set, and that record has a TTL of 10800, but that shouldn't be the issue here...

I found one test, reset the certification, re-did everything up to sage status, but then... same thing here. How did this guy get over it 2 years ago?

Any hints?
Logged

shdwdrgn

  • Newbie
  • *
  • Posts: 1
    • View Profile
Re: Guru test - Couldn't get AAAA for NS
« Reply #2 on: June 01, 2017, 09:12:29 AM »

Since I just went through this myself, I thought I'd offer up some hints...

First off, OP's dig query is reading information from their own DNS server, and not from the glue records.  To get the glue records, you first need to know the nameservers for your domain's TLD.  We'll work with OP's .net domain as an example:

Code: [Select]
# dig +short NS net.

l.gtld-servers.net.
f.gtld-servers.net.
i.gtld-servers.net.
m.gtld-servers.net.
b.gtld-servers.net.
a.gtld-servers.net.
g.gtld-servers.net.
e.gtld-servers.net.
d.gtld-servers.net.
c.gtld-servers.net.
k.gtld-servers.net.
h.gtld-servers.net.
j.gtld-servers.net.

Pick any one of the servers from the list, it doesn't matter which.  Now we can read the glue record directly from the TLD:

Code: [Select]
# dig +norec NS ns2.sdsitehosting.net @d.gtld-servers.net

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +norec NS ns2.sdsitehosting.net @d.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27100
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 4

;; QUESTION SECTION:
;ns2.sdsitehosting.net.         IN      NS

;; AUTHORITY SECTION:
sdsitehosting.net.      172800  IN      NS      puck.nether.net.
sdsitehosting.net.      172800  IN      NS      ns2.sdsitehosting.net.

;; ADDITIONAL SECTION:
puck.nether.net.        172800  IN      A       204.42.254.5
puck.nether.net.        172800  IN      AAAA    2001:418:3f4::5
ns2.sdsitehosting.net.  172800  IN      A       173.230.157.122
ns2.sdsitehosting.net.  172800  IN      AAAA    2600:3c01::f03c:91ff:fe96:bbec

;; Query time: 22 msec
;; SERVER: 192.31.80.30#53(192.31.80.30)
;; WHEN: Thu Jun  1 09:42:51 2017
;; MSG SIZE  rcvd: 167

The information you are looking for is in the Additional section, and this shows that OP has been able to successfully add IPv6 glue records since their original post.

The important thing here is that YOU cannot add glue records simply by adding AAAA records to your domain's DNS.  This is something you need to handle through your domain registrar, and not all of them are capable of working with IPv6.  For example, my domains are through NameCheap -- two weeks ago I asked them to add glue records for two of my domains.  The .us domain was updated within a few hours, but I'm still waiting for the .net domain to be updated.  What you want to look for at your registrar's web site is the ability to add nameservers to your domain.  This is not the same as your registrar managing DNS records, this is something that should be directly within management of your domain.  In the case of NameCheap there is a tab for Advanced DNS, and under that it allows me to add new IPv4 nameservers by entering the domain (such as ns1.example.com) and IP address (the actual IP of my own DNS servers).  Some registrars may allow you to directly enter IPv6 records here, but NameCheap required me to submit a trouble ticket.  The nameservers you enter in this location are the same entries you will see when you perform a 'whois' on your domain.  Additionally, you can add nameservers from other domains.  In my case I had nameserver entries from both my .net and .us domain entered, so when HE tried checking my .net domain for IPv6 glue records, it successfully found the .us IPv6 glue records allowing me to pass the Sage test.
Logged