Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: No AAAA record  (Read 4540 times)

bmgtenty

  • Newbie
  • *
  • Posts: 5
No AAAA record
« on: April 22, 2010, 02:06:16 AM »

Hi,

I started with the Administrator level and sending of an email to my domain  tenty.ca 
and receive the error:  no AAAA record.

I have  A  and AAAA records for tenty.ca and ns1.tenty.ca and they  resolve correctly from
other servers at internet

I queried also the dns 2001:470:20::2  & 74.82.42.42  of  he.net and they  resolve also correctly
there so I don't understand it.

Greetings,

Bob




Logged

jimb

  • Hero Member
  • *****
  • Posts: 805
  • ^^^ Warped picture
Re: No AAAA record
« Reply #1 on: April 22, 2010, 04:46:42 AM »

I see the AAAA.  Sometimes the HE name server they cert machine resolves against gets negative cache entries.  This will typically happen if your NS doesn't have the AAAA when it first queries (misconfiguration or whatever).  If you wait a bit, it may just start working.
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2737
Re: No AAAA record
« Reply #2 on: April 22, 2010, 04:57:19 AM »

Same here...I'm able to see the AAAA records...have you been able to re-try the test?

IIRC, when I made the changes that were needed to pass the sage test, it took a couple of days for them to become active.
Logged

jimb

  • Hero Member
  • *****
  • Posts: 805
  • ^^^ Warped picture
Re: No AAAA record
« Reply #3 on: April 22, 2010, 05:42:38 AM »

This happens enough that if I were running the cert stuff, I'd set up a recursive name server dedicated to the cert tests, and run a cron job that flushes the caches every five minutes or so (rndc flush).  That way if there was a neg cache or some misconfigured item cached, it would only last five minutes.
Logged

bmgtenty

  • Newbie
  • *
  • Posts: 5
Re: No AAAA record
« Reply #4 on: April 22, 2010, 06:24:40 AM »

I just tried and now it is working again  and I  could do the test.

Strange as I had  always the correct AAAA records in my dns.

Anyhow  whatever it is at HE, thanks  for the reponse.

Bob
Logged

kcochran

  • Sr. Network Engineer, Hurricane Electric
  • Administrator
  • Sr. Member
  • *****
  • Posts: 419
Re: No AAAA record
« Reply #5 on: April 22, 2010, 08:19:24 AM »

This happens enough that if I were running the cert stuff, I'd set up a recursive name server dedicated to the cert tests, and run a cron job that flushes the caches every five minutes or so (rndc flush).  That way if there was a neg cache or some misconfigured item cached, it would only last five minutes.

It does use a local caching recursor.  Alas, the only way to do that and make it available to the various testing bits is to make it the system global one.  Restarting it that often has caused issues in the brief window when it's restarting.

Consider it an additional educational element on DNS TTL values. ;-)
Logged

jimb

  • Hero Member
  • *****
  • Posts: 805
  • ^^^ Warped picture
Re: No AAAA record
« Reply #6 on: April 22, 2010, 03:33:04 PM »

This happens enough that if I were running the cert stuff, I'd set up a recursive name server dedicated to the cert tests, and run a cron job that flushes the caches every five minutes or so (rndc flush).  That way if there was a neg cache or some misconfigured item cached, it would only last five minutes.

It does use a local caching recursor.  Alas, the only way to do that and make it available to the various testing bits is to make it the system global one.  Restarting it that often has caused issues in the brief window when it's restarting.

Consider it an additional educational element on DNS TTL values. ;-)
I wonder if using "rndc flush" would be disruptive?  I can see how restarting would cause problems, but with "rndc flush" it doesn't stop the DNS server, just tells it to dump its cache (presumably negative cache entries too).  Presuming you're using BIND.

Yeah I was also thinking that it's sort of part of the deal to have to wait for DNS if you dork it up, since the same thing would happen in a non test scenario too.  :)
« Last Edit: April 22, 2010, 03:36:01 PM by jimb »
Logged