Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Guru Level Test failing using HE's DNS?  (Read 3727 times)

cessnaflyer

  • Newbie
  • *
  • Posts: 16
Guru Level Test failing using HE's DNS?
« on: June 04, 2010, 06:08:43 PM »

My domains NS records currently point to ns[1-5].he.net, yet I can't seem to pass the Guru level test with the error "Couldn't get AAAA for NS".

Using HE's anycast DNS server, I see the following for my domain:

$ dig ip6.jameshamilton.us NS @2001:470:20::2

; <<>> DiG 9.6.2-P2-RedHat-9.6.2-4.P2.fc12 <<>> ip6.jameshamilton.us NS @2001:470:20::2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6427
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 9

;; QUESTION SECTION:
;ip6.jameshamilton.us.          IN      NS

;; ANSWER SECTION:
ip6.jameshamilton.us.   210771  IN      NS      ns4.he.net.
ip6.jameshamilton.us.   210771  IN      NS      ns2.he.net.
ip6.jameshamilton.us.   210771  IN      NS      ns5.he.net.
ip6.jameshamilton.us.   210771  IN      NS      ns1.he.net.
ip6.jameshamilton.us.   210771  IN      NS      ns3.he.net.

;; ADDITIONAL SECTION:
ns4.he.net.             40906   IN      A       216.66.1.2
ns5.he.net.             40906   IN      A       216.66.80.18
ns3.he.net.             40906   IN      A       216.218.132.2
ns3.he.net.             40906   IN      AAAA    2001:470:300::2
ns4.he.net.             40906   IN      AAAA    2001:470:400::2
ns2.he.net.             40906   IN      A       216.218.131.2
ns1.he.net.             40906   IN      A       216.218.130.2
ns5.he.net.             40906   IN      AAAA    2001:470:500::2
ns2.he.net.             40906   IN      AAAA    2001:470:200::2

;; Query time: 34 msec
;; SERVER: 2001:470:20::2#53(2001:470:20::2)
;; WHEN: Fri Jun  4 20:57:18 2010
;; MSG SIZE  rcvd: 326


Am I getting fouled up because ns1.he.net doesn't have a AAAA record, or is there something cached incorrectly that I can't see?

Thanks for any help!
Logged

It makes perfect sense that every household should have its own /48 once IPv6 is more widely used.  After all, it's not like we'll run out of IP addresses... again.

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1736
Re: Guru Level Test failing using HE's DNS?
« Reply #1 on: June 04, 2010, 06:39:40 PM »

Either negative caching, or the ip6 is trimmed off

Code: [Select]
~$ dig jameshamilton.us NS

; <<>> DiG 9.4.2-P2.1 <<>> jameshamilton.us NS
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50015
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4

;; QUESTION SECTION:
;jameshamilton.us.              IN      NS

;; ANSWER SECTION:
jameshamilton.us.       7190    IN      NS      ns1.mydomain.com.
jameshamilton.us.       7190    IN      NS      ns3.mydomain.com.
jameshamilton.us.       7190    IN      NS      ns2.mydomain.com.
jameshamilton.us.       7190    IN      NS      ns4.mydomain.com.

;; ADDITIONAL SECTION:
ns4.mydomain.com.       1790    IN      A       63.251.83.74
ns1.mydomain.com.       1790    IN      A       64.94.117.193
ns2.mydomain.com.       1790    IN      A       64.94.31.67
ns3.mydomain.com.       1790    IN      A       66.150.161.137

Logged

cessnaflyer

  • Newbie
  • *
  • Posts: 16
Re: Guru Level Test failing using HE's DNS?
« Reply #2 on: June 05, 2010, 07:19:53 AM »

Ok, I think I know part of the reason I had been failing: the test was running against what I put in for my webserver, www.ip6.jameshamilton.us:8086.  If I trim off the www and the port number, I can get the first part (AAAA records for the NS) to report Success.  However, the second part, NS reachable via IPv6, still fails.  (Screenshot attached for maximum clarity.)
Logged

It makes perfect sense that every household should have its own /48 once IPv6 is more widely used.  After all, it's not like we'll run out of IP addresses... again.

cessnaflyer

  • Newbie
  • *
  • Posts: 16
Re: Guru Level Test failing using HE's DNS?
« Reply #3 on: June 05, 2010, 08:02:27 PM »

I gave up on my cheap, IPv6-unfriendly registrar and registered a new domain with a cheaper-yet-friendlier registrar that allowed me to register the glue records I needed for the Sage test.  (I would have failed that anyway, even if this problem had been solved.)
Logged

It makes perfect sense that every household should have its own /48 once IPv6 is more widely used.  After all, it's not like we'll run out of IP addresses... again.