[net-dns-users] New Release candidates

Willem Toorop willem at nlnetlabs.nl
Fri Oct 24 12:11:38 UTC 2014


Sorry tlhackque,

We do not have firewall issues.  I have checked from several ring nodes
from the NLNOG ring, and they are all able to connect over IPv6 fine.
I've looked at some of the unreachables and they indeed do have IPv6 issues.

nlnetlabs at nlnetlabs01:~$ ring-http -6 'www.net-dns.org'
256 servers: OK
unreachable via: xlshosting01 cambrium01 tripleit01 inotel01 rezopole01
voxel01 lagis01 keenondots01 claranet02 backbone02 bluezonejordan01
nicchile01 rnp01 beanfield01 robtex01 rackfish01 trueinternet01 popsc01
iplan01 sapphire01 maxitel01 itps01
ssh connection failed: bdhub01 blacklotus01 citynetwork01 cloudnl01
cybercom01 ehsab02 enestdata01 mainloop01 riseup01
nlnetlabs at nlnetlabs01:~$

Maybe there is another issue (Path MTU black hole?).
Are you able to fetch a small file like
http://www.net-dns.org/download/Net-DNS-0.80_2.tar.gz.sha1 ?

Thanks for reporting though!

-- Willem


Op 24-10-14 om 12:46 schreef tlhackque:
> On 24-Oct-14 06:00, net-dns-users-request at nlnetlabs.nl wrote:
>> 1. Net::DNS::SEC 0.21 released (Willem Toorop)
>> 2. Release candidate for Net::DNS 0.81 (Willem Toorop)
>>
> First, a public thank you to Dick Franks for promptly working on the RTs
> that I raised, including through the weekend!  And thanks to anyone else
> who worked behind the scenes.
> 
> Second, in attempting to get the releases mentioned for some testing, I
> discovered that net-dns.org's IPv6 address doesn't seem to have the
> webserver on-line:
> 
>  wget http://www.net-dns.org/download/Net-DNS-0.80_2.tar.gz
> --2014-10-24 06:07:04-- 
> http://www.net-dns.org/download/Net-DNS-0.80_2.tar.gz
> Resolving www.net-dns.org (www.net-dns.org)... 2a04:b900::2:0:0:22,
> 185.49.140.22
> Connecting to www.net-dns.org (www.net-dns.org)|2a04:b900::2:0:0:22|:80...
> [Hang]
> 
> I have connectivity to the IPv6 address:
>  ping6 2a04:b900::2:0:0:22
> PING 2a04:b900::2:0:0:22(2a04:b900::2:0:0:22) 56 data bytes
> 64 bytes from 2a04:b900::2:0:0:22: icmp_seq=0 ttl=51 time=146 ms
> 64 bytes from 2a04:b900::2:0:0:22: icmp_seq=1 ttl=51 time=142 ms
> 
> --- 2a04:b900::2:0:0:22 ping statistics ---
> 2 packets transmitted, 2 received, 0% packet loss, time 1002ms
> rtt min/avg/max/mdev = 142.109/144.355/146.602/2.278 ms, pipe 2
> 
>  telnet 2a04:b900::2:0:0:22 80
> Trying 2a04:b900::2:0:0:22...
> [hang]
> 
>  host www.net-dns.org
> www.net-dns.org has address 185.49.140.22
> www.net-dns.org has IPv6 address 2a04:b900::2:0:0:22
> 
> So there's a firewall or webserver configuration issue.
> 
> I did access the files via IPv4, but you probably should fix IPv6...
> 
> There is also a rather unusual PTR record/CNAME chain for the IPv6 address:
>  dig -x 2a04:b900::2:0:0:22
> 
> ; <<>> DiG 9.9.1-P2 <<>> -x 2a04:b900::2:0:0:22
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33293
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;2.2.0.0.0.0.0.0.0.0.0.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.9.b.4.0.a.2.ip6.arpa.
> IN PTR
> 
> ;; ANSWER SECTION:
> 2.2.0.0.0.0.0.0.0.0.0.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.9.b.4.0.a.2.ip6.arpa. 2224
> IN CNAME 22.140.49.185.in-addr.arpa.
> 22.140.49.185.in-addr.arpa. 2225 IN     PTR     blogs.nlnetlabs.nl.
> 
> ;; AUTHORITY SECTION:
> 140.49.185.in-addr.arpa. 2225   IN      NS      mcvax.nlnetlabs.nl.
> 140.49.185.in-addr.arpa. 2225   IN      NS      ns.nlnetlabs.nl.
> 
> ;; ADDITIONAL SECTION:
> mcvax.nlnetlabs.nl.     5618    IN      A       192.16.197.229
> 
> ;; Query time: 8 msec
> 
>  I don't think it's illegal - but it is strange to have an IPv6 address
> PTR resolve to a different hostname... IPv6 addresses are cheap enough
> that it's recommended to allocate one per service.
> 
> -- 
> This communication may not represent my employer's views,
> if any, on the matters discussed.
> 
> 
> 
> _______________________________________________
> net-dns-users mailing list
> net-dns-users at nlnetlabs.nl
> https://www.nlnetlabs.nl/mailman/listinfo/net-dns-users
> 




More information about the net-dns-users mailing list