As noted: no IP is set in stone.  Even one of the root nameservers is renumbering in the next few weeks.  That said, the nameserver IPs haven't changed in some time.  Odds of them changing any time soon, pretty low.

That's what I was looking for, thanks Kcochran. 

No plans to change them anytime soon.  As I mentioned, I know unforeseen things can come up later down the road obviously. 

I'm betting if I setup say ns1 through ns3's IP's to ns1.mydomain.ext and ns4 & ns5 IP's as my ns2.mydomain.ext that even if something changes one or two of them down the road I'll have time to update them before I'm without any DNS.

I'd likely use at least 2 of my servers in the mix as well.  I just hate to solely rely on VM's to handle DNS, if the ESXi servers crash or lag that could mean total DNS failure.

I've got several people on Google Apps for email for example, so I have outside services tied to my DNS.  Not in an environment where I can spread out to more of a cloud based setup for redundancy right now.  So it's just a small hand full of stand alone ESXi servers with local storage.  Using the HE DNS for backup would be a nice bonus, was looking in to signing up for either Cloudns or Dnsmadeeasy or something until I found you guys had a setup running.

I'm assuming it will go premium at some point, but at least I know I can trust HE to keep services running. 

Hey Snarked, thanks for the reply.

Yeah, I understand the process but good info post for anyone who does not.

My question was more to the "Are the current IP's set in stone".  I understand the HE free dns is considered beta and I was curious if anyone knows if the current IP's are considered temp or perm.  Obviously things can change down the road for unforeseen reasons, I was wondering if HE plans on keeping them the same or knows that they will most likely change down the road.

More of a "Does HE support vanity DNS setups", not so much an "Is it possible" which is the way I wrote it up.  Sorry about that.

And really by support it, I mean "If the IP's change will we get some advanced notice so we can update glue records?"

The main software I use for web hosting in VM's is a CentOS based system called BlueOnyx, it's a fork from the old Sun Microsystems RAQ OS BlueQuartz.  Due to limitations in the system it doesn't directly support IPv6 through it's interface.  While I don't use the IPv6 much it would be nice to have an easier setup than manually changing BIND files and possibly having BlueOnyx over-write the changes down the road.

I'm assuming setting up vanity names is allowed?

Can I tell my registrar that the IP's map to say;

216.218.130.2 -> ns1.mydomain.ext
216.218.131.2 -> ns2.mydomain.ext
216.218.132.2 -> ns3.mydomain.ext
216.66.1.2 -> ns4.mydomain.ext
216.66.80.18 -> ns5.mydomain.ext

Yes, I know a reverse lookup shows the owner but it's nice to have your domain name listed as the nameservers on all your domains.

In the process of changing things around and trying to decide on setting up 3 new servers or just outsourcing to HE for DNS hosting for a dozen or so domains.  Just wanted to make sure those IP's are not going to change any time soon or anything.

I've seen several people with similar problems, I'm wondering if maybe it's due to being behind certain NAT routers.

It might be that after a period of inactivity your router is closing the connection.

There's an article in the SixXS FAQ that mentions this..

http://www.sixxs.net/faq/connectivity/?faq=conntracking

What kind of router do you have?

I cannot speak from experience, but everything I have read seems to point to Server 2008 being the ONLY version that supports IPv6 fully.

IPv6 DNS may work on versions other than 2008, I haven't tried.  But I doubt it would work 100%.  I only have a 2003 server setup for testing at the moment.

Glad you got it working Bram!

Sometimes it's down to just one little detail like that. 

Aside from changing the IPs shown, here is the exact commands I used on Windows 7 x64 RC..

netsh interface ipv6 add v6v4tunnel IP6Tunnel 192.168.2.100 216.66.22.2
netsh interface ipv6 add address IP6Tunnel 2001:470:x:xxx::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:x:xxx::1

Remember if you are behind an NAT router to use you private IP and not your public one, like shown above.

I'm using an old Secure Computing SG570 with firmware Version 3.1.4u5 and it allows tunnels with zero configuration.

It has built in IPv6 support that can be enabled if your ISP supports IPv6, Comcast does not at this time so I cannot test that side of things.  I turned the IPv6 support off because of this.

I did ssh into the router and setup my HE tunnel through the CLI at one point, but it doesn't save the changes upon reboot so I opted not to use this method.  I setup a VMware CentOS to handle IPv6 and DNS locally, it also worked fine when I used a Windows 7 machine to connect directly to the tunnel as well.

I don't see an MX for lemon.ivy.net (I'm assuming you are wanting to use someone@lemon.ivy.net for the test).

The MX for ivy.net doesn't have an AAAA record, but I'm assuming that's why you were using lemon.ivy.net instead.

Code:

[root@jet ~]# dig lemon.ivy.net MX

; <<>> DiG 9.3.4-P1 <<>> lemon.ivy.net MX
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22225
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;lemon.ivy.net.                 IN      MX

;; AUTHORITY SECTION:
ivy.net.                900     IN      SOA     castrovalva.ivy.net. carton.ivy.net. 269 2400 960 3456000 900

;; Query time: 168 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Aug 15 21:39:18 2009
;; MSG SIZE  rcvd: 86

[root@jet ~]# dig ivy.net MX

; <<>> DiG 9.3.4-P1 <<>> ivy.net MX
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25393
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;ivy.net.                       IN      MX

;; ANSWER SECTION:
ivy.net.                72000   IN      MX      10 sakima.ivy.net.

;; AUTHORITY SECTION:
ivy.net.                72000   IN      NS      ns.aculei.net.
ivy.net.                72000   IN      NS      ns-castrovalva.ivy.net.

;; ADDITIONAL SECTION:
sakima.ivy.net.         72000   IN      A       69.31.131.60

;; Query time: 130 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Aug 15 21:39:45 2009
;; MSG SIZE  rcvd: 117

[root@jet ~]# dig sakima.ivy.net AAAA

; <<>> DiG 9.3.4-P1 <<>> sakima.ivy.net AAAA
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2556
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;sakima.ivy.net.                        IN      AAAA

;; AUTHORITY SECTION:
ivy.net.                900     IN      SOA     castrovalva.ivy.net. carton.ivy.net. 269 2400 960 3456000 900

;; Query time: 78 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Aug 15 21:39:51 2009
;; MSG SIZE  rcvd: 87

Make sure your apache httpd.conf file includes;

Listen [::]:80

(Apache needs IPv6 addresses enclosed in brackets)

Or if you want it just for a single IP

Listen [2001:470:1f09:2fc::a]:80

If that does not get it working, ensure any firewall on that machine is not blocking it.

Try shutting down iptables or whatever you use, if it works when it's shut down you know it's a firewall issue.

Your requirements are false, your use of terms like "end point" only serves to create useless, redundant, and confusing jargon, and I ALREADY KNOW EVERYTHING ABOUT IPv6! I'm flat out calling your methods frustratingly retarded. I'm not angry because I don't understand. I'm angry because you are calling your stupid tutorial quiz a "certification test". While it might be great for noobs, you site design is so bad, so thoroughly counterintuitive, that it just pisses me off. Taking you at your word, following the requirements, will not suffice to complete the exam. Go back and read the "All you need" part and contrast that with the actual records you are trying to retrieve. Ah ha! Maybe you should point out either exactly what you seek, or fix the tragic clusterf**k that is your site design and requirement information. I know you won't because this is just a giant social engineering experiment to scrape a bunch of info from the witless masses. You get that when they sign up. You don't need them to complete it. That would only cost you money. You have a financial interest in keeping it as f**king lame as it is now.

Wow, you need to try and relax some...

The "Certification" is an unofficial process where people can basically prove to themselves they understand and can work with IPv6 technology.  To complete the tests you need to be able to complete a number of tasks, one of them is the test you seem to be so upset about.  The test is not there to make you mad, it's there to help you understand more about IPv6.  If your registrar doesn't support IPv6 glue contact them and ask them to add support.  Do some research on IPv6 glue and see who does and does not support it.

Like any type of training or certification HE seeks to help people understand IPv6 from top to bottom and encourage the growth of the system.  You say you fully understand IPv6, that's great.  Not everyone does when they first get here and they can learn a lot from the system.  The certification isn't going to get you an extra 10k a year at your job or anything, so why stress it?

Is this site the most interesting looking one I have ever seen?  No, not even close.  But it is very functional and fast.  It gets the job done, I'm glad they didn't spend all the time and effort on making it pretty and worked on it's functionality instead.  I have yet to find another Tunnel Broker in the US that allows you to create an account and setup a tunnel in under 5 minutes.  But not all services are for all people, nobody is forcing you to use HE, if you do not like them then do not use them.

HE has the ability to get a lot of useful data from their IPv6 tunnel system.  Take for example the daily tests where people send in traceroutes, pings and other information.  It bumps your cert numbers but more importantly for them it helps them log valuable data about their network.  What other providers do and do not have IPv6 support, how well does HE's peering allow access to networks around the world, what kind of speeds do you get around the world, etc. It's a win win system, I as the user of HE's tunnel service learn how to work with IPv6 and they improve their network at the same time.

How much money do you think HE spends on these free services they provide us?  Don't you think they are due something in return?  I salute HE and any Tunnel Broker for helping the Internet community test and grow the IPv6 system.  It's enthusiast that made the Internet what it is today, and that very same type of person is what is needed to drive IPv6 expansion.

The bottom line is HE is doing this on their dime, they are spending resources on something to try and help people understand and expand IPv6.  If the hand out isn't up to your standards, go look for someone else to spend their money to give you something for free the way you want to receive it.  When you spend your money for a service like this then you can complain about it.  Until that day comes either accept the free service or move on, there is no need to bash HE or any other service provider because your registrar isn't up to par.

You could try Paamayim Nekudotayim but I'll stick with "colon colon", my Hebrew sucks..

http://php.mirrors.ilisys.com.au/manual/en/language.oop5.paamayim-nekudotayim.php

I'm not a SUSE person, I'm a CentOS person but it took only a few minutes to setup the tunnel on a CentOS 5 box.

On the tunnel page, at the bottom pick your OS (Linux in this case) and it shows an example of how to setup the tunnel.

Confirm your tunnel works (ping an IPv6 site like tunnelbroker.net), if it works install RADVD

Here's my config file..

/etc/radvd.conf

Code:

# NOTE: there is no such thing as a working "by-default" configuration file.
#       At least the prefix needs to be specified.  Please consult the radvd.conf(5)
#       man page and/or /usr/share/doc/radvd-*/radvd.conf.example for help.
#
#
interface eth0
{
        AdvSendAdvert on;
        MinRtrAdvInterval 30;
        MaxRtrAdvInterval 100;
        prefix 2001:????:????:????::/64
        {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
        };

};

Replace the 2001:?:?:?::/64 with your tunnel IP.

Yeah, as a client it's worked well for me.  Most of my client access has been on 7, which as a desktop OS I must say I really like.

I don't see MS putting any real work into IPv6 on anything less than 7/2008 either.  Where's the profit in updating an old system when you can sell a new version..

I'm usually a Linux person for servers as well, but some of my clients have to use Windows for one reason or another.  Several of them use Quickbooks, which barely works on it's native OS of Windows, there's no chance I'd ever attempt to make that piece of crap work under Wine.. lol..

Hrm.  From what I have seen, Windows has pretty good IPv6 support as a client at least.  I haven't tried to use it as a router/firewall or anything like that though.  I probably wouldn't try that anyway even for IPv4.    I know a bunch of people are using Window for 6in4.  :shrug:

Windows also has Teredo built in, which makes it pretty easy for just about anyone to get IPv6.  Sure, it's inefficient, but generally all you need to do is turn it on and voila, you have v6.

Windows still lacks in several major areas.

Like the fact in XP and 2003 even you can't modify the IPv6 settings through the GUI, it's all command line crap.  On top of that many versions of Windows don't allow pure IPv6 as far as I remember, you could for example setup a test machine on an IPv6 network and disable the IPv4 stack in XP and you wouldn't be able to do much of anything. It still relies on IPv4 for DNS. At least that was my results with XP SP3 and 2003 both.

Remote Desktop and similar things, like many functions of IIS are not IPv6 aware as well.  Microsoft has a LONG way to go for IPv6 to be fully functional IMO.  Windows 7 isn't bad so far, and from what I understand 2008 works fairly well with it.  If you consider the age of IPv6 and how long it's been in development I would say MS really waited as long as they could to start supporting it.

Again, I understand many of the reasons WHY they waited, I'm just saying they are very far behind NIX systems in their support.  I'm a Windows desktop person, not some MS hater so I'm not trying to just rant about them or anything.  Only pointing out I wish they would have put more work into IPv6 earlier.  I don't believe until Windows 7 and 2008 Server are standard will Windows really be viable for IPv6 in most environments.