Recent Posts

A packet dump of the traffic between your DNS server and the authoritative servers would make it much easier to figure out, what is going on.

RDNS queries timeout, unless the NS name is cached.   Then they timeout again after "rndc flush" or TTL expires.  What is going on?  Bind version for client and server is 9.8.2.

[root@cms0 ~]# dig -x 2001:470:8:488::82

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> -x 2001:470:8:488::82
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@cms0 ~]# host ns1.bmsi.com
ns1.bmsi.com has address 68.106.146.44
ns1.bmsi.com has IPv6 address 2001:470:8:488::81
[root@cms0 ~]# dig -x 2001:470:8:488::82

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> -x 2001:470:8:488::82
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38302
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; QUESTION SECTION:
;2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.8.4.0.8.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa. IN PTR

;; ANSWER SECTION:
2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.8.4.0.8.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa. 14400IN PTR spidey2.bmsi.com.

;; AUTHORITY SECTION:
8.8.4.0.8.0.0.0.0.7.4.0.1.0.0.2.ip6.arpa. 4857 IN NS ns1.bmsi.com.

;; ADDITIONAL SECTION:
ns1.bmsi.com.      3596   IN   A   68.106.146.44
ns1.bmsi.com.      3596   IN   AAAA   2001:470:8:488::81

;; Query time: 1484 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri May 17 10:10:48 2013
;; MSG SIZE  rcvd: 182

[root@cms0 ~]# rndc flush
[root@cms0 ~]# dig -x 2001:470:8:488::82

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> -x 2001:470:8:488::82
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@cms0 ~]#

Hello,

I try to add a subdomain for use with dynamic DNS. I delegated a subdomain to HE DNS server, but I cannot add it.

Code:

kroerig@hosting01:~$ dig NS dynamic.roerig-it.com

; <<>> DiG 9.8.1-P1 <<>> NS dynamic.roerig-it.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43974
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;dynamic.roerig-it.com.         IN      NS

;; ANSWER SECTION:
dynamic.roerig-it.com.  86400   IN      NS      ns5.he.net.
dynamic.roerig-it.com.  86400   IN      NS      ns4.he.net.
dynamic.roerig-it.com.  86400   IN      NS      ns2.he.net.
dynamic.roerig-it.com.  86400   IN      NS      ns3.he.net.
dynamic.roerig-it.com.  86400   IN      NS      ns1.he.net.

;; Query time: 129 msec
;; SERVER: 213.133.99.99#53(213.133.99.99)
;; WHEN: Fri May 17 12:12:51 2013
;; MSG SIZE  rcvd: 117

Error message:

Zone failed validation test. ERROR: Delegation was not found. Please delegate to ns1, ns2, ns3, ns4 and ns5.he.net then retry. (roerig-it.com / dynamic.roerig-it.com).

Bug or works as designed?

Klaus

When using tcpdump it is almost always desirable to have dumps from both ends of the connection.

Additionally, I think it would be useful to try (re)starting radvd manually on B and see if it sends a router advertisement at startup.

Thanks kasperd.

I have tried using radvdump and I think there were some issues with my previous config, radvd will not start if there is another instance already running, so I have modified the following configs:

1. radvd.conf

Code:

interface ppp0
{
   AdvSendAdvert on;
   MaxRtrAdvInterval 30;
   MaxRtrAdvInterval 100;
   IgnoreIfMissing on;
   #UnicastOnly on;

   prefix 2001:123:f123:abc0::/64
   {
        AdvOnLink on;
        AdvAutonomous on;
        AdvRouterAddr off;
   };

   RDNSS 2001:4860:4860::8888 {};
};

interface ppp1
{
   AdvSendAdvert on;
   MaxRtrAdvInterval 30;
   MaxRtrAdvInterval 100;
   IgnoreIfMissing on;
   #UnicastOnly on;

   prefix 2001:123:f123:abc1::/64
   {
        AdvOnLink on;
        AdvAutonomous on;
        AdvRouterAddr off;
   };

   RDNSS 2001:4860:4860::8888 {};
};

interface ppp2
{
   AdvSendAdvert on;
   MaxRtrAdvInterval 30;
   MaxRtrAdvInterval 100;
   IgnoreIfMissing on;
   #UnicastOnly on;

   prefix 2001:123:f123:abc2::/64
   {
        AdvOnLink on;
        AdvAutonomous on;
        AdvRouterAddr off;
   };

   RDNSS 2001:4860:4860::8888 {};
};

interface ppp3
{
   AdvSendAdvert on;
   MaxRtrAdvInterval 30;
   MaxRtrAdvInterval 100;
   IgnoreIfMissing on;
   #UnicastOnly on;

   prefix 2001:123:f123:abc3::/64
   {
        AdvOnLink on;
        AdvAutonomous on;
        AdvRouterAddr off;
   };

   RDNSS 2001:4860:4860::8888 {};
};

interface ppp4
{
   AdvSendAdvert on;
   MaxRtrAdvInterval 30;
   MaxRtrAdvInterval 100;
   IgnoreIfMissing on;
   #UnicastOnly on;

   prefix 2001:123:f123:abc4::/64
   {
        AdvOnLink on;
        AdvAutonomous on;
        AdvRouterAddr off;
   };

   RDNSS 2001:4860:4860::8888 {};
};

interface ppp5
{
   AdvSendAdvert on;
   MaxRtrAdvInterval 30;
   MaxRtrAdvInterval 100;
   IgnoreIfMissing on;
   #UnicastOnly on;

   prefix 2001:123:f123:abc5::/64
   {
        AdvOnLink on;
        AdvAutonomous on;
        AdvRouterAddr off;
   };

   RDNSS 2001:4860:4860::8888 {};
};

interface ppp6
{
   AdvSendAdvert on;
   MaxRtrAdvInterval 30;
   MaxRtrAdvInterval 100;
   IgnoreIfMissing on;
   #UnicastOnly on;

   prefix 2001:123:f123:abc6::/64
   {
        AdvOnLink on;
        AdvAutonomous on;
        AdvRouterAddr off;
   };

   RDNSS 2001:4860:4860::8888 {};
};

interface ppp7
{
   AdvSendAdvert on;
   MaxRtrAdvInterval 30;
   MaxRtrAdvInterval 100;
   IgnoreIfMissing on;
   #UnicastOnly on;

   prefix 2001:123:f123:abc7::/64
   {
        AdvOnLink on;
        AdvAutonomous on;
        AdvRouterAddr off;
   };

   RDNSS 2001:4860:4860::8888 {};
};

interface ppp8
{
   AdvSendAdvert on;
   MaxRtrAdvInterval 30;
   MaxRtrAdvInterval 100;
   IgnoreIfMissing on;
   #UnicastOnly on;

   prefix 2001:123:f123:abc8::/64
   {
        AdvOnLink on;
        AdvAutonomous on;
        AdvRouterAddr off;
   };

   RDNSS 2001:4860:4860::8888 {};
};

interface ppp9
{
   AdvSendAdvert on;
   MaxRtrAdvInterval 30;
   MaxRtrAdvInterval 100;
   IgnoreIfMissing on;
   #UnicastOnly on;

   prefix 2001:123:f123:abc9::/64
   {
        AdvOnLink on;
        AdvAutonomous on;
        AdvRouterAddr off;
   };

   RDNSS 2001:4860:4860::8888 {};
};

2. /etc/ppp/ipv6-up.local

Code:

#!/bin/bash
#
# This script is called with the following parameters:
# interface tty speed local-address remote-address ipparam
#
DEVICE="$1"

CFGFILE="/etc/radvd.conf-$DEVICE"
PIDFILE="/var/run/radvd-$DEVICE.pid"
EXEFILE="/usr/sbin/radvd"

HE_NET='2001:470:f30c:abc'
PREFIX=64
GWADDR=1

if [[ "$DEVICE" = ppp[0-9] ]]
then
    eval IPV6=$HE_NET${DEVICE/ppp/}
fi
#echo 1 > /proc/sys/net/ipv6/conf/$DEVICE/autoconf
/sbin/ifconfig $DEVICE add $IPV6::$GWADDR/$PREFIX mtu 1500
/sbin/route -6 add $IPV6::/$PREFIX dev $DEVICE
/etc/init.d/radvd reload

3. /etc/ppp/ipv6-down.local

Code:

#!/bin/sh
#
# This script is called with the following parameters:
# interface tty speed local-address remote-address ipparam
#


# Kill the router advertisement daemon on this interface.
# The killing procedure is copied from RedHat 6.0 initscripts.

DEVICE="$1"

echo 0 > /proc/sys/net/ipv6/conf/$DEVICE/autoconf
/etc/init.d/radvd reload

Now, when I use Windows 8 to connect to the VPN, I can obtain IPv6 address automatically (please refer to my first post that I have just updated).

However, Mac, iPhone and iPad are all still having the exact same issue as before. For mac, I still have to create the route manually, for iPhone and iPad, I still cannot get IPv6.

Looks like we are running out of luck?

The tunnel server need to know the IPv4 address of your router. Having moved to another ISP, that address must have changed. If your router isn't configured to update this on tunnelbroker.net automatically, you will need to do it manually through the website. It is possible that your tunnel was deleted, because it was inactive for too long. Once you log in on that page, you will find out if your tunnel is still there.

I've checked and my tunnel is still active. Also, I have DDNS set up to automatically update HE with my new IP address once a day.  Upon checking it, the IP that HE has does match my current public facing IPv4 address.  I was going to post a picture of my DDNS settings screen as well but, since it says 'update successful' and HE has the correct IPv4 address for my router I thought that it would be a bit superfluous.  Thanks for the suggestion though.

The tunnel server need to know the IPv4 address of your router. Having moved to another ISP, that address must have changed. If your router isn't configured to update this on tunnelbroker.net automatically, you will need to do it manually through the website. It is possible that your tunnel was deleted, because it was inactive for too long. Once you log in on that page, you will find out if your tunnel is still there.

I have a tunnel from HE and it worked just fine for me for quite some time however, I didn't have home internet service for a few months after I moved and after I got hooked up with my new ISP, my tunnel isn't working at all.  I'm a bit rusty on this setup since I only did it once and I'd like to make sure that I'm doing it right even though I never removed the ipv6 tunnel settings from my router while it was disconnected from the internet.

The attached image is my Basic->IPv6 router settings.

At this point I'm quite confused since these settings used to work just fine but they aren't working now.  So, thank you for any assistance you can provide.

EDIT: I thought that I should add a bit more detail on exactly what I'm experiencing.  I can use IPv6 to ping my router however, I cannot ping any IPv6 addresses beyond my router including the IPv6 address of the HE end of my tunnel.  Also, using telnet since the GUI doesn't like IPv6 addresses, I've tried pinging various IPv6 addresses (including my tunnels server end and ipv6.google.com) from the router itself and also got nothing.

But there is no option to generate generic names e.g. [reverse-IP].dynamic.[my domain] for the entire subnet.

It wasn't clear from your posting, that you wanted generic names generated for the entire prefix. That isn't a standard feature of DNS. But it is something, which could easily be added to a DNS server implementation. If you can't find it on the HE DNS service, it could very well mean it isn't there.

But you can delegate reverse DNS to a different DNS provider with support for it. If you want to use HE for reverse DNS for a few selected names, and you want to delegate everything else to a provider, which generate PTR records dynamically, then that can be done as well. But it does requires a lot of NS records.

Yes, I did.

But there is no option to generate generic names e.g. [reverse-IP].dynamic.[my domain] for the entire subnet.

Klaus

When using tcpdump it is almost always desirable to have dumps from both ends of the connection.

Additionally, I think it would be useful to try (re)starting radvd manually on B and see if it sends a router advertisement at startup.