On Mon, Apr 28, 2014 at 9:55 AM, Jim Gettys <jg@freedesktop.org> wrote:

​​Comcast recently lit up IPv6 native dual stack in the Boston area.

The http://test-ipv6.com/ web site complains about DNS problems unless dnssec is disabled; if it is, I get various timeouts.

 

Test with IPv4 DNS record		ok (4.196s)
Test with IPv6 DNS record		ok (0.115s) using ipv6
Test with Dual Stack DNS record		timeout (11.882s)

I  don't  know what this test does. try a local query over ipv6?

Test for Dual Stack DNS and large packet		timeout (11.817s)
Test IPv4 without DNS		ok (0.214s) using ipv4
Test IPv6 without DNS		ok (0.204s) using ipv6
Test IPv6 large packet		ok (0.120s) using ipv6
Test if your ISP's DNS server uses IPv6		slow (8.752s)
Find IPv4 Service Provider		timeout (11.968s)
Find IPv6 Service Provider		ok (0.126s) using ipv6 ASN 7922
Test for buggy DNS		undefined (5.003s)

DNS server addresses look reasonable for Comcast.

DNS 1: 75.75.75.75

DNS 2: 75.75.76.76

To try to isolate  things a little  bit, you can turn off fetching ipv4 dns servers
with

option peerdns  '0'

in the wan (ge00) stanza  of /etc/config/network

and let the wan6 stanza fetch them.

A packet capture of it working vs not working would be good.

tcpdump  -i ge00 -w cap1.cap port 53
 

Also  capture on the local interface.

DNS 1: 2001:558:feed::1

DNS 2: 2001:558:feed::2

Today, the problem seems consistent with turning dnssec on and off on the router.  If enabled, I have problems; if disabled, I get a clean bill of health out of test-ipv6.com.

                                             - Jim

_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel

--
Dave Täht

NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article