On Mon, Apr 28, 2014 at 9:55 AM, Jim Gettys <jg@freedesktop.org> wrote:
Comcast recently lit up IPv6 native dual stack in the Boston area.The http://test-ipv6.com/ web site complains about DNS problems unless dnssec is disabled; if it is, I get various timeouts.
Test with IPv4 DNS record ok (4.196s)Test with IPv6 DNS record ok (0.115s) using ipv6Test with Dual Stack DNS record timeout (11.882s)I don't know what this test does. try a local query over ipv6?
Test for Dual Stack DNS and large packet timeout (11.817s)Test IPv4 without DNS ok (0.214s) using ipv4Test IPv6 without DNS ok (0.204s) using ipv6Test IPv6 large packet ok (0.120s) using ipv6Test if your ISP's DNS server uses IPv6 slow (8.752s)Find IPv4 Service Provider timeout (11.968s)Find IPv6 Service Provider ok (0.126s) using ipv6 ASN 7922Test for buggy DNS undefined (5.003s)DNS server addresses look reasonable for Comcast.DNS 1: 75.75.75.75DNS 2: 75.75.76.76To try to isolate things a little bit, you can turn off fetching ipv4 dns servers
with
option peerdns '0'
in the wan (ge00) stanza of /etc/config/networkand let the wan6 stanza fetch them.A packet capture of it working vs not working would be good.tcpdump -i ge00 -w cap1.cap port 53
Also capture on the local interface._______________________________________________DNS 1: 2001:558:feed::1DNS 2: 2001:558:feed::2Today, the problem seems consistent with turning dnssec on and off on the router. If enabled, I have problems; if disabled, I get a clean bill of health out of test-ipv6.com.- Jim
Cerowrt-devel mailing list
Cerowrt-devel@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel
--
Dave Täht
NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article