I have put a link up to two of jim's captures going to test-ipv6 via cero, one with dnssec enabled, captured at the local laptop
definately a lot of missing responses when captured at this end. the local laptop is using a local dnsmasq forwarder.
It is falling back to trying a recursive lookup on the default domain ( ipv6.test-ipv6.com.home.lan ) - which it does do a nxdomain for immediately...
On Mon, Apr 28, 2014 at 10:03 AM, Dave Taht <dave.taht@gmail.com> wrote:
On Mon, Apr 28, 2014 at 9:55 AM, Jim Gettys <jg@freedesktop.org> wrote:
Comcast recently lit up IPv6 native dual stack in the Boston area.The http://test-ipv6.com/ web site complains about DNS problems unless dnssec is disabled; if it is, I get various timeouts.
Test with IPv4 DNS record Test with IPv6 DNS record Test with Dual Stack DNS record
Test for Dual Stack DNS and large packet Test IPv4 without DNS Test IPv6 without DNS Test IPv6 large packet Test if your ISP's DNS server uses IPv6 Find IPv4 Service Provider Find IPv6 Service Provider Test for buggy DNS
with
option peerdns '0'
in the wan (ge00) stanza of /etc/config/networkand let the wan6 stanza fetch them.A packet capture of it working vs not working would be good.tcpdump -i ge00 -w cap1.cap port 53
Also capture on the local interface._______________________________________________DNS 1: 2001:558:feed::1DNS 2: 2001:558:feed::2Today, the problem seems consistent with turning dnssec on and off on the router. If enabled, I have problems; if disabled, I get a clean bill of health out of test-ipv6.com.- Jim
Cerowrt-devel mailing list
Cerowrt-devel@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel
--
Dave Täht
NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
--
Dave Täht
NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article