I see A and AAAA requests for for "ds.test-ipv6.com" that fail.


On Mon, Apr 28, 2014 at 11:37 AM, Dave Taht <dave.taht@gmail.com> wrote:
I have put a link up to two of jim's captures going to test-ipv6 via cero, one with dnssec enabled, captured at the local laptop

http://snapon.lab.bufferbloat.net/~cero2/baddns/

definately a lot of missing responses when captured at this end. the local laptop is using a local dnsmasq forwarder.

It is falling back to trying a recursive lookup on the default domain ( ipv6.test-ipv6.com.home.lan ) - which it does do a nxdomain for immediately...



On Mon, Apr 28, 2014 at 10:03 AM, Dave Taht <dave.taht@gmail.com> wrote:



On Mon, Apr 28, 2014 at 9:55 AM, Jim Gettys <jg@freedesktop.org> wrote:
​​Comcast recently lit up IPv6 native dual stack in the Boston area.

The http://test-ipv6.com/ web site complains about DNS problems unless dnssec is disabled; if it is, I get various timeouts.

 
Test with IPv4 DNS record 
ok (4.196s)
Test with IPv6 DNS record 
ok (0.115s) using ipv6
Test with Dual Stack DNS record 
timeout (11.882s)

I  don't  know what this test does. try a local query over ipv6?

Test for Dual Stack DNS and large packet 
timeout (11.817s)
Test IPv4 without DNS 
ok (0.214s) using ipv4
Test IPv6 without DNS 
ok (0.204s) using ipv6
Test IPv6 large packet 
ok (0.120s) using ipv6
Test if your ISP's DNS server uses IPv6  
slow (8.752s)
Find IPv4 Service Provider 
timeout (11.968s)
Find IPv6 Service Provider 
ok (0.126s) using ipv6 ASN 7922
Test for buggy DNS 
undefined (5.003s)

DNS server addresses look reasonable for Comcast.
DNS 1: 75.75.75.75
DNS 2: 75.75.76.76

To try to isolate  things a little  bit, you can turn off fetching ipv4 dns servers
with

option peerdns  '0'

in the wan (ge00) stanza  of /etc/config/network

and let the wan6 stanza fetch them.

A packet capture of it working vs not working would be good.

tcpdump  -i ge00 -w cap1.cap port 53
 
Also  capture on the local interface.

DNS 1: 2001:558:feed::1
DNS 2: 2001:558:feed::2

Today, the problem seems consistent with turning dnssec on and off on the router.  If enabled, I have problems; if disabled, I get a clean bill of health out of test-ipv6.com.
                                             - Jim


_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel




--
Dave Täht

NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article



--
Dave Täht

NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article



--
Dave Täht

NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article