On Mon, Apr 28, 2014 at 9:55 AM, Jim Gettys wrote: > ​​Comcast recently lit up IPv6 native dual stack in the Boston area. > > The http://test-ipv6.com/ web site complains about DNS problems unless > dnssec is disabled; if it is, I get various timeouts. > > > Test with IPv4 DNS record > ok (4.196s) > Test with IPv6 DNS record > ok (0.115s) using ipv6 > Test with Dual Stack DNS record > timeout (11.882s) > I don't know what this test does. try a local query over ipv6? Test for Dual Stack DNS and large packet > timeout (11.817s) > Test IPv4 without DNS > ok (0.214s) using ipv4 > Test IPv6 without DNS > ok (0.204s) using ipv6 > Test IPv6 large packet > ok (0.120s) using ipv6 > Test if your ISP's DNS server uses IPv6 > slow (8.752s) > Find IPv4 Service Provider > timeout (11.968s) > Find IPv6 Service Provider > ok (0.126s) using ipv6 ASN 7922 > Test for buggy DNS > undefined (5.003s) > > DNS server addresses look reasonable for Comcast. > DNS 1: 75.75.75.75 > DNS 2: 75.75.76.76 > To try to isolate things a little bit, you can turn off fetching ipv4 dns servers with option peerdns '0' in the wan (ge00) stanza of /etc/config/network and let the wan6 stanza fetch them. A packet capture of it working vs not working would be good. tcpdump -i ge00 -w cap1.cap port 53 Also capture on the local interface. DNS 1: 2001:558:feed::1 > DNS 2: 2001:558:feed::2 > > Today, the problem seems consistent with turning dnssec on and off on the > router. If enabled, I have problems; if disabled, I get a clean bill of > health out of test-ipv6.com. > - Jim > > > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > > -- Dave Täht NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article