<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Apr 28, 2014 at 9:55 AM, Jim Gettys <span dir="ltr"><<a href="mailto:jg@freedesktop.org" target="_blank">jg@freedesktop.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div style="font-size:small">Comcast recently lit up IPv6 native dual stack in the Boston area.</div><div style="font-size:small">
<br></div><div style="font-size:small">
The <a href="http://test-ipv6.com/" target="_blank">http://test-ipv6.com/</a> web site complains about DNS problems unless dnssec is disabled; if it is, I get various timeouts.</div><div><br> </div></div></blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div style="font-size:small">
</div><div style="font-size:small"><table summary="tests run, and pass/fail" style="font-size:medium;font-family:sans-serif" border="0" cellpadding="3"><tbody><tr><td style="vertical-align:top" nowrap>
Test with IPv4 DNS record</td><td style="vertical-align:top" nowrap> </td><td style="vertical-align:top" nowrap><div style="width:265px;margin-left:auto;margin-right:auto;border:0px solid rgb(0,0,0)"><span style="font-weight:bold;color:green">ok</span> (4.196s)</div>
</td></tr><tr><td style="vertical-align:top" nowrap>Test with IPv6 DNS record</td><td style="vertical-align:top" nowrap> </td><td style="vertical-align:top" nowrap><div style="width:265px;margin-left:auto;margin-right:auto;border:0px solid rgb(0,0,0)">
<span style="font-weight:bold;color:green">ok</span> (0.115s) using ipv6</div></td></tr><tr><td style="vertical-align:top" nowrap>Test with Dual Stack DNS record</td><td style="vertical-align:top" nowrap> </td><td style="vertical-align:top" nowrap>
<div style="width:265px;margin-left:auto;margin-right:auto;border:0px solid rgb(0,0,0)"><span style="font-weight:bold;color:red">timeout</span> (11.882s)</div></td></tr></tbody></table></div></div></blockquote><div><br></div>
<div>I don't know what this test does. try a local query over ipv6?<br><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div style="font-size:small">
<table summary="tests run, and pass/fail" style="font-size:medium;font-family:sans-serif" border="0" cellpadding="3"><tbody><tr><td style="vertical-align:top" nowrap>
Test for Dual Stack DNS and large packet</td><td style="vertical-align:top" nowrap> </td><td style="vertical-align:top" nowrap><div style="width:265px;margin-left:auto;margin-right:auto;border:0px solid rgb(0,0,0)">
<span style="font-weight:bold;color:red">timeout</span> (11.817s)</div></td></tr><tr><td style="vertical-align:top" nowrap>Test IPv4 without DNS</td><td style="vertical-align:top" nowrap> </td><td style="vertical-align:top" nowrap>
<div style="width:265px;margin-left:auto;margin-right:auto;border:0px solid rgb(0,0,0)"><span style="font-weight:bold;color:green">ok</span> (0.214s) using ipv4</div></td></tr><tr><td style="vertical-align:top" nowrap>
Test IPv6 without DNS</td><td style="vertical-align:top" nowrap> </td><td style="vertical-align:top" nowrap><div style="width:265px;margin-left:auto;margin-right:auto;border:0px solid rgb(0,0,0)"><span style="font-weight:bold;color:green">ok</span> (0.204s) using ipv6</div>
</td></tr><tr><td style="vertical-align:top" nowrap>Test IPv6 large packet</td><td style="vertical-align:top" nowrap> </td><td style="vertical-align:top" nowrap><div style="width:265px;margin-left:auto;margin-right:auto;border:0px solid rgb(0,0,0)">
<span style="font-weight:bold;color:green">ok</span> (0.120s) using ipv6</div></td></tr><tr><td style="vertical-align:top" nowrap>Test if your ISP's DNS server uses IPv6</td><td style="vertical-align:top" nowrap>
</td><td style="vertical-align:top" nowrap><div style="width:265px;margin-left:auto;margin-right:auto;border:0px solid rgb(0,0,0)"><span style="font-weight:bold;color:orange">slow</span> (8.752s)</div>
</td></tr><tr><td style="vertical-align:top" nowrap>Find IPv4 Service Provider</td><td style="vertical-align:top" nowrap> </td><td style="vertical-align:top" nowrap><div style="width:265px;margin-left:auto;margin-right:auto;border:0px solid rgb(0,0,0)">
<span style="font-weight:bold;color:red">timeout</span> (11.968s)</div></td></tr><tr><td style="vertical-align:top" nowrap>Find IPv6 Service Provider</td><td style="vertical-align:top" nowrap> </td><td style="vertical-align:top" nowrap>
<div style="width:265px;margin-left:auto;margin-right:auto;border:0px solid rgb(0,0,0)"><span style="font-weight:bold;color:green">ok</span> (0.126s) using ipv6 ASN 7922</div></td></tr><tr>
<td style="vertical-align:top" nowrap>Test for buggy DNS</td><td style="vertical-align:top" nowrap> </td><td style="vertical-align:top" nowrap><div style="width:265px;margin-left:auto;margin-right:auto;border:0px solid rgb(0,0,0)">
<span style="font-weight:bold;color:green">undefined</span> (5.003s)</div><div><br></div></td></tr></tbody></table></div><div style="font-size:small">DNS server addresses look reasonable for Comcast.</div>
<div><div>DNS 1: 75.75.75.75</div><div>DNS 2: 75.75.76.76</div></div></div></blockquote><div><br></div><div>To try to isolate things a little bit, you can turn off fetching ipv4 dns servers<br>with <br><br>option peerdns '0'<br>
<br></div><div>in the wan (ge00) stanza of /etc/config/network<br><br></div><div>and let the wan6 stanza fetch them.<br></div><div><br></div><div>A packet capture of it working vs not working would be good.<br><br></div>
<div>tcpdump -i ge00 -w cap1.cap port 53<br> <br></div><div>Also capture on the local interface.<br><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">
<div><div><div>DNS 1: 2001:558:feed::1</div><div>
DNS 2: 2001:558:feed::2</div><div><br></div></div></div><div style="font-size:small">Today, the problem seems consistent with turning dnssec on and off on the router. If enabled, I have problems; if disabled, I get a clean bill of health out of <a href="http://test-ipv6.com" target="_blank">test-ipv6.com</a>.</div>
<span class="HOEnZb"><font color="#888888">
<div style="font-size:small"> - Jim</div><div style="font-size:small"><br></div></font></span></div>
<br>_______________________________________________<br>
Cerowrt-devel mailing list<br>
<a href="mailto:Cerowrt-devel@lists.bufferbloat.net">Cerowrt-devel@lists.bufferbloat.net</a><br>
<a href="https://lists.bufferbloat.net/listinfo/cerowrt-devel" target="_blank">https://lists.bufferbloat.net/listinfo/cerowrt-devel</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Dave Täht<br><br>NSFW: <a href="https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article" target="_blank">https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article</a>
</div></div>