Connectivity to an IPv6-only site

Works here.. I'd expect anyone with ipv6 connectivity should have no issues.

The issues tend to be with dual stack sites where the ipv6 connectivity
is broken but the client has (for some reason) picked up a default
route... it takes several seconds for the v6 connect to fall back the
site appears 'slow' to some users.

I also setup an ipv6 only email address (tmh@goipv6.org.uk) primarily to
see if it got any spam :stuck_out_tongue: Nothing yet..

Tony

A very fine objective in my opinion. There are a few similar exercises underway -- the outputs from a similar set of IPv6 connectivity tests I've been doing is at http://www.potaroo.net/stats/1x1/

(yes, you can click on the graphs on that page to get larger images)

(and yes, visiting this URL will run the tests of V6 DNS, V6 dual stack preference and capability to retrieve a V6 only object on your browser client)

A discussion of the topic of IPv6 measurement work can be found at http://labs.ripe.net/node/ipv6-measurements

  Geoff

FYI - Comcast has dual stacked enabled recursive name servers, see the
following web site:

http://dns.comcast.net/dns-ip-addresses3.php

John

I periodically see issues with idiotic load balancers that don't respond to anything except A records for specific domains. This causes problems when requesting AAAA records and delays waiting for timeouts before going to A. newegg fixed theirs though, yipeee! :slight_smile:

Jack

Valdis.Kletnieks@vt.edu writes:

Ours are currently intentionally configured to not issue queries over IPv6,
because at one time, there were *so many* sites that listed unreachable quad-A
NS records. Our DNS guy is more than willing to revisit that config switch.

Anybody have some statistics on what the current situation is?

I just dredged a list of 570 one, two, and three-dot domains from a
mailing list (a bunch of recent messages on debian-user). Digging
them gave 919 unique nameserver domain names, and digging those gave
119 AAAA addresses. Of these, 106 responded to a DNS query (for the
nameserver's own AAAA address) in some fashion, and 13 didn't.

Of the 13, 5 were cogentco.com DNS servers and unreachable over my HE
tunnel thanks to ongoing peering disputes.

In all cases, the nameservers with AAAA addresses had A addresses as
well.

(I got similar results with a list of domains taken from recent NANOG
postings, but then decided to look at the debian-user results in case
NANOG was unrepresentative.)

Anyway, it looks like bad IPv6 nameserver addresses are the exception
rather than the rule. Whether to flip on IPv6 queries will sort of
depend on how your resolvers behave when they receive a typical "bad"
response with 2 broken IPv6 addresses and 2 working IPv4 addresses.

Valdis.Kletnieks@vt.edu writes:

Ours are currently intentionally configured to not issue queries over IPv6,
because at one time, there were *so many* sites that listed unreachable quad-A
NS records. Our DNS guy is more than willing to revisit that config switch.

Anybody have some statistics on what the current situation is?

I just dredged a list of 570 one, two, and three-dot domains from a
mailing list (a bunch of recent messages on debian-user). Digging
them gave 919 unique nameserver domain names, and digging those gave
119 AAAA addresses. Of these, 106 responded to a DNS query (for the
nameserver's own AAAA address) in some fashion, and 13 didn't.

Of the 13, 5 were cogentco.com DNS servers and unreachable over my HE
tunnel thanks to ongoing peering disputes.

Yeah, sorry about that, we really are trying to resolve this. We're here,
we'll peer. It'd be nice if Cogent would, too.

We really have done everything we can think of to get Cogent to peer.
We even baked them a really nice cake.

If you are a Cogent customer, feel free to ask them why they won't peer
IPv6 with HE.

In all cases, the nameservers with AAAA addresses had A addresses as
well.

Owen

Its a shame there is not a pair of images on this site - one originated from a v4 only box, one a v6 only box. The img src= could point to the

I've been working on something in this direction this past week, that is primarilly for user facing debugging purposes (versus for a content provider).

   http://test-ipv6.com

will tell the user what to expect, after having them try a combination of image fetches (ipv4, ipv6, dual stack, ipv4 literal, ipv6 literal).
It does each set of images 2-3 times (minimum is 2; a third pass is done if they go quick enough) and gets the "best" time of each type of fetch.

Based on the successes and failures, and the times, it tries to give a straight-English explanation to the end user on what the future internet might look for them, based on their *current* internet service / OS / browser. Lastly, it posts the results back to my server, along with the user agent string, in case there are any trends that can be learned.

On my todo list is to have it detect the case where the user timed out trying to reach the IPv6 and dual stack names; and ask the user for more details (ie, netstat -nr and ifconfig/ipconfig).

Feedback welcome, preferably off-list. If there's a desire for me to summarize, or anything earth shattering, I'll followup on-list.

I'm especially interested in people who've allowed utorrent to enable ipv6 to send me their results. :slight_smile:

Don't forget the hotspot vendor that returns an address of 0.0.0.1 for
every A query if you have previously done an AAAA query for the same
name (and timed out). That's a fun one.

S

so... aside from the every 3 months bitching on this list (and some on
v6ops maybe) about these sorts of things, what's happening to
tell/educate/warn/notice the hotspot-vendors that this sort of
practice (along with 'everything is at 1.1.1.1!') is just a bad plan?
How can users, even more advanced users, tell a hotspot vendor in a
meaningful way that their 'solution' is broken?

-chris

I periodically try to get the name of vendor and product identification
about load balancer vendors that return broken DNS responses. This
is after pointing out that the load balancer is broken and saying
why I want it (to inform the vendor / warn others not to purchace
a broken product). Invariably the administrator is too paranoid
to supply the information. The best one can hope for is to have
the operator contact their supplier.

Mark

I'm currently evaluating my options to best automate some of the
findings that I've got so far (I didn't ask for a common format for
replies, so most will be manual).

However, an interesting item that I've noted thus far, is that ~50% of
all successful connections do not have rDNS.

Originally, I thought that the majority of these simply didn't have
their delegated reverse zones on v6-reachable DNS servers, but this is
not necessarily so.

I copied the web log onto a dual-stack box and re-ran the DNS tests, and
only two of the non-resolvable ip6.arpa addresses resolved over v4.

fwiw, for those who have been asking, inbound SMTP is now working, and
I've got a basic IMAP/POP3 daemon running. If you still want a test
account, let me know.

steve@onlyv6.com

Thanks everyone for all of the support.

Cheers,

Steve

It seems like a good step in the right direction would be to determine an approach that makes sense and to document it.

Such an approach which made minimal exotic demands of client or hotspot (or back-end) systems might seem attractive to hotspot operators if it seemed likely to minimise support costs, or reduce development costs through re-use of free software components, or something.

Does such an approach exist? Is it documented?

Joe

Don't forget the hotspot vendor that returns an address of 0.0.0.1 for
every A query if you have previously done an AAAA query for the same
name (and timed out). That's a fun one.

so... aside from the every 3 months bitching on this list (and some on
v6ops maybe) about these sorts of things, what's happening to
tell/educate/warn/notice the hotspot-vendors that this sort of
practice (along with 'everything is at 1.1.1.1!') is just a bad plan?
How can users, even more advanced users, tell a hotspot vendor in a
meaningful way that their 'solution' is broken?

Years ago I talked to a startup's funders about the fact that they had made a design decision to build hardcoded unassigned /8s into a captive portal and mobility gateway.

We didn't buy their product, they changed it, company folded.

The most meaningful thing one can do is vote with your wallet.