Anyone else having problems getting to Verisign's whois server on IPv6?
$ host com.whois-servers.net
com.whois-servers.net is an alias for whois.verisign-grs.com.
whois.verisign-grs.com has address 199.7.59.74
whois.verisign-grs.com has IPv6 address 2001:503:3227:1060::74
$ traceroute6 2001:503:3227:1060::74
traceroute6 to 2001:503:3227:1060::74 (2001:503:3227:1060::74) from 2001:470:5:4ed:cabc:c8ff:fea1:560c, 64 hops max, 12 byte packets
1 2001:470:5:4ed:226:bbff:fe6d:426e 0.311 ms 0.374 ms 0.260 ms
2 ipv6oitc-1.tunnel.tserv12.mia1.ipv6.he.net 21.128 ms 21.052 ms 17.389 ms
3 gige-g2-3.core1.mia1.he.net 20.055 ms 16.198 ms 22.699 ms
4 10gigabitethernet4-3.core1.atl1.he.net 40.166 ms 33.887 ms 32.547 ms
5 10gigabitethernet6-4.core1.ash1.he.net 49.821 ms 45.999 ms 52.751 ms
6 2001:504:0:2::2641:1 47.197 ms 46.748 ms 47.289 ms
7 xe-1-2-0.r1.bb-fo.chi2.vrsn.net 65.094 ms
xe-0-2-0.r2.bb-fo.chi2.vrsn.net 66.441 ms
xe-1-2-0.r1.bb-fo.chi2.vrsn.net 66.320 ms
8 2001:503:3227:14ff::2 66.448 ms
2001:503:3227:13ff::2 101.761 ms 86.864 ms
9 2001:503:3227:13ff::2 69.818 ms !P
2001:503:3227:14ff::2 69.311 ms !P
2001:503:3227:13ff::2 68.662 ms !P
Path is not the same, but the last few replies similarly suggest
packet-filters (!X in my case vs. !P).
I can get to the whois port (TCP/43):
$ telnet -6 2001:503:3227:1060::74 whois
Trying 2001:503:3227:1060::74...
Connected to 2001:503:3227:1060::74.
Escape character is '^]'.
Can you?
Tony
Nope sure can't
$ telnet -6 2001:503:3227:1060::74 whois
2001:503:3227:1060::74: nodename nor servname provided, or not known
Tom
Anyone else having problems getting to Verisign's whois server on IPv6?
whois -h 2001:503:ff39:1060::74 verisign-grs.com
works for me.
jaap
Seems to work for me....
mps31@lonsgnsu1:~$ telnet -6 2001:503:3227:1060::74 whois
Trying 2001:503:3227:1060::74...
Connected to 2001:503:3227:1060::74.
Escape character is '^]'.
mps31@lonsgnsu1:~$ whois -h 2001:503:3227:1060::74 =verisign.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: VERISIGN.COM
Registrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com/en_US/
Name Server: A2.NSTLD.COM
Name Server: C2.NSTLD.NET
Name Server: D2.NSTLD.NET
Name Server: E2.NSTLD.NET
Name Server: F2.NSTLD.COM
Name Server: G2.NSTLD.COM
Name Server: H2.NSTLD.NET
Name Server: J2.NSTLD.NET
Name Server: K2.NSTLD.NET
Name Server: L2.NSTLD.COM
Name Server: M2.NSTLD.NET
Status: clientTransferProhibited
Status: serverDeleteProhibited
Status: serverTransferProhibited
Status: serverUpdateProhibited
Updated Date: 14-apr-2011
Creation Date: 02-jun-1995
Expiration Date: 01-jun-2012
Last update of whois database: Tue, 01 May 2012 12:29:12 UTC <<<
Mike Simkins
Senior Network Engineer , Operations Engineering
SunGard
Availability Services
25 Canada Square, London E14 5LQ
This looks to be more of an application issue for you.
The rest seems to work for me:
puck:~$ whois -h 2001:503:ff39:1060::74 verisign-grs.com
[Querying 2001:503:ff39:1060::74]
[2001:503:ff39:1060::74]
Whois Server Version 2.0
...
- Jared
Testing it using the NLNOG ring (https://ring.nlnog.net) shows that 3
nodes have routing issues, 92 have no problems reaching Verisign's whois
server on IPv6. So there might be some routing issues.
Here's a (tad too crowded) graph showing the traceroutes from all ring
nodes: https://ring.nlnog.net/paste/p/pqux9kxpzhytnnmx
Regards,
Teun
mtu problems perhaps? (I get a connect, but nothing after the initial banner ...
-chris
The server doesn't do PMTUD properly. Verisign were informed of this
a while back. How hard is it to let ICMPv6 PTB in so that PMTUD works?
% whois -h 2001:503:3227:1060::74 example.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
[stalls here forever]
The message is sent in 3 packet and you see packet 1 and 3, 2 is
lost and despite selective acks it is never seen.
that appears to be the case
setting MSS to 1420 seems to work for
me (at home, on a janky tunneled setup, because you know... ipv6 is
'hard' for vz to do
)
-chris