Re: IPv6 resolvers
does pfsense need real dns hosting maybe? I hear: http://puck.nether.net/dns ... works. On Wed, Jan 4, 2012 at 6:48 PM, Chris Adams wrote: > registrar-servers.com.
Re: IPv6 resolvers
Once upon a time, Ryan Rawdon said: > Try .pfsense.org (see below) to avoid caching, since the > problem in question does not rely on the name existing. I am able to > reproduce it roughly every 3rd random string I try, definitely not every > time. I am unable to reproduce it with other domains so far, only > pfsense.org and when it does occur I see a 1500-2200ms query time: This appears to be a problem with the authoritative servers for pfsense.org. They are dns[1-5].registrar-servers.com (which each have multiple IP addresses). If I try each IP, I get no response from 38.101.213.194 and 2+ second response time from 69.16.244.25. Both of those IPs are listed for dns1.registrar-servers.com. -- Chris Adams Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: IPv6 resolvers
On Jan 4, 2012, at 3:46 PM, Mark Kamichoff wrote: > On Wed, Jan 04, 2012 at 09:39:39PM +0100, Seth Mos wrote: >> And a similar mistake I see others respond too as well, this is >> another domain with just a IPv4 record. That was not really what I was >> complaining about but I was not specific enough in my email >> >> When requesting the DNS for the hostname with a Quad A the story is >> entirely different! >> >> Try www.pfsense.com or www.didi.nl > > Still not seeing additional latency from here: Try .pfsense.org (see below) to avoid caching, since the problem in question does not rely on the name existing. I am able to reproduce it roughly every 3rd random string I try, definitely not every time. I am unable to reproduce it with other domains so far, only pfsense.org and when it does occur I see a 1500-2200ms query time: nova-dhcp-host111:~ ryan$ dig @ordns.he.net awegawregwaefg.pfsense.org ; <<>> DiG 9.6.0-APPLE-P2 <<>> @ordns.he.net awegawregwaefg.pfsense.org ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24807 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;awegawregwaefg.pfsense.org.IN A ;; AUTHORITY SECTION: pfsense.org.3600IN SOA dns1.registrar-servers.com. hostmaster.registrar-servers.com. 2012010200 10001 1801 604801 3601 ;; Query time: 1695 msec ;; SERVER: 2001:470:20::2#53(2001:470:20::2) ;; WHEN: Wed Jan 4 18:34:17 2012 ;; MSG SIZE rcvd: 117 nova-dhcp-host111:~ ryan$ > > (neodymium:15:44)% dig @2001:470:20::2 www.didi.nl. > > ; <<>> DiG 9.7.3 <<>> @2001:470:20::2 www.didi.nl. > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33979 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;www.didi.nl. IN > > ;; ANSWER SECTION: > www.didi.nl. 3520IN 2001:888:2087:33::132 > > ;; Query time: 20 msec > ;; SERVER: 2001:470:20::2#53(2001:470:20::2) > ;; WHEN: Wed Jan 4 15:44:06 2012 > ;; MSG SIZE rcvd: 57 > > And if that is already cached, let's try something that should require a > fresh lookup: > > (neodymium:15:44)% dig @2001:470:20::2 tengigabitethernet.com. > > ; <<>> DiG 9.7.3 <<>> @2001:470:20::2 tengigabitethernet.com. > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41662 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;tengigabitethernet.com. IN > > ;; ANSWER SECTION: > tengigabitethernet.com. 3600IN 2001:48c8:1:104::e > > ;; Query time: 84 msec > ;; SERVER: 2001:470:20::2#53(2001:470:20::2) > ;; WHEN: Wed Jan 4 15:44:41 2012 > ;; MSG SIZE rcvd: 68 > > Again, not too bad.. > > - Mark > > -- > Mark Kamichoff > p...@prolixium.com > http://www.prolixium.com/
Re: IPv6 resolvers
On Wed, Jan 04, 2012 at 09:39:39PM +0100, Seth Mos wrote: > And a similar mistake I see others respond too as well, this is > another domain with just a IPv4 record. That was not really what I was > complaining about but I was not specific enough in my email > > When requesting the DNS for the hostname with a Quad A the story is > entirely different! > > Try www.pfsense.com or www.didi.nl Still not seeing additional latency from here: (neodymium:15:44)% dig @2001:470:20::2 www.didi.nl. ; <<>> DiG 9.7.3 <<>> @2001:470:20::2 www.didi.nl. ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33979 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.didi.nl. IN ;; ANSWER SECTION: www.didi.nl.3520IN 2001:888:2087:33::132 ;; Query time: 20 msec ;; SERVER: 2001:470:20::2#53(2001:470:20::2) ;; WHEN: Wed Jan 4 15:44:06 2012 ;; MSG SIZE rcvd: 57 And if that is already cached, let's try something that should require a fresh lookup: (neodymium:15:44)% dig @2001:470:20::2 tengigabitethernet.com. ; <<>> DiG 9.7.3 <<>> @2001:470:20::2 tengigabitethernet.com. ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41662 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;tengigabitethernet.com.IN ;; ANSWER SECTION: tengigabitethernet.com. 3600IN 2001:48c8:1:104::e ;; Query time: 84 msec ;; SERVER: 2001:470:20::2#53(2001:470:20::2) ;; WHEN: Wed Jan 4 15:44:41 2012 ;; MSG SIZE rcvd: 68 Again, not too bad.. - Mark -- Mark Kamichoff p...@prolixium.com http://www.prolixium.com/ signature.asc Description: Digital signature
Re: IPv6 resolvers
Hi! So please stop responding with ping response times already :-) No, pfSense does not set these per default, they are in wide use because these are part of the Google DNS whitelist for V6 records. And a similar mistake I see others respond too as well, this is another domain with just a IPv4 record. That was not really what I was complaining about but I was not specific enough in my email When requesting the DNS for the hostname with a Quad A the story is entirely different! Try www.pfsense.com or www.didi.nl Tried those three for you and prolocation.net. All fine? This should not be on nanog i guess. Check with their support, or something :-) [root@ipv6proxy ~]# time host www.prolocation.net 2001:470:20::2 Using domain server: Name: 2001:470:20::2 Address: 2001:470:20::2#53 Aliases: www.prolocation.net has address 94.228.129.19 www.prolocation.net has IPv6 address 2a00:d00:ff:131:94:228:131:131 real0m0.011s user0m0.001s sys 0m0.008s [root@ipv6proxy ~]# [root@ipv6proxy ~]# time host pfsense.com 2001:470:20::2 Using domain server: Name: 2001:470:20::2 Address: 2001:470:20::2#53 Aliases: pfsense.com is an alias for pfsense.org. pfsense.org has address 69.64.6.21 pfsense.org has IPv6 address 2605:8000:d:1::167 pfsense.org mail is handled by 10 mail.pfsense.org. real0m0.011s user0m0.001s sys 0m0.007s [root@ipv6proxy ~]# time host www.didi.nl 2001:470:20::2 Using domain server: Name: 2001:470:20::2 Address: 2001:470:20::2#53 Aliases: www.didi.nl has address 82.94.161.132 www.didi.nl has IPv6 address 2001:888:2087:33::132 real0m0.523s user0m0.001s sys 0m0.006s Bye, Raymond.
Re: IPv6 resolvers
Hi, Just pointing out to other responding to this thread that I was referring to the *query* response times, I said nothing about ICMP which is perfectly fine. So please stop responding with ping response times already :-) No, pfSense does not set these per default, they are in wide use because these are part of the Google DNS whitelist for V6 records. Op 4 jan 2012, om 21:33 heeft Mark Kamichoff het volgende geschreven: > ;; ANSWER SECTION: > cnn.com. 299 IN A 157.166.226.26 > cnn.com. 299 IN A 157.166.255.19 > cnn.com. 299 IN A 157.166.255.18 > cnn.com. 299 IN A 157.166.226.25 And a similar mistake I see others respond too as well, this is another domain with just a IPv4 record. That was not really what I was complaining about but I was not specific enough in my email When requesting the DNS for the hostname with a Quad A the story is entirely different! Try www.pfsense.com or www.didi.nl Those will definitely hit the issue, otherwise one can always use Nanog.org like below. 74.82.42.42 2204 msec 2001:4860:4860::884417 msec 2001:470:20::2 2890 msec Best regards, Seth > > ;; Query time: 38 msec > ;; SERVER: 74.82.42.42#53(74.82.42.42) > ;; WHEN: Wed Jan 4 15:27:17 2012 > ;; MSG SIZE rcvd: 89 > > (neodymium:15:32)% dig @2001:470:20::2 cnn.com. A > > ; <<>> DiG 9.7.3 <<>> @2001:470:20::2 cnn.com. A > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41382 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;cnn.com. IN A > > ;; ANSWER SECTION: > cnn.com. 295 IN A 157.166.226.25 > cnn.com. 295 IN A 157.166.255.18 > cnn.com. 295 IN A 157.166.255.19 > cnn.com. 295 IN A 157.166.226.26 > > ;; Query time: 20 msec > ;; SERVER: 2001:470:20::2#53(2001:470:20::2) > ;; WHEN: Wed Jan 4 15:32:27 2012 > ;; MSG SIZE rcvd: 89 > > That being said, keep in mind these are anycasted. I'm using > 216.66.22.2 [tserv13.ash1.ipv6.he.net] for IPv4 and 209.51.161.14 > [tserv4.nyc4.ipv6.he.net] according to the A record returned by > whoami.akamai.net. I might not be hitting the same server you are. > > - Mark > > -- > Mark Kamichoff > p...@prolixium.com > http://www.prolixium.com/
Re: IPv6 resolvers
On Wed, Jan 04, 2012 at 09:00:26PM +0100, Seth Mos wrote: > I was wondering if many people are seeing horrendous latency on the > free Hurricane Electric resolvers? Looks fine to me: (neodymium:15:27)% dig @74.82.42.42 cnn.com. A ; <<>> DiG 9.7.3 <<>> @74.82.42.42 cnn.com. A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53277 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;cnn.com. IN A ;; ANSWER SECTION: cnn.com.299 IN A 157.166.226.26 cnn.com.299 IN A 157.166.255.19 cnn.com.299 IN A 157.166.255.18 cnn.com.299 IN A 157.166.226.25 ;; Query time: 38 msec ;; SERVER: 74.82.42.42#53(74.82.42.42) ;; WHEN: Wed Jan 4 15:27:17 2012 ;; MSG SIZE rcvd: 89 (neodymium:15:32)% dig @2001:470:20::2 cnn.com. A ; <<>> DiG 9.7.3 <<>> @2001:470:20::2 cnn.com. A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41382 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;cnn.com. IN A ;; ANSWER SECTION: cnn.com.295 IN A 157.166.226.25 cnn.com.295 IN A 157.166.255.18 cnn.com.295 IN A 157.166.255.19 cnn.com.295 IN A 157.166.226.26 ;; Query time: 20 msec ;; SERVER: 2001:470:20::2#53(2001:470:20::2) ;; WHEN: Wed Jan 4 15:32:27 2012 ;; MSG SIZE rcvd: 89 That being said, keep in mind these are anycasted. I'm using 216.66.22.2 [tserv13.ash1.ipv6.he.net] for IPv4 and 209.51.161.14 [tserv4.nyc4.ipv6.he.net] according to the A record returned by whoami.akamai.net. I might not be hitting the same server you are. - Mark -- Mark Kamichoff p...@prolixium.com http://www.prolixium.com/ signature.asc Description: Digital signature
Re: IPv6 resolvers
On Wed, Jan 4, 2012 at 3:00 PM, Seth Mos wrote: > Hi Nanog, Owen, > > I was wondering if many people are seeing horrendous latency on the free > Hurricane Electric resolvers? > > Both accessing the v4 or v6 resolvers have horrendous latency. This could > well be coupled to their free nature and popularity. > > So far when contacting Hurricane Electric they restart the resolver on their > end and all is well again, but now other pfSense users in the US were > noticing these latency issues as well, leading me to believe it is a larger > issue. err, are all pfsense people automatically configured to use he's servers? that seems sorta rude if so... > > But I was wondering if a more permanent solution for these resolvers exist. > > > 74.82.42.42 2373 msec > 2001:470:20::2 2592 msec > > The google DNS server I'm using is doing swimmingly so far, OpenDNS seems ok > too. > 2001:4860:4860::8844 16 msec > > Kind regards, > > Seth Mos
Re: IPv6 resolvers
Hi! But I was wondering if a more permanent solution for these resolvers exist. 74.82.42.42 2373 msec 2001:470:20::2 2592 msec The google DNS server I'm using is doing swimmingly so far, OpenDNS seems ok too. 2001:4860:4860::8844 16 msec [root@ipv6proxy ~]# ping 74.82.42.42 PING 74.82.42.42 (74.82.42.42) 56(84) bytes of data. 64 bytes from 74.82.42.42: icmp_seq=1 ttl=61 time=0.664 ms 64 bytes from 74.82.42.42: icmp_seq=2 ttl=61 time=0.640 ms 64 bytes from 74.82.42.42: icmp_seq=3 ttl=61 time=0.551 ms 64 bytes from 74.82.42.42: icmp_seq=4 ttl=61 time=0.614 ms [root@ipv6proxy ~]# ping6 2001:470:20::2 PING 2001:470:20::2(2001:470:20::2) 56 data bytes 64 bytes from 2001:470:20::2: icmp_seq=1 ttl=61 time=0.488 ms 64 bytes from 2001:470:20::2: icmp_seq=2 ttl=61 time=0.478 ms 64 bytes from 2001:470:20::2: icmp_seq=3 ttl=61 time=0.739 ms 64 bytes from 2001:470:20::2: icmp_seq=4 ttl=61 time=0.515 ms Looks pretty normal here. Bye, Raymond.
