O
2.9-C/3
Talk:Network
So about DNS64.. It worked for me, sort of. Couldn't get it to work with linux libnss, but works by hand (dig + curl specifing the 64::xy ipaddress). Here is my resolv.conf:
nameserver 2001:67c:20a1:2251::53 options edns0 inet6 single-request debug
Pls find the pcap of the two (working and not working requests) at http://end.re/29c3_dns64_wtf.pcap
IPv6 only works great (after manually entering the nameserver in resolv.conf). DNS64 works too.
--Andreas (talk) 11:34, 28 December 2012 (UTC)
Contents |
IPv6-enabled websites accessed via NAT64 instead
All of my servers are IPv6-enabled for years, but when using the NAT64-port on a hackcenter switch, I get the following reply from the DNS64 server:
$ dig -t AAAA labs.in.zekjur.net @2001:67c:20a1:2251::53
; <<>> DiG 9.8.1-P1 <<>> -t AAAA labs.in.zekjur.net @2001:67c:20a1:2251::53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58453
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;labs.in.zekjur.net. IN AAAA
;; ANSWER SECTION:
labs.in.zekjur.net. 345482 IN AAAA 64:ff9b::4f8c:27c9
;; AUTHORITY SECTION:
zekjur.net. 345482 IN NS infra.in.zekjur.net.
zekjur.net. 345482 IN NS libri.sur5r.net.
;; ADDITIONAL SECTION:
infra.in.zekjur.net. 345482 IN A 79.140.39.194
infra.in.zekjur.net. 345482 IN AAAA 2001:4d88:100e:1::2
;; Query time: 1 msec
;; SERVER: 2001:67c:20a1:2251::53#53(2001:67c:20a1:2251::53)
;; WHEN: Sat Dec 29 13:39:50 2012
;; MSG SIZE rcvd: 166
I would have expected the DNS64 server to not touch my existing AAAA records:
$ dig -t AAAA labs.in.zekjur.net @2001:4860:4860::8888 ; <<>> DiG 9.8.1-P1 <<>> -t AAAA labs.in.zekjur.net @2001:4860:4860::8888 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43380 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;labs.in.zekjur.net. IN AAAA ;; ANSWER SECTION: labs.in.zekjur.net. 21600 IN AAAA 2001:4d88:100e:4::2 ;; Query time: 63 msec ;; SERVER: 2001:4860:4860::8888#53(2001:4860:4860::8888) ;; WHEN: Sat Dec 29 13:41:01 2012 ;; MSG SIZE rcvd: 64
Because the way it currently works, all traffic is tunneled, even traffic to IPv6-enabled hosts. Kinda pointless :-). --Secure (talk) 13:01, 29 December 2012 (UTC)
No RDNSSD in router advertisment
The router advertisments sent in the port 1-4 network lack an RDNSSD so that clients could automatically get their nameservers:
# rdisc6 eth0 Soliciting ff02::2 (ff02::2) on eth0... Hop limit : 64 ( 0x40) Stateful address conf. : No Stateful other conf. : Yes Router preference : medium Router lifetime : 60 (0x0000003c) seconds Reachable time : unspecified (0x00000000) Retransmit time : unspecified (0x00000000) Source link-layer address: 80:71:1F:C3:2C:00 Prefix : 2001:67c:20a1:3020::/64 Valid time : 450 (0x000001c2) seconds Pref. time : 150 (0x00000096) seconds from fe80::8271:1f0b:ccc3:2c00
--Secure (talk) 13:03, 29 December 2012 (UTC)
Does DHCPv6 works?
NAT64 works great with me, too, but I have tried to use DHCPv6 (dhcp6c on Ubuntu) to automatically get the Nameserver, but it doesn't work. I have tried several options (including -i).
Wifi network 29c3-dns64
Is special SSID 29c3-dns64 on the wifi network still available? Could not find it inside the CCH.
Performance
I only tested via wifi (connected on 5 GHz) and I experienced very poor performance while using nat64. The performance on the other wifi-networks was fine, however.