Once-the.rockets/are-up..who/cares-where.they/come-down.That's

N.O-T/MY-D/E.PA/R.T-ME-N/T.

2.9-C/3

So about DNS64.. It worked for me, sort of. Couldn't get it to work with linux libnss, but works by hand (dig + curl specifing the 64::xy ipaddress). Here is my resolv.conf:

nameserver 2001:67c:20a1:2251::53
options edns0 inet6 single-request debug

Pls find the pcap of the two (working and not working requests) at http://end.re/29c3_dns64_wtf.pcap

Thanks for the feedback! Niels (talk) 01:10, 28 December 2012 (UTC)


IPv6 only works great (after manually entering the nameserver in resolv.conf). DNS64 works too. --Andreas (talk) 11:34, 28 December 2012 (UTC)

Contents

IPv6-enabled websites accessed via NAT64 instead

All of my servers are IPv6-enabled for years, but when using the NAT64-port on a hackcenter switch, I get the following reply from the DNS64 server:

$ dig -t AAAA labs.in.zekjur.net @2001:67c:20a1:2251::53
        
; <<>> DiG 9.8.1-P1 <<>> -t AAAA labs.in.zekjur.net @2001:67c:20a1:2251::53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58453
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;labs.in.zekjur.net.            IN      AAAA

;; ANSWER SECTION:
labs.in.zekjur.net.     345482  IN      AAAA    64:ff9b::4f8c:27c9

;; AUTHORITY SECTION:
zekjur.net.             345482  IN      NS      infra.in.zekjur.net.
zekjur.net.             345482  IN      NS      libri.sur5r.net.

;; ADDITIONAL SECTION:
infra.in.zekjur.net.    345482  IN      A       79.140.39.194
infra.in.zekjur.net.    345482  IN      AAAA    2001:4d88:100e:1::2

;; Query time: 1 msec
;; SERVER: 2001:67c:20a1:2251::53#53(2001:67c:20a1:2251::53)
;; WHEN: Sat Dec 29 13:39:50 2012
;; MSG SIZE  rcvd: 166


I would have expected the DNS64 server to not touch my existing AAAA records:

$ dig -t AAAA labs.in.zekjur.net @2001:4860:4860::8888 

; <<>> DiG 9.8.1-P1 <<>> -t AAAA labs.in.zekjur.net @2001:4860:4860::8888
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43380
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;labs.in.zekjur.net.            IN      AAAA

;; ANSWER SECTION:
labs.in.zekjur.net.     21600   IN      AAAA    2001:4d88:100e:4::2

;; Query time: 63 msec
;; SERVER: 2001:4860:4860::8888#53(2001:4860:4860::8888)
;; WHEN: Sat Dec 29 13:41:01 2012
;; MSG SIZE  rcvd: 64

Because the way it currently works, all traffic is tunneled, even traffic to IPv6-enabled hosts. Kinda pointless :-). --Secure (talk) 13:01, 29 December 2012 (UTC)

No RDNSSD in router advertisment

The router advertisments sent in the port 1-4 network lack an RDNSSD so that clients could automatically get their nameservers:

# rdisc6 eth0
Soliciting ff02::2 (ff02::2) on eth0...

Hop limit                 :           64 (      0x40)
Stateful address conf.    :           No
Stateful other conf.      :          Yes
Router preference         :       medium
Router lifetime           :           60 (0x0000003c) seconds
Reachable time            :  unspecified (0x00000000)
Retransmit time           :  unspecified (0x00000000)
 Source link-layer address: 80:71:1F:C3:2C:00
 Prefix                   : 2001:67c:20a1:3020::/64
  Valid time              :          450 (0x000001c2) seconds
  Pref. time              :          150 (0x00000096) seconds
 from fe80::8271:1f0b:ccc3:2c00

--Secure (talk) 13:03, 29 December 2012 (UTC)

Does DHCPv6 works?

NAT64 works great with me, too, but I have tried to use DHCPv6 (dhcp6c on Ubuntu) to automatically get the Nameserver, but it doesn't work. I have tried several options (including -i).

Wifi network 29c3-dns64

Is special SSID 29c3-dns64 on the wifi network still available? Could not find it inside the CCH.

Performance

I only tested via wifi (connected on 5 GHz) and I experienced very poor performance while using nat64. The performance on the other wifi-networks was fine, however.

Archived page - Impressum/Datenschutz