DNS64 Not Resolving Addresses
202 views
Skip to first unread message
Jeffry Handal
Jun 16, 2018, 1:45:42 AM6/16/18
to public-dn...@googlegroups.com
Erik and team,
The public DNS64 resolvers are pingable but do not resolve. The
following simple test is coming from an IPv6-only network that is behind
NAT64.
ping6 2001:4860:4860::6464
PING6(56=40+8+8 bytes) 2601:2c3:887f:5f73:11b7:5c86:b051:5c2c -->
2001:4860:4860::6464
16 bytes from 2001:4860:4860::6464, icmp_seq=0 hlim=42 time=133.313 ms
16 bytes from 2001:4860:4860::6464, icmp_seq=1 hlim=42 time=25.670 ms
ping6 2001:4860:4860::64
PING6(56=40+8+8 bytes) 2601:2c3:887f:5f73:11b7:5c86:b051:5c2c -->
2001:4860:4860::64
16 bytes from 2001:4860:4860::64, icmp_seq=0 hlim=44 time=635.711 ms
16 bytes from 2001:4860:4860::64, icmp_seq=3 hlim=44 time=1911.751 ms
16 bytes from 2001:4860:4860::64, icmp_seq=4 hlim=44 time=915.951 ms
16 bytes from 2001:4860:4860::64, icmp_seq=5 hlim=44 time=24.304 ms
16 bytes from 2001:4860:4860::64, icmp_seq=6 hlim=44 time=23.048 ms
ping6 google.com
ping6: getaddrinfo -- nodename nor servname provided, or not known
dig google.com @2001:4860:4860::6464
nslookup
> server 2001:4860:4860::6464
Default server: 2001:4860:4860::6464
Address: 2001:4860:4860::6464#53
> google.com
dig any cnn.com +trace +all
; <<>> DiG 9.8.3-P1 <<>> any cnn.com +trace +all
;; global options: +cmd
;; connection timed out; no servers could be reached
cat /etc/resolv.conf
#
# Mac OS X Notice
#
# This file is not used by the host name and address resolution
# or the DNS query routing mechanisms used by most processes on
# this Mac OS X system.
#
# This file is automatically generated.
#
nameserver 2001:4860:4860::6464
nameserver 2001:4860:4860::64
Thank you in advance for the guidance.
--
Jeffry J. Handal
The public DNS64 resolvers are pingable but do not resolve. The
following simple test is coming from an IPv6-only network that is behind
NAT64.
ping6 2001:4860:4860::6464
PING6(56=40+8+8 bytes) 2601:2c3:887f:5f73:11b7:5c86:b051:5c2c -->
2001:4860:4860::6464
16 bytes from 2001:4860:4860::6464, icmp_seq=0 hlim=42 time=133.313 ms
16 bytes from 2001:4860:4860::6464, icmp_seq=1 hlim=42 time=25.670 ms
ping6 2001:4860:4860::64
PING6(56=40+8+8 bytes) 2601:2c3:887f:5f73:11b7:5c86:b051:5c2c -->
2001:4860:4860::64
16 bytes from 2001:4860:4860::64, icmp_seq=0 hlim=44 time=635.711 ms
16 bytes from 2001:4860:4860::64, icmp_seq=3 hlim=44 time=1911.751 ms
16 bytes from 2001:4860:4860::64, icmp_seq=4 hlim=44 time=915.951 ms
16 bytes from 2001:4860:4860::64, icmp_seq=5 hlim=44 time=24.304 ms
16 bytes from 2001:4860:4860::64, icmp_seq=6 hlim=44 time=23.048 ms
ping6 google.com
ping6: getaddrinfo -- nodename nor servname provided, or not known
dig google.com @2001:4860:4860::6464
nslookup
> server 2001:4860:4860::6464
Default server: 2001:4860:4860::6464
Address: 2001:4860:4860::6464#53
> google.com
dig any cnn.com +trace +all
; <<>> DiG 9.8.3-P1 <<>> any cnn.com +trace +all
;; global options: +cmd
;; connection timed out; no servers could be reached
cat /etc/resolv.conf
#
# Mac OS X Notice
#
# This file is not used by the host name and address resolution
# or the DNS query routing mechanisms used by most processes on
# this Mac OS X system.
#
# This file is automatically generated.
#
nameserver 2001:4860:4860::6464
nameserver 2001:4860:4860::64
Thank you in advance for the guidance.
--
Jeffry J. Handal
Erik Kline
Jun 16, 2018, 7:06:44 AM6/16/18
to jhan...@gmail.com, public-dns-discuss
Hmmm. From Japan:
dig -t AAAA ipv4.google.com @2001:4860:4860::6464
; <<>> DiG 9.10.6 <<>> -t AAAA ipv4.google.com @2001:4860:4860::6464
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16110
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;ipv4.google.com. IN AAAA
;; ANSWER SECTION:
ipv4.google.com. 21599 IN CNAME ipv4.l.google.com.
ipv4.l.google.com. 299 IN AAAA 64:ff9b::acd9:188e
;; Query time: 48 msec
;; SERVER: 2001:4860:4860::6464#53(2001:4860:4860::6464)
;; WHEN: Sat Jun 16 19:58:12 JST 2018
;; MSG SIZE rcvd: 93
"dig any cnn.com +trace +all @2001:4860:4860::6464" is also quite voluminous.
Are you still seeing an outage from your location? (whois suggests:
NetName: HOUSTON-RPD-V6-2
NetHandle: NET6-2601-2C0-1
Parent: COMCAST6NET (NET6-2601-1)
but that's not necessarily authoritative)
> --
> --
> ========================================================
> You received this message because you are subscribed to the Google
> Groups "public-dns-discuss" group.
> To post to this group, send email to public-dn...@googlegroups.com
> To unsubscribe from this group, send email to
> public-dns-disc...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/public-dns-discuss
> For more information on Google Public DNS, please visit
> http://developers.google.com/speed/public-dns
> ========================================================
> ---
> You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-disc...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
dig -t AAAA ipv4.google.com @2001:4860:4860::6464
; <<>> DiG 9.10.6 <<>> -t AAAA ipv4.google.com @2001:4860:4860::6464
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16110
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;ipv4.google.com. IN AAAA
;; ANSWER SECTION:
ipv4.google.com. 21599 IN CNAME ipv4.l.google.com.
ipv4.l.google.com. 299 IN AAAA 64:ff9b::acd9:188e
;; Query time: 48 msec
;; SERVER: 2001:4860:4860::6464#53(2001:4860:4860::6464)
;; WHEN: Sat Jun 16 19:58:12 JST 2018
;; MSG SIZE rcvd: 93
"dig any cnn.com +trace +all @2001:4860:4860::6464" is also quite voluminous.
Are you still seeing an outage from your location? (whois suggests:
NetName: HOUSTON-RPD-V6-2
NetHandle: NET6-2601-2C0-1
Parent: COMCAST6NET (NET6-2601-1)
but that's not necessarily authoritative)
> --
> ========================================================
> You received this message because you are subscribed to the Google
> Groups "public-dns-discuss" group.
> To post to this group, send email to public-dn...@googlegroups.com
> To unsubscribe from this group, send email to
> public-dns-disc...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/public-dns-discuss
> For more information on Google Public DNS, please visit
> http://developers.google.com/speed/public-dns
> ========================================================
> ---
> You received this message because you are subscribed to the Google Groups "public-dns-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to public-dns-disc...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Jeffry Handal
Jun 16, 2018, 9:15:14 PM6/16/18
to Erik Kline, public-dns-discuss
Erik,
Where are you seeing the outage you indicated? Is that for an anycast
presence of the Google DNS64 server? All my Comcast IPv6 routing looks
fine. I get a /60 from them. If I use OpenDNS resolvers over IPv6,
things are fine. However, OpenDNS does not do DNS64...
Do you know of other public DNS64 resolvers I could test with?
For the Public Google DNS64, all my DNS requests fail/timeout. Also
traceroute dies. Ping works but does have several outlier responses.
Something is definitely not right. Packet capture yield not responses
back for the queries. What else can I try?
; <<>> DiG 9.8.3-P1 <<>> any cnn.com +trace +all @2001:4860:4860::6464
;; global options: +cmd
traceroute6 to 2001:4860:4860::6464 (2001:4860:4860::6464) from
2601:2c3:887f:5f70:6de8:3736:60b9:ee47, 64 hops max, 12 byte packets
1 2601:2c3:887f:5f70::c15:c0 6.203 ms 5.407 ms 3.957 ms
2 2001:558:4081:6b::1 12.892 ms 18.034 ms 12.819 ms
3 ae-102-rur02.grant.tx.houston.comcast.net 17.096 ms 13.331 ms
15.420 ms
4 ae-37-ar01.bearcreek.tx.houston.comcast.net 17.022 ms 16.061 ms
14.924 ms
5 be-33662-cr02.dallas.tx.ibone.comcast.net 21.308 ms
Thanks for the guidance.
Jeffry J. Handal
Where are you seeing the outage you indicated? Is that for an anycast
presence of the Google DNS64 server? All my Comcast IPv6 routing looks
fine. I get a /60 from them. If I use OpenDNS resolvers over IPv6,
things are fine. However, OpenDNS does not do DNS64...
Do you know of other public DNS64 resolvers I could test with?
For the Public Google DNS64, all my DNS requests fail/timeout. Also
traceroute dies. Ping works but does have several outlier responses.
Something is definitely not right. Packet capture yield not responses
back for the queries. What else can I try?
; <<>> DiG 9.8.3-P1 <<>> any cnn.com +trace +all @2001:4860:4860::6464
;; global options: +cmd
;; connection timed out; no servers could be reached
traceroute6 2001:4860:4860::6464
traceroute6 to 2001:4860:4860::6464 (2001:4860:4860::6464) from
2601:2c3:887f:5f70:6de8:3736:60b9:ee47, 64 hops max, 12 byte packets
1 2601:2c3:887f:5f70::c15:c0 6.203 ms 5.407 ms 3.957 ms
2 2001:558:4081:6b::1 12.892 ms 18.034 ms 12.819 ms
3 ae-102-rur02.grant.tx.houston.comcast.net 17.096 ms 13.331 ms
15.420 ms
4 ae-37-ar01.bearcreek.tx.houston.comcast.net 17.022 ms 16.061 ms
14.924 ms
5 be-33662-cr02.dallas.tx.ibone.comcast.net 21.308 ms
Thanks for the guidance.
Jeffry J. Handal
Jeffry Handal
Jun 18, 2018, 5:16:10 AM6/18/18
to Erik Kline, public-dns-discuss
Erik,
I just opened a ticket with Comcast and hope it gets to the proper group.
If I log into the Cisco network via VPN, the DNS64 server works. So, it
has to be something inside the Comcast network.
Where did you see the outage you mentioned in the previous email?
Regards,
Jeffry J. Handal
On 6/16/18 6:06 AM, Erik Kline wrote:
I just opened a ticket with Comcast and hope it gets to the proper group.
If I log into the Cisco network via VPN, the DNS64 server works. So, it
has to be something inside the Comcast network.
Where did you see the outage you mentioned in the previous email?
Regards,
Jeffry J. Handal
On 6/16/18 6:06 AM, Erik Kline wrote:
Erik Kline
Jun 18, 2018, 11:47:09 PM6/18/18
to Jeffry Handal, public-dns-discuss
By "outage" I was referring to the failure to respond to DNS that you
reported. My apologies for the imprecise, overloaded term.
Best of luck.
reported. My apologies for the imprecise, overloaded term.
Best of luck.
Jeffry Handal
Jun 19, 2018, 2:28:28 AM6/19/18
to Erik Kline, public-dns-discuss
Erik,
Thanks for clarifying. I am still chasing it done with Comcast.
I may have to reach out to John Brzozowski directly if this ticket goes
nowhere.
Regards,
Jeffry J. Handal
Thanks for clarifying. I am still chasing it done with Comcast.
I may have to reach out to John Brzozowski directly if this ticket goes
nowhere.
Regards,
Jeffry J. Handal
Reply all
Reply to author
Forward
0 new messages