Google IPv6 + New DNS Config
Shadow Hawkins on Thursday, 02 April 2009 17:29:47
I just thought I would share how I have my bind9 recursive server setup on my home network to enable Google via IPv6 using the new nscache.xx.sixxs.net name servers. https://www.sixxs.net/tools/dnscache/
I wanted to use the new nscache servers provided by sixxs to enable google AAAA dns lookups, but I did not want to experience any failures in dns resolution if I happened to take down my aiccu provided ipv6 tunnel. (sixxs nscache servers are only IPv6)
I decided to try the zone specific forwarders statement in bind9 since I was already running a local recursive resolver.
Here are the added lines in my named.conf:
zone "google.com" {
type forward;
forward only;
forwarders {
2001:4de0:1000:a4::2;
2001:4de0:1000:a3::2;
};
};
Obviously, if you do not live in the US, you will want to change both the zone name, and the addresses of the nscache.xx.sixxs.net servers as appropriate.
"forward first" might be a better declaration than "forward only" for this, so that a fallback can happen within bind if those fowarders are not reachable, but I already have a secondary dns server being propagated to my subnet via DHCP (v4), so I decided this was not necessary at the moment. Using this method also makes my XP machines work with google ipv6 (my bind9 instance is available via ipv4 as well).
In this way, I only pass DNS lookups for google.com to the new nscache.xx.sixxs.net servers, and do not flood them with every other dns lookup that my home network is doing.
Anyone have a better way of doing this ?
I was going to look into powerdns-recursor when I have the time, but please share your configuration if you have a different solution.
In any case, have fun, and a big THANK YOU to Pim and Google and everyone else involved in making this happen.
-_Dave
Google IPv6 + New DNS Config
Shadow Hawkins on Thursday, 02 April 2009 21:47:41
I've done the same configuration :)
(well, with different dns forwarder address, as I'm in Europe)
It seems so far the IPv6 available services are only for http traffic,
or am I wrong?
smtp (google mail) and xmpp (google talk) seem to still use IPv4 only,
despite the use of the sixxs dnscache.
The www.google.com/ipv6 doesn't provide info on exactly which services are IPv6 available, nor a "dancing turtle"-like feedback to check that you are actually connecting trough IPv6.
That page seems very "broad public" oriented.
So, is there some page somewhere, on which more specific information, and news, on the google over IPv6 deployement?
And are we supposed to test something in particular or give some sort of feedback; or just using it is enough?
Thanks
Google IPv6 + New DNS Config
Shadow Hawkins on Friday, 03 April 2009 09:22:38
While I'm not sure if you really meant www.google.com/ipv6 or "www.google.com over IPv6", http://ipv6.google.com/ does let you know if you're using IPv6. If you see Google's logo making waves (JavaScript required), you know you're using IPv6. Not that you wouldn't know that anyway.
Google IPv6 + New DNS Config
Shadow Hawkins on Monday, 06 April 2009 22:29:10
Incoming email works fine:
Apr 6 16:21:02 pandora postfix/cleanup[11896]: 26B8B2942A5: hold: header Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35])??by pandora.userid.org (Postfix) with ESMTP id 26B8B2942A5??for <pierre@userid.org>; Mon, 6 Apr 2009 16:21:02 -0400 (EDT) from mx2.freebsd.org[2001:4f8:fff6::35]; from=<owner-freebsd-questions@freebsd.org> to=<pierre@userid.org> proto=ESMTP helo=<mx2.freebsd.org>
Apr 6 16:26:09 pandora postfix/cleanup[23706]: BFA7B2942A5: hold: header Received: from s0.nanog.org (s0.nanog.org [IPv6:2001:48a8:6880:95::20])??(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))??(No client certificate requested)??by pandora.userid.org (Postfix) from s0.nanog.org[2001:48a8:6880:95::20]; from=<nanog-bounces+pierre=userid.org@nanog.org> to=<pierre@userid.org> proto=ESMTP helo=<s0.nanog.org>
If you download the Firefox extension ShowIP you will find quite a few websites are enabled for v6. Thunderbird can also use v6 with no issues as far as I can tell. Firefox can use v6 proxies.
Aside from Mail and Web I have not had the chance to find or use many other services with v6.
Pierre
Google IPv6 + New DNS Config
Shadow Hawkins on Thursday, 02 April 2009 22:18:42
I'd never noticed that zone specific forwarders were possible :)
Unfortunately I can't get a reply out of any of the sixxs.net servers
dig @nscache.eu.sixxs.net AAAA www.google.com
; <<>> DiG 9.5.1-P1 <<>> @nscache.eu.sixxs.net AAAA www.google.com
; (6 servers found)
;; global options: printcmd
;; connection timed out; no servers could be reached
Google IPv6 + New DNS Config
Jeroen Massar on Thursday, 02 April 2009 22:32:19
What is your source address? (Aka show the full output of the dig command)
Google IPv6 + New DNS Config
Shadow Hawkins on Thursday, 02 April 2009 22:57:55
That is the full output. dig +all shows the same result.
Google IPv6 + New DNS Config
Shadow Hawkins on Thursday, 02 April 2009 23:27:39
Actually I've just noticed I get no reply from any IPv6 enabled DNS server apart from my own local one. Investigations are afoot.
Google IPv6 + New DNS Config
Shadow Hawkins on Friday, 03 April 2009 00:12:53
Aaaargh. My router runs OpenWRT Kamikaze with a 2.4 kernel due to space and wifi considerations and therefore ip6tables doesn't keep state.
I should read my logfiles more often.
Google IPv6 + New DNS Config
Shadow Hawkins on Friday, 03 April 2009 00:44:22
Yay. :)
dig -b ::#53 @nscache.eu.sixxs.net www.google.co.uk AAAA
; <<>> DiG 9.5.1-P1 <<>> -6 -b ::#53 @nscache.eu.sixxs.net www.google.co.uk AAAA
; (6 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20900
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.co.uk.INAAAA
;; ANSWER SECTION:
www.google.co.uk.336143INCNAMEwww.google.com.
www.google.com.597768INCNAMEwww.l.google.com.
www.l.google.com.211INAAAA2001:4860:a005::68
;; Query time: 42 msec
;; SERVER: 2001:7b8:3:4f:202:b3ff:fe46:bec#53(2001:7b8:3:4f:202:b3ff:fe46:bec)
;; WHEN: Thu Apr 2 23:34:09 2009
;; MSG SIZE rcvd: 110
Google IPv6 + New DNS Config
Shadow Hawkins on Friday, 03 April 2009 01:13:55
:) same here. It took me a while before I realized the inbound responses were blocked (white russian)
Google IPv6 + New DNS Config
Jeroen Massar on Thursday, 02 April 2009 22:34:16
Although this has a nice hack-factor, this domain-specific forwarding breaks
for example www.gmail.com AAAA responses (you'll note that there are quite a few non-obvious domains out there). Moreover, currently www.google.cctld is a CNAME for www.google.com, but this is volatile, and could change without your knowledge, after which www.google.nl (my favorite domain) will stop handing out AAAA records.
As such, we (SixXS) recommend <i>against</i> such configuration setups.
It is your network of course, thus there is not much we can do about you misconfiguring it like that.
Google IPv6 + New DNS Config
Shadow Hawkins on Friday, 03 April 2009 07:33:59
(I run the same config as specifed above)
And the alternative is then to use the Sixxs resolver for all DNS lookups?
Cheers,
/Joakim
Google IPv6 + New DNS Config
Shadow Hawkins on Friday, 10 April 2009 21:50:31
I am running Ubuntu 8.0.4 as my IPv6 router for the IPv6 subnet. I am trying to setup my IPv6 subnet to access www.google.com using the AAAA record.
I don't run the nameserver and I have the stub resolver. Here is what my resolv.conf looks like:
search gateway.2wire.net
nameserver 2001:4de0:1000:a4::2
nameserver 2001:4de0:1000:a3::2
nameserver 192.168.1.254
The nameserver 192.168.1.254 happens to be my 2wire vdsl model with NAT.
I can dig www.google.com AAAA and here is what I get
; <<>> DiG 9.4.2-P1 <<>> www.google.com AAAA
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6475
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com.INAAAA
;; ANSWER SECTION:
www.google.com.449561INCNAMEwww.l.google.com.
www.l.google.com.274INAAAA2001:4860:b002::68
;; Query time: 167 msec
;; SERVER: 2001:4de0:1000:a4::2#53(2001:4de0:1000:a4::2)
;; WHEN: Fri Apr 10 12:48:48 2009
;; MSG SIZE rcvd: 80
But when I try to access www.google.com it is accessing its IPv4 address (the logo does not dance).
any suggestions?
Google IPv6 + New DNS Config
Shadow Hawkins on Friday, 10 April 2009 22:24:16
http://ipv6.google.com
or hack your resolv.conf to point to the ipv6 addresses of google.
Google IPv6 + New DNS Config
Shadow Hawkins on Friday, 10 April 2009 22:25:05
sorry, /etc/hosts not /etc/resolv.conf
Google IPv6 + New DNS Config
Shadow Hawkins on Friday, 10 April 2009 22:35:57
Thanks for the response. I can get to ipv6.google.com fine but that is not my concern.
I want to get AAAA records served for my dns queries for www.google.com. Now that the sixxs folks have gotten on the whitelist of the google domain administrators to get the AAAA records, I wanted to point my resolver to the nscache.us.sixxs.net (as I explain above in the post) to surf natively on ipv6 while using www.google.com.
I don't want to use /etc/hosts as that would interfere by using stale entries if and when google decides to server out different v6 addresses for queries.
Google IPv6 + New DNS Config
Shadow Hawkins on Saturday, 11 April 2009 00:31:15
Seems like I have managed to fix my resolvers to point to the sixxs.net dns cachs in the us.
Here is what I get for dig:
; <<>> DiG 9.4.2-P1 <<>> www.google.com AAAA
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63993
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com.INAAAA
;; ANSWER SECTION:
www.google.com.445668INCNAMEwww.l.google.com.
www.l.google.com.192INAAAA2001:4860:b002::68
;; Query time: 143 msec
;; SERVER: 2001:4de0:1000:a3::2#53(2001:4de0:1000:a3::2)
;; WHEN: Fri Apr 10 15:27:55 2009
;; MSG SIZE rcvd: 80
Now, when I reach www.google.com, I don't see the dancing logo instead I see a slightly different Google logo than the IPv4 site. In the IPv6 version, I see "English" under the Google logo. I thought I was supposed to be seeing a dancing logo! Did something change?
Google IPv6 + New DNS Config
Shadow Hawkins on Sunday, 12 April 2009 00:38:22
You are most likely doing everything correctly, but you can NOT rely on the bouncing google logo to determine accurately if you are using IPv6 to connect to google. This "bouncing google" only works for the domain name "ipv6.google.com", and not for "www.google.com" (although this is subject to change at google's whim).
A much more authoritative mechanism is to use the netstat utility to look for the destination address in question.
using Ubuntu, try:
netstat -6 | grep -e http -e www
using Windows, try:
netstat -p tcpv6
using FreeBSD, try:
netstat -W -f inet6 | grep http
There are of course other ways (such as using wireshark or tcpdump), and is of course subject to personal preference.
Good Luck.
-_Dave
Google IPv6 + New DNS Config
Shadow Hawkins on Sunday, 12 April 2009 09:57:11
I was under the impression that google logo danced when you reached it over the ipv6 network (even for www.google.com). But looks like they wanted to preserve the look and feel of their wwww.google.com and reserved the dancing logo only for ipv6.google.com.
Thanks
Posting is only allowed when you are logged in. |