Reverse DNS for IPv6 tunnel

Advanced feature discussion, beta programs and unsupported "Labs" features.
12 posts Page 1 of 2
by gutschke » Wed May 29, 2024 5:29 pm
The "Labs" documentation at https://help.sonic.com/hc/en-us/article ... my_tunnel? explains how to set up reverse DNS for IPv6 tunnel connections. That sounds potentially quite useful.

It directs me to send notifications to both mns.sonic.net 64.142.8.20 and dns-notify.sonic.net 64.142.100.92

But neither IP address responds and neither hostname resolves. Is this part of the documentation obsolete? Is there a different way to configure reverse DNS for the tunnel?
by kgc » Thu May 30, 2024 10:02 am
Your fiber service should have native v6 support so setting up a legacy v6 tunnel is really not the best thing to do. That said, the tunnel documentation does look to be out of date - see https://help.sonic.com/hc/en-us/article ... NS-Service
Kelsey Cummings
System Architect, Sonic.net, Inc.
by gutschke » Thu May 30, 2024 1:02 pm
I don't think this is true. I just tried again, and I cannot get either DHCP6 nor RA to give me any IPv6 addresses.

That agrees with what I read in the past, that IPv6 is only rolled out to some subscribers. And if you aren't one of the lucky ones, then the IPv6 tunnel is your only available option.

And of course, even if my account had support for native IPv6 (of preferably for dual-stack operation), that isn't going to get me reverse DNS. Lot's of devices can share the same IPv6 prefix, but they all need different reverse DNS records.
by kgc » Thu May 30, 2024 1:28 pm
100% of our FTTH network is native v6 enabled (except for Southern California). You should be able to get an assignment, I would suggest watching tcpdump on your wan interface to see what's going back and forth.
Kelsey Cummings
System Architect, Sonic.net, Inc.
by gutschke » Fri May 31, 2024 11:17 am
Are you certain about that. Until at least a few months ago, IPv6 wasn't fully rolled out in San Francisco yet. There are reports in the forum of people not being able to use IPv6 in their neighborhoods. The last such posting I found was around end of 2023, but I am not sure whether that means things have changed or people have stopped complaining.

In any case, I just tried enabling IPv6 again, and while I can obviously get a link-local address and even talk to the next hop on Sonic's network, DHCPv6 always tells me NoAddrsAvail. So, I can't get any globally routable addresses. In the meantime, the IPv6 tunnel addresses my immediate needs.

But of course, that still doesn't help with reverse DNS. That's an orthogonal problem.
by kgc » Fri May 31, 2024 11:18 am
Yes, I am certain.
Kelsey Cummings
System Architect, Sonic.net, Inc.
by gutschke » Fri May 31, 2024 11:39 am
Thanks for your quick reply. I guess it's time to call customer service and figure out why I have never been able to get an address allocation from Sonic. Maybe, something is off with the settings for my particular account or maybe there is a previous allocation that I am not even aware of.

Until a few months ago, lack of IPv6 was apparently expected, as my neighborhood wasn't even supposed to have IPv6. But I am glad to hear that it has changed. Now, I only need to figure out, why it still doesn't work for me. It would be nice to retire the tunnel.
by kgc » Fri May 31, 2024 12:00 pm
Can you run tcpdump on your gateway to see what you're getting back (or not) via RA as well as share the config for your device?
Kelsey Cummings
System Architect, Sonic.net, Inc.
by gutschke » Fri May 31, 2024 12:34 pm
In order to simplify this for me, I spun up a system container that is bridged to the same VLAN that my Sonic modem is connected to. This allows me to run tcpdump on the container host. It should capture all IPv6 traffic between the container and the Sonic modem. For simplicity, I filtered out anything that isn't IPv6. Let me know, if you need more data.

This works great for getting an IPv4 address over DHCPv4, but I have never been able to make IPv6 work. On the other hand, I can set up IPv6 over the tunnel just fine.

I use systemd-networkd to configure my network interface:

Code: Select all

[Match]
Name = sonic

[Network]
DHCP = ipv6
MulticastDNS = yes
DNS = 2001:4860:4860::8888
KeepConfiguration = yes
IPv6PrivacyExtensions = no
IPv6AcceptRA = true

[IPv6AcceptRA]
UseDNS = true
UseDomains = true

[Link]
ActivationPolicy = always-up

[DHCPv6]
PrefixDelegationHint=::/56

Code: Select all

12:13:57.957770 bc:24:11:f9:97:e7 (oui Unknown) > 33:33:00:00:00:16 (oui Unknown), ethertype IPv6 (0x86dd), length 90: (hlim 1, next-header Options (0) payload length: 36) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:fff9:97e7 to_ex { }]
12:13:58.131931 bc:24:11:f9:97:e7 (oui Unknown) > 33:33:00:00:00:16 (oui Unknown), ethertype IPv6 (0x86dd), length 90: (hlim 1, next-header Options (0) payload length: 36) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:fff9:97e7 to_ex { }]
12:13:58.483929 bc:24:11:f9:97:e7 (oui Unknown) > 33:33:ff:f9:97:e7 (oui Unknown), ethertype IPv6 (0x86dd), length 86: (hlim 255, next-header ICMPv6 (58) payload length: 32) :: > ff02::1:fff9:97e7: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::be24:11ff:fef9:97e7
          unknown option (14), length 8 (1): 
            0x0000:  6e85 a6fc 072c
12:13:59.507963 bc:24:11:f9:97:e7 (oui Unknown) > 33:33:00:00:00:16 (oui Unknown), ethertype IPv6 (0x86dd), length 90: (hlim 1, next-header Options (0) payload length: 36) fe80::be24:11ff:fef9:97e7 > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:fff9:97e7 to_ex { }]
12:13:59.510958 bc:24:11:f9:97:e7 (oui Unknown) > 33:33:00:00:00:16 (oui Unknown), ethertype IPv6 (0x86dd), length 90: (hlim 1, next-header Options (0) payload length: 36) fe80::be24:11ff:fef9:97e7 > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::fb to_ex { }]
12:13:59.691947 bc:24:11:f9:97:e7 (oui Unknown) > 33:33:00:00:00:16 (oui Unknown), ethertype IPv6 (0x86dd), length 110: (hlim 1, next-header Options (0) payload length: 56) fe80::be24:11ff:fef9:97e7 > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 2 group record(s) [gaddr ff02::fb to_ex { }] [gaddr ff02::1:fff9:97e7 to_ex { }]
12:13:59.694137 bc:24:11:f9:97:e7 (oui Unknown) > 33:33:00:00:00:fb (oui Unknown), ethertype IPv6 (0x86dd), length 130: (flowlabel 0x90d67, hlim 255, next-header UDP (17) payload length: 76) fe80::be24:11ff:fef9:97e7.mdns > ff02::fb.mdns: [bad udp cksum 0x65e1 -> 0x5586!] 0 [1n] ANY (QM)? sonic-experiment.local. ns: sonic-experiment.local. (Cache flush) AAAA fe80::be24:11ff:fef9:97e7 (68)
12:13:59.739971 bc:24:11:f9:97:e7 (oui Unknown) > 33:33:00:00:00:16 (oui Unknown), ethertype IPv6 (0x86dd), length 90: (hlim 1, next-header Options (0) payload length: 36) fe80::be24:11ff:fef9:97e7 > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::fb to_ex { }]
12:14:00.001290 bc:24:11:f9:97:e7 (oui Unknown) > 33:33:00:00:00:fb (oui Unknown), ethertype IPv6 (0x86dd), length 130: (flowlabel 0x90d67, hlim 255, next-header UDP (17) payload length: 76) fe80::be24:11ff:fef9:97e7.mdns > ff02::fb.mdns: [bad udp cksum 0x65e1 -> 0x5586!] 0 [1n] ANY (QM)? sonic-experiment.local. ns: sonic-experiment.local. (Cache flush) AAAA fe80::be24:11ff:fef9:97e7 (68)
12:14:00.501360 bc:24:11:f9:97:e7 (oui Unknown) > 33:33:00:00:00:fb (oui Unknown), ethertype IPv6 (0x86dd), length 130: (flowlabel 0x90d67, hlim 255, next-header UDP (17) payload length: 76) fe80::be24:11ff:fef9:97e7.mdns > ff02::fb.mdns: [bad udp cksum 0x65e1 -> 0x5586!] 0 [1n] ANY (QM)? sonic-experiment.local. ns: sonic-experiment.local. (Cache flush) AAAA fe80::be24:11ff:fef9:97e7 (68)
12:14:00.751331 bc:24:11:f9:97:e7 (oui Unknown) > 33:33:00:00:00:02 (oui Unknown), ethertype IPv6 (0x86dd), length 70: (flowlabel 0xa90c3, hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::be24:11ff:fef9:97e7 > ip6-allrouters: [icmp6 sum ok] ICMP6, router solicitation, length 16
          source link-address option (1), length 8 (1): bc:24:11:f9:97:e7
            0x0000:  bc24 11f9 97e7
12:14:00.764237 5c:5e:ab:d4:ca:c0 (oui Unknown) > 33:33:00:00:00:01 (oui Unknown), ethertype IPv6 (0x86dd), length 78: (class 0xc0, hlim 255, next-header ICMPv6 (58) payload length: 24) fe80::5e5e:abff:fed4:cac0 > ip6-allnodes: [icmp6 sum ok] ICMP6, router advertisement, length 24
        hop limit 64, Flags [managed], pref medium, router lifetime 1800s, reachable time 0ms, retrans timer 0ms
          source link-address option (1), length 8 (1): 5c:5e:ab:d4:ca:c0
            0x0000:  5c5e abd4 cac0
12:14:00.764509 bc:24:11:f9:97:e7 (oui Unknown) > 33:33:00:01:00:02 (oui Unknown), ethertype IPv6 (0x86dd), length 146: (flowlabel 0x3fb0f, hlim 1, next-header UDP (17) payload length: 92) fe80::be24:11ff:fef9:97e7.dhcpv6-client > ff02::1:2.dhcpv6-server: [bad udp cksum 0x64f9 -> 0x0069!] dhcp6 solicit (xid=dd7109 (rapid-commit) (IA_NA IAID:1615987890 T1:0 T2:0) (Client-FQDN) (option-request DNS-server DNS-search-list NTP-server SNTP-servers rapid-commit) (client-ID vid 0000ab117496bd62) (elapsed-time 0))
12:14:00.963630 5c:5e:ab:d4:ca:c0 (oui Unknown) > bc:24:11:f9:97:e7 (oui Unknown), ethertype IPv6 (0x86dd), length 245: (class 0xc0, hlim 64, next-header UDP (17) payload length: 191) fe80::5e5e:abff:fed4:cac0.dhcpv6-server > fe80::be24:11ff:fef9:97e7.dhcpv6-client: [udp sum ok] dhcp6 reply (xid=dd7109 (client-ID vid 0000ab117496bd62) (server-ID vid 0000058335633a35) (IA_NA IAID:1615987890 T1:0 T2:0 (IA_ADDR :: pltime:0 vltime:0 (status-code NoAddrsAvail))) (rapid-commit) (DNS-server ns1.sonic.net ns2.sonic.net))
12:14:01.001440 bc:24:11:f9:97:e7 (oui Unknown) > 33:33:00:00:00:fb (oui Unknown), ethertype IPv6 (0x86dd), length 210: (flowlabel 0x90d67, hlim 255, next-header UDP (17) payload length: 156) fe80::be24:11ff:fef9:97e7.mdns > ff02::fb.mdns: [bad udp cksum 0x6631 -> 0xdd3e!] 0*- [0q] 2/0/0 7.e.7.9.9.f.e.f.f.f.1.1.4.2.e.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (Cache flush) PTR sonic-experiment.local., sonic-experiment.local. (Cache flush) AAAA fe80::be24:11ff:fef9:97e7 (148)
12:14:02.101547 bc:24:11:f9:97:e7 (oui Unknown) > 33:33:00:00:00:fb (oui Unknown), ethertype IPv6 (0x86dd), length 210: (flowlabel 0x90d67, hlim 255, next-header UDP (17) payload length: 156) fe80::be24:11ff:fef9:97e7.mdns > ff02::fb.mdns: [bad udp cksum 0x6631 -> 0xdd3e!] 0*- [0q] 2/0/0 7.e.7.9.9.f.e.f.f.f.1.1.4.2.e.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (Cache flush) PTR sonic-experiment.local., sonic-experiment.local. (Cache flush) AAAA fe80::be24:11ff:fef9:97e7 (148)

Attachments

by laniksj » Wed Jun 05, 2024 4:42 pm
For me the IPv6 tunnel was working and I was able to get IPv6 DNS reliably. Not any more sadly. :cry:

Yes I'm in SF and had to disable IPv6 all together.
12 posts Page 1 of 2

Who is online

In total there are 0 users online :: 0 registered, 0 hidden and 0 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: No registered users and 0 guests