Hi all,
today I've got the following e-mail:
Sehr geehrte Damen und Herren,
die Änderung der Nameserver für <yourdomain>.ch kann nicht durchgeführt werden, da die Registry für .ch-Domains keine Gluerecords im Format <hostname>/<ipv6> akzeptiert! Sie können also nur eine IPv4 Adresse angeben.
Für weitere Fragen stehen wir Ihnen gerne zur Verfügung!
Ihr easyname.com Team
All I want to do is to run my own IPv6-only nameserver, using my domain name. Are such things common in Switzerland? Isn't there a general requirement in place for the .ch registry to support IPv6 as well as IPv4? How many .ch registries are there? (I would have thought 1...)
I'm no DNS guru, so can anyone please shed some light on how such things are possible in 2014? (I would have thought, that at least the DNS system is fully v6 capable).
Cheers,
Mat
Hi Mattia
I think you're confusing Registries with Registrars. There is indeed only one Registry, SWITCH.
But there are many Registrars (See [1] for the officially recognized ones).
SWITCH accepts IPv6 only Nameservers (we do IPv6 since many years) and all interfaces accept the respective commands.
To me it seems that your Registrar cannot handle IPv6 properly.
Best regards Serge
[1] https://www.nic.ch/reg/cm/wcm-page/partnerlist/partnerlist.jsp?lid=en
On 22.1.14 15:45 , Mattia Rossi wrote:
Hi all,
today I've got the following e-mail:
Sehr geehrte Damen und Herren,
die Änderung der Nameserver für <yourdomain>.ch kann nicht durchgeführt werden, da die Registry für .ch-Domains keine Gluerecords im Format <hostname>/<ipv6> akzeptiert! Sie können also nur eine IPv4 Adresse angeben.
Für weitere Fragen stehen wir Ihnen gerne zur Verfügung!
Ihr easyname.com Team
All I want to do is to run my own IPv6-only nameserver, using my domain name. Are such things common in Switzerland? Isn't there a general requirement in place for the .ch registry to support IPv6 as well as IPv4? How many .ch registries are there? (I would have thought 1...)
I'm no DNS guru, so can anyone please shed some light on how such things are possible in 2014? (I would have thought, that at least the DNS system is fully v6 capable).
Cheers,
Mat
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Hi Serge,
thanks for your timely reply. I do have indeed sometimes a bit of a hard time of understanding who's a Registrar and who's a Registry. But it doesn't really matter, as easyname.com simply blamed you instead of taking responsibility for their mistakes.
They do in fact have AAAA entries and IPv6 connectivity to their first nameserver (ns1.easyname.com), but if you try to look up anythin using that IPv6 address, it won't work. (see my reply to the list) I guess their DNS server is not listening on the IPv6 address.
I don't know why that should affect the ability of putting glue entries into your system though? They should be out of the loop once that happens, shouldn't they?
Cheers,
Mat
Am 22.01.2014 16:27, schrieb Serge Droz:
Hi Mattia
I think you're confusing Registries with Registrars. There is indeed only one Registry, SWITCH.
But there are many Registrars (See [1] for the officially recognized ones).
SWITCH accepts IPv6 only Nameservers (we do IPv6 since many years) and all interfaces accept the respective commands.
To me it seems that your Registrar cannot handle IPv6 properly.
Best regards Serge
[1] https://www.nic.ch/reg/cm/wcm-page/partnerlist/partnerlist.jsp?lid=en
On 22.1.14 15:45 , Mattia Rossi wrote:
Hi all,
today I've got the following e-mail:
Sehr geehrte Damen und Herren,
die Änderung der Nameserver für <yourdomain>.ch kann nicht durchgeführt werden, da die Registry für .ch-Domains keine Gluerecords im Format <hostname>/<ipv6> akzeptiert! Sie können also nur eine IPv4 Adresse angeben.
Für weitere Fragen stehen wir Ihnen gerne zur Verfügung!
Ihr easyname.com Team
All I want to do is to run my own IPv6-only nameserver, using my domain name. Are such things common in Switzerland? Isn't there a general requirement in place for the .ch registry to support IPv6 as well as IPv4? How many .ch registries are there? (I would have thought 1...)
I'm no DNS guru, so can anyone please shed some light on how such things are possible in 2014? (I would have thought, that at least the DNS system is fully v6 capable).
Cheers,
Mat
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Hi Mat,
On 01/22/2014 03:45 PM, Mattia Rossi wrote:
I'm no DNS guru, so can anyone please shed some light on how such things are possible in 2014? (I would have thought, that at least the DNS system is fully v6 capable).
you probably want to switch to a different registrar. IPv6 glues for .ch are possible and have been supported for years...
Regards
André
Hi Andre,
thanks for the Feedback. I've suspected that this would be the case. Although I don't understand why it shouldn't work, as they're actually doing v6:
dig AAAA ns1.easyname.com
; <<>> DiG 9.9.4 <<>> AAAA ns1.easyname.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45086 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4000 ;; QUESTION SECTION: ;ns1.easyname.com. IN AAAA
;; ANSWER SECTION: ns1.easyname.com. 3600 IN AAAA 2a02:1b8:ea59::2
;; Query time: 53 msec ;; SERVER: 195.186.1.162#53(195.186.1.162) ;; WHEN: Wed Jan 22 16:45:04 CET 2014 ;; MSG SIZE rcvd: 73
and
ping6 ns1.easyname.com PING ns1.easyname.com(ns1.easyname.eu) 56 data bytes 64 bytes from ns1.easyname.eu: icmp_seq=1 ttl=54 time=57.8 ms 64 bytes from ns1.easyname.eu: icmp_seq=2 ttl=54 time=59.3 ms
And most of all, if the glue is with nic.ch they should be out of the loop anyways?
But now I think i found the issue:
dig AAAA ns1.easyname.com
<snip>
;; ANSWER SECTION: ns1.easyname.com. 3501 IN AAAA 2a02:1b8:ea59::2
;; Query time: 30 msec ;; SERVER: 195.186.1.162#53(195.186.1.162) <snap>
Query goes via v4 and works
but:
dig AAAA ns1.easyname.com @2a02:1b8:ea59::2
<snip>
;; QUESTION SECTION: ;ns1.easyname.com. IN AAAA
;; Query time: 60 msec ;; SERVER: 2a02:1b8:ea59::2#53(2a02:1b8:ea59::2) <snap>
Query via v6 doesn't work - guess the server is not listening on v6
DOH...
Cheers,
Mat
Am 22.01.2014 16:28, schrieb Andre Keller:
Hi Mat,
On 01/22/2014 03:45 PM, Mattia Rossi wrote:
I'm no DNS guru, so can anyone please shed some light on how such things are possible in 2014? (I would have thought, that at least the DNS system is fully v6 capable).
you probably want to switch to a different registrar. IPv6 glues for .ch are possible and have been supported for years...
Regards
André
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Hi Mat,
On 01/22/2014 04:56 PM, Mattia Rossi wrote:
thanks for the Feedback. I've suspected that this would be the case. Although I don't understand why it shouldn't work, as they're actually doing v6:
...
Query via v6 doesn't work - guess the server is not listening on v6
Well this has absolutely nothing todo with the glue issue. Glue records are maintained directly on the registry (nic.ch) dns servers. You registrar is taking your NS/GLUE records and forwards them to the registry using a protocol such as EPP (maybe Serge can elaborate on the specifics if you are interested).
If your registrar says nic.ch does not support IPv6 glue, they actually should tell you they did not implement the full feature set provided by nic.ch over this interface, or they simple do not expose this options in their management console.
hth André
Hi Andre,
thanks for the info. I've actually thought, that if nic.ch would get my nameserver coordinates, the registrar would be out of the loop.
I've looked up EPP quickly on Wikipedia (http://en.wikipedia.org/wiki/Extensible_Provisioning_Protocol), and can eventually dive deeper reading the RFC's, thanks!
Let's see what the registrar has to say about that :-)
Cheers,
Mat
Am 22.01.2014 17:13, schrieb Andre Keller:
Hi Mat,
On 01/22/2014 04:56 PM, Mattia Rossi wrote:
thanks for the Feedback. I've suspected that this would be the case. Although I don't understand why it shouldn't work, as they're actually doing v6:
...
Query via v6 doesn't work - guess the server is not listening on v6
Well this has absolutely nothing todo with the glue issue. Glue records are maintained directly on the registry (nic.ch) dns servers. You registrar is taking your NS/GLUE records and forwards them to the registry using a protocol such as EPP (maybe Serge can elaborate on the specifics if you are interested).
If your registrar says nic.ch does not support IPv6 glue, they actually should tell you they did not implement the full feature set provided by nic.ch over this interface, or they simple do not expose this options in their management console.
hth André
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
On Wed, 22 Jan 2014 16:56:32 +0100, Mattia Rossi mattia.rossi.mailinglists@gmail.com said:
Query goes via v4 and works
but:
dig AAAA ns1.easyname.com @2a02:1b8:ea59::2
<snip>
;; QUESTION SECTION: ;ns1.easyname.com. IN AAAA
;; Query time: 60 msec ;; SERVER: 2a02:1b8:ea59::2#53(2a02:1b8:ea59::2)
<snap>
Query via v6 doesn't work - guess the server is not listening on v6
But you did get a response, didn't you? So there *is* a server listening :) The response in this case just happens to be a "SERVFAIL", but that's perfectly ok because ns1.easyname.com is not authoritative for the zone easyname.com. That zone is served by
$ dig easyname.com. ns +short ns3.nessus.at. ns1.nessus.at. ns2.nessus.at.
But, as someone else pointed out, this is irrelevant for your original question.
Am 23.01.2014 17:17, schrieb gall@switch.ch:
On Wed, 22 Jan 2014 16:56:32 +0100, Mattia Rossi mattia.rossi.mailinglists@gmail.com said:
Query goes via v4 and works but: dig AAAA ns1.easyname.com @2a02:1b8:ea59::2
<snip> ;; QUESTION SECTION: ;ns1.easyname.com. IN AAAA ;; Query time: 60 msec ;; SERVER: 2a02:1b8:ea59::2#53(2a02:1b8:ea59::2) <snap> Query via v6 doesn't work - guess the server is not listening on v6
But you did get a response, didn't you? So there *is* a server listening :) The response in this case just happens to be a "SERVFAIL", but that's perfectly ok because ns1.easyname.com is not authoritative for the zone easyname.com. That zone is served by
$ dig easyname.com. ns +short ns3.nessus.at. ns1.nessus.at. ns2.nessus.at.
But, as someone else pointed out, this is irrelevant for your original question.
Haha, true... it's listening :-) - Ah, it takes some time to get your head wrapped around DNS hierarchies. Anyhow, I've moved my domain to SWITCH and all is good now :-)
Cheers,
Mat
-
Andre Keller -
gall@switch.ch -
Mattia Rossi -
Serge Droz