[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IPv6 troubleshooting help needed



Andre Felipe Machado scrisse:

> Hello,
> That is it! Thanks a lot!
> I disabled the dns relay function at the Dlink DSL-2640T and now my
> home Debian machine can update using security.debian.org and
> volatile.debian.org that changed to ipv6 addresses some days ago.
> I will submit a bug report to Dlink site.

Good to have it pin-pointed. Just to take notes, which firmware version
is that using? And by the way, Florian's mail already mentioned that
under "most frequent issues".

> But what still really worries me is how to exactly track, prove and
> demonstrate, that the problem at company is some kind of error at dns
> caching. As a country wide, servicing multiple agencies, I guess it
> is using some high end network hardware and some kind of software and
> security infrastructure. I *must* have 100% demonstrable, 100% sure,
> log and or report to submit a ticket to their net/security teams.
> What commands could prove and register the dns caching problem at
> their network? Also, it have layers of ips, ids, routers, swithches,
> firewalls, etc, and something in that setup could also be causing the
> problem. Suggestions?

It may be almost anything in-between, like dns-cacher, firewall, load
balancer, etc... 
https://bugzilla.redhat.com/show_bug.cgi?id=505105 already contains
quite a discrete list of things, including Cisco, Juniper and Foundry
stuff.

You can start comparing a `dig ANY volatile.debian.org` from your
company and from another good-working place, checking for
inconsistencies. If there's a dns wrong-resolution, pinging/reaching it
will reveal an IP not pertaining to a proper repository-hosting
machine. 
Otherwise there could be something weird in routing, which can be
spotted via mtr or traceroute. If you have ipv6 connectivity at company
(ie. a configured v6 route) it may be something different.

But as we've pin-pointed first issue, and the second one looks like
something due to internal network configuration, I think we can move
this discussion away from -project to private, if nobody else
interested (maybe summarising back the result at the end).

Ciao, Luca

-- 
 .''`.  ** Debian GNU/Linux **  | Luca Bruno (kaeso)
: :'  :   The Universal O.S.    | lucab (AT) debian.org
`. `'`  			| GPG Key ID: 3BFB9FB3
  `-     http://www.debian.org 	| Debian GNU/Linux Developer

Attachment: pgpF31MjRLlUl.pgp
Description: PGP signature


Reply to: