Problems getting to Verisign's whois server on IPv6
Anyone else having problems getting to Verisign's whois server on IPv6? $ host com.whois-servers.net com.whois-servers.net is an alias for whois.verisign-grs.com. whois.verisign-grs.com has address 199.7.59.74 whois.verisign-grs.com has IPv6 address 2001:503:3227:1060::74 $ traceroute6 2001:503:3227:1060::74 traceroute6 to 2001:503:3227:1060::74 (2001:503:3227:1060::74) from 2001:470:5:4ed:cabc:c8ff:fea1:560c, 64 hops max, 12 byte packets 1 2001:470:5:4ed:226:bbff:fe6d:426e 0.311 ms 0.374 ms 0.260 ms 2 ipv6oitc-1.tunnel.tserv12.mia1.ipv6.he.net 21.128 ms 21.052 ms 17.389 ms 3 gige-g2-3.core1.mia1.he.net 20.055 ms 16.198 ms 22.699 ms 4 10gigabitethernet4-3.core1.atl1.he.net 40.166 ms 33.887 ms 32.547 ms 5 10gigabitethernet6-4.core1.ash1.he.net 49.821 ms 45.999 ms 52.751 ms 6 2001:504:0:2::2641:1 47.197 ms 46.748 ms 47.289 ms 7 xe-1-2-0.r1.bb-fo.chi2.vrsn.net 65.094 ms xe-0-2-0.r2.bb-fo.chi2.vrsn.net 66.441 ms xe-1-2-0.r1.bb-fo.chi2.vrsn.net 66.320 ms 8 2001:503:3227:14ff::2 66.448 ms 2001:503:3227:13ff::2 101.761 ms 86.864 ms 9 2001:503:3227:13ff::2 69.818 ms !P 2001:503:3227:14ff::2 69.311 ms !P 2001:503:3227:13ff::2 68.662 ms !P
Path is not the same, but the last few replies similarly suggest packet-filters (!X in my case vs. !P). I can get to the whois port (TCP/43): $ telnet -6 2001:503:3227:1060::74 whois Trying 2001:503:3227:1060::74... Connected to 2001:503:3227:1060::74. Escape character is '^]'. Can you? Tony On Tue, May 1, 2012 at 8:01 AM, TR Shaw <tshaw@oitc.com> wrote:
Anyone else having problems getting to Verisign's whois server on IPv6?
$ host com.whois-servers.net com.whois-servers.net is an alias for whois.verisign-grs.com. whois.verisign-grs.com has address 199.7.59.74 whois.verisign-grs.com has IPv6 address 2001:503:3227:1060::74
$ traceroute6 2001:503:3227:1060::74 traceroute6 to 2001:503:3227:1060::74 (2001:503:3227:1060::74) from 2001:470:5:4ed:cabc:c8ff:fea1:560c, 64 hops max, 12 byte packets 1 2001:470:5:4ed:226:bbff:fe6d:426e 0.311 ms 0.374 ms 0.260 ms 2 ipv6oitc-1.tunnel.tserv12.mia1.ipv6.he.net 21.128 ms 21.052 ms 17.389 ms 3 gige-g2-3.core1.mia1.he.net 20.055 ms 16.198 ms 22.699 ms 4 10gigabitethernet4-3.core1.atl1.he.net 40.166 ms 33.887 ms 32.547 ms 5 10gigabitethernet6-4.core1.ash1.he.net 49.821 ms 45.999 ms 52.751 ms 6 2001:504:0:2::2641:1 47.197 ms 46.748 ms 47.289 ms 7 xe-1-2-0.r1.bb-fo.chi2.vrsn.net 65.094 ms xe-0-2-0.r2.bb-fo.chi2.vrsn.net 66.441 ms xe-1-2-0.r1.bb-fo.chi2.vrsn.net 66.320 ms 8 2001:503:3227:14ff::2 66.448 ms 2001:503:3227:13ff::2 101.761 ms 86.864 ms 9 2001:503:3227:13ff::2 69.818 ms !P 2001:503:3227:14ff::2 69.311 ms !P 2001:503:3227:13ff::2 68.662 ms !P
Nope sure can't $ telnet -6 2001:503:3227:1060::74 whois 2001:503:3227:1060::74: nodename nor servname provided, or not known Tom On May 1, 2012, at 8:15 AM, Tony Tauber wrote:
Path is not the same, but the last few replies similarly suggest packet-filters (!X in my case vs. !P). I can get to the whois port (TCP/43):
$ telnet -6 2001:503:3227:1060::74 whois Trying 2001:503:3227:1060::74... Connected to 2001:503:3227:1060::74. Escape character is '^]'.
Can you?
Tony
On Tue, May 1, 2012 at 8:01 AM, TR Shaw <tshaw@oitc.com> wrote: Anyone else having problems getting to Verisign's whois server on IPv6?
$ host com.whois-servers.net com.whois-servers.net is an alias for whois.verisign-grs.com. whois.verisign-grs.com has address 199.7.59.74 whois.verisign-grs.com has IPv6 address 2001:503:3227:1060::74
$ traceroute6 2001:503:3227:1060::74 traceroute6 to 2001:503:3227:1060::74 (2001:503:3227:1060::74) from 2001:470:5:4ed:cabc:c8ff:fea1:560c, 64 hops max, 12 byte packets 1 2001:470:5:4ed:226:bbff:fe6d:426e 0.311 ms 0.374 ms 0.260 ms 2 ipv6oitc-1.tunnel.tserv12.mia1.ipv6.he.net 21.128 ms 21.052 ms 17.389 ms 3 gige-g2-3.core1.mia1.he.net 20.055 ms 16.198 ms 22.699 ms 4 10gigabitethernet4-3.core1.atl1.he.net 40.166 ms 33.887 ms 32.547 ms 5 10gigabitethernet6-4.core1.ash1.he.net 49.821 ms 45.999 ms 52.751 ms 6 2001:504:0:2::2641:1 47.197 ms 46.748 ms 47.289 ms 7 xe-1-2-0.r1.bb-fo.chi2.vrsn.net 65.094 ms xe-0-2-0.r2.bb-fo.chi2.vrsn.net 66.441 ms xe-1-2-0.r1.bb-fo.chi2.vrsn.net 66.320 ms 8 2001:503:3227:14ff::2 66.448 ms 2001:503:3227:13ff::2 101.761 ms 86.864 ms 9 2001:503:3227:13ff::2 69.818 ms !P 2001:503:3227:14ff::2 69.311 ms !P 2001:503:3227:13ff::2 68.662 ms !P
Seems to work for me.... mps31@lonsgnsu1:~$ telnet -6 2001:503:3227:1060::74 whois Trying 2001:503:3227:1060::74... Connected to 2001:503:3227:1060::74. Escape character is '^]'. mps31@lonsgnsu1:~$ whois -h 2001:503:3227:1060::74 =verisign.com Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: VERISIGN.COM Registrar: NETWORK SOLUTIONS, LLC. Whois Server: whois.networksolutions.com Referral URL: http://www.networksolutions.com/en_US/ Name Server: A2.NSTLD.COM Name Server: C2.NSTLD.NET Name Server: D2.NSTLD.NET Name Server: E2.NSTLD.NET Name Server: F2.NSTLD.COM Name Server: G2.NSTLD.COM Name Server: H2.NSTLD.NET Name Server: J2.NSTLD.NET Name Server: K2.NSTLD.NET Name Server: L2.NSTLD.COM Name Server: M2.NSTLD.NET Status: clientTransferProhibited Status: serverDeleteProhibited Status: serverTransferProhibited Status: serverUpdateProhibited Updated Date: 14-apr-2011 Creation Date: 02-jun-1995 Expiration Date: 01-jun-2012
Last update of whois database: Tue, 01 May 2012 12:29:12 UTC <<<
Mike Simkins ▪ Senior Network Engineer , Operations Engineering ▪ SunGard Availability Services ▪ 25 Canada Square, London E14 5LQ -----Original Message----- From: TR Shaw [mailto:tshaw@oitc.com] Sent: 01 May 2012 13:23 To: Tony Tauber Cc: NANOG list Subject: Re: Problems getting to Verisign's whois server on IPv6 Nope sure can't $ telnet -6 2001:503:3227:1060::74 whois 2001:503:3227:1060::74: nodename nor servname provided, or not known Tom On May 1, 2012, at 8:15 AM, Tony Tauber wrote:
Path is not the same, but the last few replies similarly suggest packet-filters (!X in my case vs. !P). I can get to the whois port (TCP/43):
$ telnet -6 2001:503:3227:1060::74 whois Trying 2001:503:3227:1060::74... Connected to 2001:503:3227:1060::74. Escape character is '^]'.
Can you?
Tony
On Tue, May 1, 2012 at 8:01 AM, TR Shaw <tshaw@oitc.com> wrote: Anyone else having problems getting to Verisign's whois server on IPv6?
$ host com.whois-servers.net com.whois-servers.net is an alias for whois.verisign-grs.com. whois.verisign-grs.com has address 199.7.59.74 whois.verisign-grs.com has IPv6 address 2001:503:3227:1060::74
$ traceroute6 2001:503:3227:1060::74 traceroute6 to 2001:503:3227:1060::74 (2001:503:3227:1060::74) from 2001:470:5:4ed:cabc:c8ff:fea1:560c, 64 hops max, 12 byte packets 1 2001:470:5:4ed:226:bbff:fe6d:426e 0.311 ms 0.374 ms 0.260 ms 2 ipv6oitc-1.tunnel.tserv12.mia1.ipv6.he.net 21.128 ms 21.052 ms 17.389 ms 3 gige-g2-3.core1.mia1.he.net 20.055 ms 16.198 ms 22.699 ms 4 10gigabitethernet4-3.core1.atl1.he.net 40.166 ms 33.887 ms 32.547 ms 5 10gigabitethernet6-4.core1.ash1.he.net 49.821 ms 45.999 ms 52.751 ms 6 2001:504:0:2::2641:1 47.197 ms 46.748 ms 47.289 ms 7 xe-1-2-0.r1.bb-fo.chi2.vrsn.net 65.094 ms xe-0-2-0.r2.bb-fo.chi2.vrsn.net 66.441 ms xe-1-2-0.r1.bb-fo.chi2.vrsn.net 66.320 ms 8 2001:503:3227:14ff::2 66.448 ms 2001:503:3227:13ff::2 101.761 ms 86.864 ms 9 2001:503:3227:13ff::2 69.818 ms !P 2001:503:3227:14ff::2 69.311 ms !P 2001:503:3227:13ff::2 68.662 ms !P
This looks to be more of an application issue for you. The rest seems to work for me: puck:~$ whois -h 2001:503:ff39:1060::74 verisign-grs.com [Querying 2001:503:ff39:1060::74] [2001:503:ff39:1060::74] Whois Server Version 2.0 ... - Jared On May 1, 2012, at 8:23 AM, TR Shaw wrote:
Nope sure can't
$ telnet -6 2001:503:3227:1060::74 whois 2001:503:3227:1060::74: nodename nor servname provided, or not known
Tom
On May 1, 2012, at 8:15 AM, Tony Tauber wrote:
Path is not the same, but the last few replies similarly suggest packet-filters (!X in my case vs. !P). I can get to the whois port (TCP/43):
$ telnet -6 2001:503:3227:1060::74 whois Trying 2001:503:3227:1060::74... Connected to 2001:503:3227:1060::74. Escape character is '^]'.
Can you?
Tony
On Tue, May 1, 2012 at 8:01 AM, TR Shaw <tshaw@oitc.com> wrote: Anyone else having problems getting to Verisign's whois server on IPv6?
$ host com.whois-servers.net com.whois-servers.net is an alias for whois.verisign-grs.com. whois.verisign-grs.com has address 199.7.59.74 whois.verisign-grs.com has IPv6 address 2001:503:3227:1060::74
$ traceroute6 2001:503:3227:1060::74 traceroute6 to 2001:503:3227:1060::74 (2001:503:3227:1060::74) from 2001:470:5:4ed:cabc:c8ff:fea1:560c, 64 hops max, 12 byte packets 1 2001:470:5:4ed:226:bbff:fe6d:426e 0.311 ms 0.374 ms 0.260 ms 2 ipv6oitc-1.tunnel.tserv12.mia1.ipv6.he.net 21.128 ms 21.052 ms 17.389 ms 3 gige-g2-3.core1.mia1.he.net 20.055 ms 16.198 ms 22.699 ms 4 10gigabitethernet4-3.core1.atl1.he.net 40.166 ms 33.887 ms 32.547 ms 5 10gigabitethernet6-4.core1.ash1.he.net 49.821 ms 45.999 ms 52.751 ms 6 2001:504:0:2::2641:1 47.197 ms 46.748 ms 47.289 ms 7 xe-1-2-0.r1.bb-fo.chi2.vrsn.net 65.094 ms xe-0-2-0.r2.bb-fo.chi2.vrsn.net 66.441 ms xe-1-2-0.r1.bb-fo.chi2.vrsn.net 66.320 ms 8 2001:503:3227:14ff::2 66.448 ms 2001:503:3227:13ff::2 101.761 ms 86.864 ms 9 2001:503:3227:13ff::2 69.818 ms !P 2001:503:3227:14ff::2 69.311 ms !P 2001:503:3227:13ff::2 68.662 ms !P
Anyone else having problems getting to Verisign's whois server on IPv6? whois -h 2001:503:ff39:1060::74 verisign-grs.com works for me. jaap
On Tue, 2012-05-01 at 08:01 -0400, TR Shaw wrote:
Anyone else having problems getting to Verisign's whois server on IPv6?
Testing it using the NLNOG ring (https://ring.nlnog.net) shows that 3 nodes have routing issues, 92 have no problems reaching Verisign's whois server on IPv6. So there might be some routing issues. Here's a (tad too crowded) graph showing the traceroutes from all ring nodes: https://ring.nlnog.net/paste/p/pqux9kxpzhytnnmx Regards, Teun
On Tue, May 1, 2012 at 8:59 AM, Teun Vink <teun@teun.tv> wrote:
On Tue, 2012-05-01 at 08:01 -0400, TR Shaw wrote:
Anyone else having problems getting to Verisign's whois server on IPv6?
Testing it using the NLNOG ring (https://ring.nlnog.net) shows that 3 nodes have routing issues, 92 have no problems reaching Verisign's whois server on IPv6. So there might be some routing issues.
Here's a (tad too crowded) graph showing the traceroutes from all ring nodes: https://ring.nlnog.net/paste/p/pqux9kxpzhytnnmx
mtu problems perhaps? (I get a connect, but nothing after the initial banner ... -chris
The server doesn't do PMTUD properly. Verisign were informed of this a while back. How hard is it to let ICMPv6 PTB in so that PMTUD works? % whois -h 2001:503:3227:1060::74 example.com Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. [stalls here forever] The message is sent in 3 packet and you see packet 1 and 3, 2 is lost and despite selective acks it is never seen. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On Tue, May 1, 2012 at 7:25 PM, Mark Andrews <marka@isc.org> wrote:
The server doesn't do PMTUD properly. Verisign were informed of this a while back. How hard is it to let ICMPv6 PTB in so that PMTUD works?
% whois -h 2001:503:3227:1060::74 example.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. [stalls here forever]
The message is sent in 3 packet and you see packet 1 and 3, 2 is lost and despite selective acks it is never seen.
that appears to be the case :( setting MSS to 1420 seems to work for me (at home, on a janky tunneled setup, because you know... ipv6 is 'hard' for vz to do :( ) -chris
participants (8)
-
Christopher Morrow -
Jaap Akkerhuis -
Jared Mauch -
Mark Andrews -
Mike Simkins -
Teun Vink -
Tony Tauber -
TR Shaw