Mailing List Archive: Cisco: NSP

IPv6 domain reply Cisco 6509 IPv4 address

Index | Next | Previous | View Threaded

clane1875 at gmail

Aug 16, 2012, 6:41 AM

Post #1 of 10 (770 views)
Permalink

IPv6 domain reply Cisco 6509 IPv4 address

We do not run IPv6 currently from this site, ipv6 is not enabled on box.
when i ping google.com i get the following response.
ping google.com
Translating "google.com"...domain server (64.17.248.2) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:4860:4001:800::100E, timeout is 2
seconds:

% No valid source address for destination

Rev is:
s72033-advipservicesk9_wan-mz.122-33.SXH7.bin
and also for further IPV6 analysis:
sh ipv6 int
LI-Null0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::218:74FF:FE16:D180
No global unicast address is configured
Joined group address(es):
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is not supported
ND reachable time is 30000 milliseconds

Ran this by a friend yesterday who also found this strange behavior and at
quick glance couldn't find any bugs related to rev.

Just wondering if anyone else sees this behavior?

Thanks

--
//CL
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

chuckchurch at gmail

Aug 16, 2012, 7:09 AM

Post #2 of 10 (750 views)
Permalink

Re: IPv6 domain reply Cisco 6509 IPv4 address [In reply to]

Weird. I'm just starting to play around with Juniper stuff now, and noticed
pretty much the same behavior. Configured a v4 DNS server, but a lookup
resulted in a V6 address trying to be used. Don't have V6 enabled anywhere,
routing table was empty. Figured it was some knob I'm not familiar with in
JunOS. Didn't get to wiresharking it, but similar. Would a device be silly
enough to request an AAAA record out a v4 only interface? Would a DNS
server ever hand out an AAAA for a v4 request (perhaps NAT64/DNS64
intercepting somewhere?)

Chuck

-----Original Message-----
From: cisco-nsp-bounces [at] puck
[mailto:cisco-nsp-bounces [at] puck] On Behalf Of Chris Lane
Sent: Thursday, August 16, 2012 9:41 AM
To: cisco-nsp [at] puck
Subject: [c-nsp] IPv6 domain reply Cisco 6509 IPv4 address

We do not run IPv6 currently from this site, ipv6 is not enabled on box.
when i ping google.com i get the following response.
ping google.com
Translating "google.com"...domain server (64.17.248.2) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:4860:4001:800::100E, timeout is 2
seconds:

% No valid source address for destination

Rev is:
s72033-advipservicesk9_wan-mz.122-33.SXH7.bin
and also for further IPV6 analysis:
sh ipv6 int
LI-Null0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::218:74FF:FE16:D180
No global unicast address is configured
Joined group address(es):
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is not supported
ND reachable time is 30000 milliseconds

Ran this by a friend yesterday who also found this strange behavior and at
quick glance couldn't find any bugs related to rev.

Just wondering if anyone else sees this behavior?

Thanks

--
//CL
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

oliver at g

Aug 16, 2012, 7:21 AM

Post #3 of 10 (744 views)
Permalink

Re: IPv6 domain reply Cisco 6509 IPv4 address [In reply to]

DNS can definitely return AAAA records over IPv4 (or A records over IPv6).
The type of DNS records returned is completely independent of the L3
protocol the request uses. It doesn't make sense to me though why the box
would use a AAAA result when it has no IPv6 interfaces.

Oliver

On Thu, Aug 16, 2012 at 10:09 AM, Chuck Church <chuckchurch [at] gmail>wrote:

> Weird. I'm just starting to play around with Juniper stuff now, and
> noticed
> pretty much the same behavior. Configured a v4 DNS server, but a lookup
> resulted in a V6 address trying to be used. Don't have V6 enabled
> anywhere,
> routing table was empty. Figured it was some knob I'm not familiar with in
> JunOS. Didn't get to wiresharking it, but similar. Would a device be
> silly
> enough to request an AAAA record out a v4 only interface? Would a DNS
> server ever hand out an AAAA for a v4 request (perhaps NAT64/DNS64
> intercepting somewhere?)
>
> Chuck
>
> -----Original Message-----
> From: cisco-nsp-bounces [at] puck
> [mailto:cisco-nsp-bounces [at] puck] On Behalf Of Chris Lane
> Sent: Thursday, August 16, 2012 9:41 AM
> To: cisco-nsp [at] puck
> Subject: [c-nsp] IPv6 domain reply Cisco 6509 IPv4 address
>
> We do not run IPv6 currently from this site, ipv6 is not enabled on box.
> when i ping google.com i get the following response.
> ping google.com
> Translating "google.com"...domain server (64.17.248.2) [OK]
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 2001:4860:4001:800::100E, timeout is 2
> seconds:
>
> % No valid source address for destination
>
> Rev is:
> s72033-advipservicesk9_wan-mz.122-33.SXH7.bin
> and also for further IPV6 analysis:
> sh ipv6 int
> LI-Null0 is up, line protocol is up
> IPv6 is enabled, link-local address is FE80::218:74FF:FE16:D180
> No global unicast address is configured
> Joined group address(es):
> MTU is 1500 bytes
> ICMP error messages limited to one every 100 milliseconds
> ICMP redirects are enabled
> ND DAD is not supported
> ND reachable time is 30000 milliseconds
>
> Ran this by a friend yesterday who also found this strange behavior and at
> quick glance couldn't find any bugs related to rev.
>
>
> Just wondering if anyone else sees this behavior?
>
> Thanks
>
> --
> //CL
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

gert at greenie

Aug 16, 2012, 7:42 AM

Post #4 of 10 (747 views)
Permalink

Re: IPv6 domain reply Cisco 6509 IPv4 address [In reply to]

Hi,

On Thu, Aug 16, 2012 at 10:09:15AM -0400, Chuck Church wrote:
> Weird. I'm just starting to play around with Juniper stuff now, and noticed
> pretty much the same behavior. Configured a v4 DNS server, but a lookup
> resulted in a V6 address trying to be used. Don't have V6 enabled anywhere,
> routing table was empty. Figured it was some knob I'm not familiar with in
> JunOS. Didn't get to wiresharking it, but similar. Would a device be silly
> enough to request an AAAA record out a v4 only interface? Would a DNS
> server ever hand out an AAAA for a v4 request (perhaps NAT64/DNS64
> intercepting somewhere?)

DNS transport and DNS content are completely unrelated.

So there's no reason to constrain your queries to the transport that you
happen to be using.

(OTOH, the internal resolver library in use here seems to have missed
some discussions that happened over the last 10 years, most notably
"if there is no public IPv6 address on the system, don't ask for IPv6
adresses by default, or if you do, at least prefer IPv4 before IPv6" -
getaddrinfo() with AI_ADDRCONFIG).

gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert [at] greenie
fax: +49-89-35655025 gert [at] net

devon at noved

Aug 16, 2012, 8:39 AM

Post #5 of 10 (738 views)
Permalink

Re: IPv6 domain reply Cisco 6509 IPv4 address [In reply to]

On 16-Aug-12 9:41 AM, Chris Lane wrote:
> We do not run IPv6 currently from this site, ipv6 is not enabled on
> box. when i ping google.com i get the following response. ping
> google.com Translating "google.com"...domain server (64.17.248.2)
> [OK]
>
> Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to
> 2001:4860:4001:800::100E, timeout is 2 seconds:
>
> % No valid source address for destination
>
> Rev is: s72033-advipservicesk9_wan-mz.122-33.SXH7.bin and also for
> further IPV6 analysis: sh ipv6 int LI-Null0 is up, line protocol is
> up IPv6 is enabled, link-local address is FE80::218:74FF:FE16:D180 No
> global unicast address is configured Joined group address(es): MTU is
> 1500 bytes ICMP error messages limited to one every 100 milliseconds
> ICMP redirects are enabled ND DAD is not supported ND reachable time
> is 30000 milliseconds
>
> Ran this by a friend yesterday who also found this strange behavior
> and at quick glance couldn't find any bugs related to rev.
>
>
> Just wondering if anyone else sees this behavior?

I see this on our lab 6500 running 12.2(33)SXI5 with no ipv6 configured.

--
Devon
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

spork at bway

Aug 16, 2012, 12:12 PM

Post #6 of 10 (739 views)
Permalink

Re: IPv6 domain reply Cisco 6509 IPv4 address [In reply to]

On Aug 16, 2012, at 9:41 AM, Chris Lane wrote:

> We do not run IPv6 currently from this site, ipv6 is not enabled on box.
> when i ping google.com i get the following response.
> ping google.com
> Translating "google.com"...domain server (64.17.248.2) [OK]
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 2001:4860:4001:800::100E, timeout is 2
> seconds:
>
> % No valid source address for destination
>
> Rev is:
> s72033-advipservicesk9_wan-mz.122-33.SXH7.bin
> and also for further IPV6 analysis:
> sh ipv6 int
> LI-Null0 is up, line protocol is up
> IPv6 is enabled, link-local address is FE80::218:74FF:FE16:D180
> No global unicast address is configured
> Joined group address(es):
> MTU is 1500 bytes
> ICMP error messages limited to one every 100 milliseconds
> ICMP redirects are enabled
> ND DAD is not supported
> ND reachable time is 30000 milliseconds
>
> Ran this by a friend yesterday who also found this strange behavior and at
> quick glance couldn't find any bugs related to rev.
>
>
> Just wondering if anyone else sees this behavior?

I saw it after enabling a non-routable IPv6 address on a vlan subinterface to do some testing...

12.4(24)T6.

Charles

> Thanks
>
> --
> //CL
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

clane1875 at gmail

Aug 17, 2012, 6:10 AM

Post #7 of 10 (723 views)
Permalink

Re: IPv6 domain reply Cisco 6509 IPv4 address [In reply to]

to follow up, once i added v6 to the router and advertised to my SP,
pinging google.com resolved, but Only via IPv6.
odd this Particular router only listen and responds to google via v6.. Did
they change something?

no other site does this that i can see.

On Thu, Aug 16, 2012 at 3:12 PM, Charles Sprickman <spork [at] bway> wrote:

> On Aug 16, 2012, at 9:41 AM, Chris Lane wrote:
>
> > We do not run IPv6 currently from this site, ipv6 is not enabled on box.
> > when i ping google.com i get the following response.
> > ping google.com
> > Translating "google.com"...domain server (64.17.248.2) [OK]
> >
> > Type escape sequence to abort.
> > Sending 5, 100-byte ICMP Echos to 2001:4860:4001:800::100E, timeout is 2
> > seconds:
> >
> > % No valid source address for destination
> >
> > Rev is:
> > s72033-advipservicesk9_wan-mz.122-33.SXH7.bin
> > and also for further IPV6 analysis:
> > sh ipv6 int
> > LI-Null0 is up, line protocol is up
> > IPv6 is enabled, link-local address is FE80::218:74FF:FE16:D180
> > No global unicast address is configured
> > Joined group address(es):
> > MTU is 1500 bytes
> > ICMP error messages limited to one every 100 milliseconds
> > ICMP redirects are enabled
> > ND DAD is not supported
> > ND reachable time is 30000 milliseconds
> >
> > Ran this by a friend yesterday who also found this strange behavior and
> at
> > quick glance couldn't find any bugs related to rev.
> >
> >
> > Just wondering if anyone else sees this behavior?
>
> I saw it after enabling a non-routable IPv6 address on a vlan subinterface
> to do some testing...
>
> 12.4(24)T6.
>
> Charles
>
> > Thanks
> >
> > --
> > //CL
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp [at] puck
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>

--
//CL
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

chrisccnpspam2 at gmail

Aug 17, 2012, 7:03 AM

Post #8 of 10 (723 views)
Permalink

Re: IPv6 domain reply Cisco 6509 IPv4 address [In reply to]

Google is one of the few who enabled AAAA entries for their main website
pages on the v6 go live day a few months back...

That is why it's doing it. There are some other sites that will be
affected too for you.

Hth.
On Aug 17, 2012 8:19 AM, "Chris Lane" <clane1875 [at] gmail> wrote:

> to follow up, once i added v6 to the router and advertised to my SP,
> pinging google.com resolved, but Only via IPv6.
> odd this Particular router only listen and responds to google via v6.. Did
> they change something?
>
> no other site does this that i can see.
>
> On Thu, Aug 16, 2012 at 3:12 PM, Charles Sprickman <spork [at] bway> wrote:
>
> > On Aug 16, 2012, at 9:41 AM, Chris Lane wrote:
> >
> > > We do not run IPv6 currently from this site, ipv6 is not enabled on
> box.
> > > when i ping google.com i get the following response.
> > > ping google.com
> > > Translating "google.com"...domain server (64.17.248.2) [OK]
> > >
> > > Type escape sequence to abort.
> > > Sending 5, 100-byte ICMP Echos to 2001:4860:4001:800::100E, timeout is
> 2
> > > seconds:
> > >
> > > % No valid source address for destination
> > >
> > > Rev is:
> > > s72033-advipservicesk9_wan-mz.122-33.SXH7.bin
> > > and also for further IPV6 analysis:
> > > sh ipv6 int
> > > LI-Null0 is up, line protocol is up
> > > IPv6 is enabled, link-local address is FE80::218:74FF:FE16:D180
> > > No global unicast address is configured
> > > Joined group address(es):
> > > MTU is 1500 bytes
> > > ICMP error messages limited to one every 100 milliseconds
> > > ICMP redirects are enabled
> > > ND DAD is not supported
> > > ND reachable time is 30000 milliseconds
> > >
> > > Ran this by a friend yesterday who also found this strange behavior and
> > at
> > > quick glance couldn't find any bugs related to rev.
> > >
> > >
> > > Just wondering if anyone else sees this behavior?
> >
> > I saw it after enabling a non-routable IPv6 address on a vlan
> subinterface
> > to do some testing...
> >
> > 12.4(24)T6.
> >
> > Charles
> >
> > > Thanks
> > >
> > > --
> > > //CL
> > > _______________________________________________
> > > cisco-nsp mailing list cisco-nsp [at] puck
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> >
>
>
> --
> //CL
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

jared at puck

Aug 17, 2012, 7:06 AM

Post #9 of 10 (724 views)
Permalink

Re: IPv6 domain reply Cisco 6509 IPv4 address [In reply to]

On Aug 17, 2012, at 9:10 AM, Chris Lane <clane1875 [at] gmail> wrote:

> to follow up, once i added v6 to the router and advertised to my SP,
> pinging google.com resolved, but Only via IPv6.
> odd this Particular router only listen and responds to google via v6.. Did
> they change something?
>
> no other site does this that i can see.

Not really odd, most applications prefer ipv6 over ipv4.

You can do 'ping ip google.com' to force ipv4.

bing, Facebook and others also have ipv6
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

trejrco at gmail

Aug 17, 2012, 8:55 AM

Post #10 of 10 (719 views)
Permalink

Re: IPv6 domain reply Cisco 6509 IPv4 address [In reply to]

On Fri, Aug 17, 2012 at 10:06 AM, Jared Mauch <jared [at] puck> wrote:

>
> On Aug 17, 2012, at 9:10 AM, Chris Lane <clane1875 [at] gmail> wrote:
>
> > to follow up, once i added v6 to the router and advertised to my SP,
> > pinging google.com resolved, but Only via IPv6.
> > odd this Particular router only listen and responds to google via v6..
> Did
> > they change something?
> >
> > no other site does this that i can see.
>
> Not really odd, most applications prefer ipv6 over ipv4.
>

Right; but while "IPv6 > IPv4 (> Auto-tunneled IPv6)" is a great default
behavior*, it should only apply if the node is asking for both IPv6 and
IPv4 address resolution (AAAA and A), and the node should only ask for AAAA
resolution if it (thinks it) has IPv6 connectivity ...

/TJ

** - Happy Eyeballs notwithstanding ...*
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads