[ale] {Disarmed} Re: {Disarmed} Fwd: Under Attack, my dns servers

Mon Oct 6 17:39:08 EDT 2014

On Mon, 2014-10-06 at 17:01 -0400, Paul Cartwright wrote:
> On 10/06/2014 04:21 PM, Michael H. Warfield wrote:
> > Ok...  That question makes no sense to me.  I don't pay anyone for my
> > DNS services.  I have my own authoritative servers (masters and slaves)
> > and I use Hurricane Electric's 5 public servers as slaves which then
> > gives me 8 along with my 2 non-public masters feeding my 3 public slaves
> > from which HE slaves from two of them.  You have to have an account with
> > them (the free IPv6 tunnel broker service is sufficient) but it doesn't
> > cost anything unless you exceed 10,000 RR's (Resource Records) in a
> > single (slave) zone and you can have up to 50 (forward + reverse +
> > slave) zones on an account.

> I tried to setup a HE IPv6 tunnel once, but my router didn't handle it.
> Now I am on Uverse, and I'm not sure if this router or AT&T fully
> support IPv6 yet.. maybe next year we will get more into IPv6..

Oh, hell...  Yeah, AT&T Uverse seriously dicked up everything about a
year ago with a round of updates to their Cisco model RG's (Residential
Gateways).  Those gateways do have IPv6 options but are not, in reality,
IPv6 capable yet.  But they DO block protocol 41 (grrr) which fscks up
direct tunnels to HE.  There is a solution and you can get IPv6 from
AT&T over Uverse but you have to really bitch at them and then they'll
replace your Cisco RG with a Motorolla RG (which sucks WAY less than the
Cisco POS) and you can get a /60 IPv6 network (that's 16 IPv6 SLA's /
subnets)...

http://mailman.nanog.org/pipermail/nanog/2013-November/062304.html

I had to switch my link over to running protocol 41 (IPv6) over protocol
50) ESP / IPsec out to my colo to deal with their dainbramaged crap.
Can be done.  Can be a royal PITA depending on provider.

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: This is a digitally signed message part
URL: <http://mail.ale.org/pipermail/ale/attachments/20141006/b9c5078a/attachment.sig>