RandalSchwartz: shutdown -h now turns on "power off" processing
works better in virtualbox, anyway ***: nakano is now known as nakano_
smokey_ has joined #arpnetworks
smokey_ is now known as yekoms
schmir has joined #arpnetworks
LT has joined #arpnetworks
nakano_ is now known as nakano
schmir has quit IRC (Remote host closed the connection)
schmir has joined #arpnetworks
schmir has quit IRC (Remote host closed the connection)
schmir has joined #arpnetworks
ziyourenxiang has joined #arpnetworks
Lefty has quit IRC (Remote host closed the connection)
ziyourenxiang has quit IRC (Quit: ziyourenxiang)
shansa has joined #arpnetworks
shansa has quit IRC (Quit: leaving)
Ehtyar has quit IRC (Remote host closed the connection)
unenana has joined #arpnetworks
unenana has quit IRC (Client Quit)
schmir has quit IRC (Remote host closed the connection)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
schmir has joined #arpnetworks
LT has quit IRC (Quit: Leaving)
schmir has quit IRC (Remote host closed the connection)
schmir has joined #arpnetworks
schmir has quit IRC (Remote host closed the connection)
schmir has joined #arpnetworks
schmir has quit IRC (Remote host closed the connection)
wallshot has joined #arpnetworks wallshot: seems after you hit "professional" level on the he.net ipv6 certs, godaddy dns no longer cuts it
they serve up AAAA records, but they aren't themselves on ipv6 ***: nakano is now known as nakano_ RandalSchwartz: too bad
not ipv6 ready
lots of them aren't
hover.com for example ***: Lefty has joined #arpnetworks wallshot: it's a shame, because it's SO easy to get on ipv6
and bind it to your ns
any company with half a budget shouldn't have a problem with it RandalSchwartz: there's a lot of legacy code, and some people don't understand how close we are, or disagree with it toddf: disagree. muhahahahaha. thats tame. I've had people shout at me that IPv6 is doomed to failure because of its academic qualities and ignorance of the past. (academic qualities = too many options, initially no PI space for companies, etc; ignorance of past = early v4 adopters got grandfathered clauses of royalty free IPv4 PI space; so `ancient' internet gurus have to suddenly fork over $2500 per year for similar in IPv6 land w/no option of multih wallshot: boo hoo toddf: note I'm not one of the early adopters (although had I been cluefull enough at the time I should have been *sigh*) and I ignore the academic fluff that makes life !fun; I get more IP's than I have systems with IPv6 and I can't fork over $1k/mo just to get `justifiable' IPv4 addresses that are not multihomed anyway, so IPv6 looks much better to me the way I run my home and office nets at this point in time ;-)
and $1k/mo would get me 1/4 the bandwidth I currently have .. yay wallshot: well
the same people who horde diamonds and rubies would love to keep hoarding a decreasing supply of ipv4 in increasing demand environment
just keep raising the price
and making money off of not actually doing anything other than shouting "dibs!" first
like domain squatters
i don't see how "we want to control all the spice" is a valid jusitfication for preventing the release of spicev6 toddf: with the internet though it encourages more nat layers. sucks even more. mobile phone operators justify IPv6 with battery life and customer happiness due to no NAT on the firewall so persistent long lived tcp connections vs re-transmitting packets to twiddle the states in an agressively timing out nat firewall .. makes sense to me ;-) wallshot: ooh didn't know the telco argument in favor of ipv6, that's neato
yeah nat is sorta an ugly hack
tho i do consider NAT a major part of my windows security precautions ;) toddf: its not so much "we want to control" from their perspective as it is "if we are to make the transition and even play in the new stuff, how is $2.5k/yr for !equivalent anything but disinsentive?"
let me explain a myth away
NAT does not provide any security
if you have a properly setup firewall wallshot: not "any" security? toddf: which does not permit any packets in only outbound connections you get the same security as NAT with publically numbered windows systems wallshot: you gonna be able to winnuke my 192.168 windows box from the internet?
yes you could do that too toddf: NAT does not in itself provide any security wallshot: though most home routers don't give you shit for control over the firewall toddf: it is the firewall policy that does wallshot: you just said it yourself
NAT has the same effect as certain firewall policy toddf: correct wallshot: obviously you could use firewall instead of nat toddf: at least you acknowledge the two are equivalent wallshot: but my home router doesn't offer me choices about what "firewall enabled" actually means
yes toddf: I've had ``security experts'' literally kick me out of being service provider for $client because they said my plan to publically number windows sytems is stupid and a bad security decision because nat is security blah blah wallshot: i aknowledge it only buys the "no random connections from public internet onto my tcp/139 open widnows machine
pffffff
nat's "security" is like a side effect of the hack to get more ip space RandalSchwartz: apparently, ios v4 is ipv6-ready
v3 isn't though
and AT&T isn't ready everywhere yet toddf: NAT's ``security'' is a side effect of the `optimize for the common scenario' when everyone is using it. there are so many NAT environments that the cookie cutter factories have found that firewalls w/out nat are so uncommon that they just optimize that option out of the equation and make boatloads due to their `simple' little devices ;-(
cisco ios has had IPv6 for a long time, some bigger routers don't do IPv6 in hardware like they do IPv4 hence some big players won't budget
budget RandalSchwartz: you could get exactly what nat is doing for you with a stateful firewall toddf: tmobile has a publically announced IPv6 trial going
comcast has a publically announced IPv6 trail going
I wish cox did, but 1 out of 2 in the US isn't bad .. now I justneed a N900 so I can talk IPv6 from OpenBSD over the tethered connection and I'd be right as rain
randalschwartz: see the top of the discussion, that's what I stated, in different words wallshot: yeah i've used ipf happily for that. haven't dived into pf yet tho :/ toddf: wallshot: you'll be surprised how `simple' pf is ... RandalSchwartz: yeah, I picked up pf in no time
just start simple. ***: shansa has joined #arpnetworks wallshot: i found ipf to be simple after ipfw
no more rule numbers to organize was handy
tho obviously there were pros/cons with that change jpalmer: wallshot: what is your username on he.net's cert thing? wallshot: jprather
i bumped myself up a bit today :)
am on to the add-glue step
course i have no friggin clue wtf glue is so i'm googling a bunch :) jpalmer: I saw, thought that was you.
in your registrar.. it's where you setup a new nameserver for like ns1.yourdomain.com the "glue" is the IP you associate with it. they're looking for an IPv6 record. wallshot: oh
i already ... wait no i used hostnames
i had to use he.net's dns since godaddy's had no ipv6 of its own jpalmer: if you used someone elses DNS servers, you didn't need glue records. wallshot: ns2.he.net through ns5.he.net seem to all be dual stacked jpalmer: yes, but there won't be any glue records for ns?.he.net for your domain. those glue records will only exist for the he.net domain
I guess we should start with a glue record actually does. ;) wallshot: hah i'm sure there's a page that can save you some breath :) jpalmer: lets say I own foo.com, and I want to run my own nameserver.. ns.foo.com
I go tell my registrar "use ns.foo.com" wallshot: right jpalmer: now, someone else comes along.. and they want to resolve "www.foo.com" ***: nakano_ is now known as nakano wallshot: whois tells them it's ns.foo.com's call jpalmer: the TLD nameservers will say "www.foo.com is run by ns.foo.com" but this is where you run into a problem.
if it's looking up the info for foo.com, and your info is HOSTED by the foo.com nameserver, there is nothing to look up, because the server it's tring to use, also houses the record for ns.foo.com wallshot: yes, that's why i avoided going with ns1.mydomain
saw a chicken and egg issue RandalSchwartz: but that's where *glue* comes in :) wallshot: chose to let a turtle lay the chicken egg instead :) jpalmer: the "glue record" is the IP you add to your registrar. it tells all the TLD nameserver "ns.foo.com is over there at 1.2.3.4" RandalSchwartz: registrar provides not only the NS, but also the A/AAAA wallshot: ooooooooh that's handy crap jpalmer: so, to pass this stage, #1) understand the glue record. and #2, go to your registrar.. register a nameserver under your domain, and point it's A and AAAA record (at the registrar) to your nameserver (where you are running BIND or whatnot) wallshot: apparently i cheated and got past it using he.net's nameservers :) jpalmer: doh! wallshot: i r teh sage of uberness
but
i must go look @ th is glue
cuz i don't want my arpnetworks vps to rely on he.net dns jpalmer: well, ok. but, even though you passed it.. take a few minutes to learn and understand glue ;) wallshot: exactly!
yeah this "certification"
isn't un-cheatable by a longshot
tho it's almost as easy to do it right as to cheat, plus those who bother to do it are nerdy enough to care to do it right if they can figure it out prolly :) jpalmer: it's fun.. and it does help some people learn about a few things. which ultimately, is HE's goal. they want people to learn about IPv6.
but the term "certification" is used rather loosly there, IMO :P
so, you got your delegation all strightened out? wallshot: aah host summary i'm guessing
set host and ip address
well
this morning i logged in, and i could resolve one of my ipv6's from my office
an hour later, i couldn't jpalmer: not knowing who your registrar is.. I would say that *sounds* like it's the right ballpark, yes. wallshot: but the guy had just made the change this morning from ip to hostname jpalmer: whats your IPv6 addy again, I'll check wallshot: so maybe crap's bouncing around funny
2607:f2f8:a460::2
dig with +trace was working today while normal resolution was giving "no servers could be reached"
but i haven't added my glue yet :)
i really have no idea if slow propagation, or arp's most recent changes or something else is mucking with me. but that's my fault for changing my mind and requesting ip's then hostnames and crap
actually, the dig with +trace seems to be timing out now, at what should probably be my own NS jpalmer: I made the same mistake. don't fret it. wallshot: arp has now delegated it to ns1.6-for.me
which is resolving for me to ::5
and which i can get nslookup resolutions out of
so i'm not sure why dig seems to timeout tooth: only on +trace? wallshot: on everything
as simple as this does too: host 2607:f2f8:a460::2
but the +trace makes it look like it's fine right up until it should be at my ns tooth: if by chance, you're using djbdns, it doesn't respond well to +trace (took a while of searching to find that one) wallshot: using bind that comes with 8.1 tooth: apparently mr djb thinks it
s some security thing or you shouldnt be doing that, so it's ignored wallshot: nice tooth: or some such wallshot: yeh it seems to get right up to where it's supposed to ask my own nameserver for info and just times out
http://pastebin.ca/1949820
but then something like this works fine: host 2607:f2f8:a460::2 ns1.6-for.me
bloody weird
gonna run across street and grab some food
bbiab jpalmer: wallshot: the +trace was working yesterday, but you didn't have delegation. I think there is a misconfiguration somewhere.
(and if the above is true about djbdns blocking +trace, he's more paranoid than I remember from my qmail days. tooth: https://forum.bytemark.co.uk/comments.php?DiscussionID=1247
THERE it is.
(that was for my own edification as much as anyone else in here, as it's topical for the moment) jpalmer: *nod*
interesting. so you can't use your own NS for troubleshooting. you have to use an outside NS. heh
I ran sendmail for years. then one day I tried qmail. and I was like "damn, this is great" and ran qmail for a few years. then I moved on, and realize how.. not-great it really was. I'm going to venture a guess and say.. djbdns is probably along the same lines. tooth: it's slightly easier
since it's less invovled.
you just kinda set up dns and leave it alone (generally)
and it's tiny. jpalmer: easier, at what cost though. thats my point. qmail was easier.. at (what I see now as) a fairly significant cost. RandalSchwartz: I can't imagine anything being much easier than postfix now
especially if you have anything complex wallshot: <3 postfix
it's what i setup for my ipv6 tests tooth: yeah. also <3 postfix
the advanttages of qmail/djbdns aren't really valid as much anymore. They excell at tiny footprints and crazyparanoia implementations -: RandalSchwartz wanders off for lunch jpalmer: of course, to be fair.. back then.. a lot of the "at what cost" with qmail was in it's restrictive license. everytime I wanted to add some basic functionality, I had to patch and recompile. now with him having loosened it, a lot of things may be different. I'm happy enough with postfix, that I don't intend to find out ;) tooth: i mean, djbdns was not affected by that dns thing the other year mike-burns: DJB's software has the other cost where you have to install his rewrite of unix in order to use his stuff. wallshot: wow it's changed? tooth: yeah. that too. :-[12:43] <wallshot> i went to postfix years ago from qmail for my toaster needs -because- of all the bullshit patching required wallshot: can't easily portupgrade crap when you have to manually patch crap left and right tooth: also, something a little more contemporary than 1998? wallshot: postfix always compiled in the support i needed with the port build tooth: or whenver the last release of qmail is wallshot: no hax necessary jpalmer: yeah, without getting into the whole "$foo > djbware" thing.. I got burnt out on catering to djbware several years ago. no desire to revisit that period. wallshot: i fewlt it was too much like teh linuxy hack-it method for upgrades
didn't wanna manually waste time on crap doing version bumps toddf: are there TLD's today that permit IPv6 glue for ns records beyond .com and .net ? jpalmer: toddf: according to he.net's widget, 242 of 294 TLD's allow IPv6 glue toddf: jpalmer: oh wow, nice jpalmer: mind you, thats the only place I looked and didn't verify. but, I'd tend to believe HE when it comes to IPv6 matters ;) toddf: I've not interrogated godaddy.com lately
I was all setup to do .com .net and .org ns's for my company for redundancy and turns out I had to redo my zone files when I found out .org didn't work at the time jpalmer: redundancy meaning, at the TLD level?
s/TLD/TLD NS/ ***: Ehtyar has joined #arpnetworks shansa: people use zfs here? nesta: only noobs like RandalSchwartz
jokin :P shansa: I'd like to try it for the sake of it, but not sure wether it's worth it.
and it seems like it's fairly ram consuming
and ufs works
.. but i'm bored, so... :-p nesta: I say
do not
learn something else :) wallshot: i love this ipv6 test
"in linux, what kernel module must be loaded in order to use ipv6 networking"
and i thought "in 2010, they need to load a module to enable ipv6? wow."
cuz i could swear it's been available forever and probably ought to be in most generics tooth: well, itsthereby default i think wallshot: oh. so then it's sorta a lame question tooth: it's there by*
i think. wallshot: yeah i would imagine it should be compiled in by default on most distros now shansa: wallshot: it is. often as a module, sometimes not. Makes no difference. Linux loads modules automatically anyway. jpalmer: well, it's not really a lame question, in the sense that if you want to disable ipv6, you'd also *unload* that module. wallshot: there's nothing in the test about "what is included in GENERIC in freebsd but which you may want to disable to kill ipv6?"
it seems a rather obscure question and not nearly as relevant as "what is NOT in generic that you must load to use ipv6"
tho i suppose it is still knowledge, that, in the right situation, could prove useful
oooh misinformation from wikipedia
no surprise tooth: correct it and cite? ;-) wallshot: that would be responsible! tooth: oh, you're right.
forgtive me wallshot: have i mentioned how much i'm enjoying arpnetworks
i like the fbsd support, i like the prices, and i love the ipv6 mhoran: Loves it. tooth: also the same reasons i signed up jpalmer: I personally like the FreeBSD side. but, I'm currently running CentOS in it, evaluating for a client. toddf: you can always use OpenBSD where you don't have to ask such silly questions as 'what to kill/load/disable/etc' and it just works. ;-) shansa: arp is sweet indeed nesta: OpenBSD is horrific
j/k
:P RandalSchwartz: openbsd got me through some tough years. :)
and theo's paranoia helped me sleep at night nesta: your sleep seems dependent on servers
hehe
:S RandalSchwartz: on servers not being cracked while I was asleep, yes. ***: shansa has quit IRC (Quit: leaving) nesta: cracked! ***: schmir has joined #arpnetworks wallshot: dang trick questions
the ansewr isn't yes or no! it's "almost never" ***: mike-burns has quit IRC (*.net *.split)
toddf has quit IRC (*.net *.split)
schmir has quit IRC (Remote host closed the connection)
mike-burns has joined #arpnetworks
toddf has joined #arpnetworks
hubbard.freenode.net sets mode: +oo mike-burns toddf
schmir has joined #arpnetworks wallshot: if you setup glue, is it wise to have redundant AAAA record for the ns in your domain's zone file, or just risking conflict? ***: sbp_ has joined #arpnetworks
sbp_ has quit IRC (Client Quit)
schmir has quit IRC (Remote host closed the connection) jpalmer: what do you mean by redundant AAAA record? wallshot: let's see... 5 daily tests * 1point each ... about 119 days to get the 595 points i'd need to hit 1500
i mean if the TLD has a AAAA record for my ns host jpalmer: WRONG!
wallshot: you should still have the IN NS listed in your zonefile. wallshot: right, as a IN NS
but not a IN AAAA ? jpalmer: well, the IN NS is going to be a named server ns1.foo.com wallshot: ns IN AAAA my-ns-ipv6-addr ... is redundant with the glue right?
so shouldn't be necessary jpalmer: then, you'd create an A and AAAA record for the ns1
example: @ IN NS ns1.foo.com.
ns1 A 1.2.3.4
ns1 AAAA 2001::foo.blah wallshot: so even though the glue was setup for TLD to point ns1.foo.com to 1.2.3.4, i should add A records in foo.com zonefile for it anyway jpalmer: you always want everything referenced completely in your zonefile. wallshot: this is probably good because it's what i'd done. was afraid i'd make some conflict
o excellent jpalmer: btw: did you setup glue yet? did you test it with dig? wallshot: i added a host
i think it's glued
but it said could take up to 48 hours for host changes jpalmer: what is your domain name? wallshot: and am not sure how to dig for the glue
6-for.me
it's not pointing at my glue yet
it's still using he.net nameservers, since the glue hadn't set yet...
but the nameserver resolves so perhaps i should just switch it now
oooh i totally jacked up the NS entries
didn't change my zone to match when i put he.net nameservers in there
i really am setting this domain up the slow way jpalmer: I don't see glue records
dig NS 6-for.me @ns.nic.me
brb. 15 mins wallshot: i suspect because i didn't stick my domain to the glue? jdoe: er
you want glue records in your zone file
but glue records for the domain need to be set by your registrar. wallshot: i created NS Host ns1.6-for.me -> 2607:f2f8:a460::5. but hadn't actually pointed my NS to ns1.6-for.me yet jdoe: er
sorry, glue records at the tld's nameservers need to be set by your registrar. wallshot: yeah, then make them match with AAAA records in my zonefile
and point my NS records at them :) -: wallshot gets to updating wallshot: i think i see how i typo broke my ipv4 A records
which mighta jacked up digs over ipv4 for ipv6 resolution
pointing ns1.foo.com at an ipv4 that named isn't listening to == good way to break stuff
guess i can bind to that ip until fix propagates
totally explains why it seemed to work when i got in this morning and how i had somehow broken it in minutes
fail on transcribe records from godaddy's dns to he.net's dns ***: shansa has joined #arpnetworks wallshot: win, win, win, discovering ugly typo fixes everything! jdoe: go team :P jpalmer: back wallshot: wb! as u can see from scrolling up, i found a typo that was killing my reverse resolution
specifically, if named is bound on .114 and .116, don't type .115 into the A record for ns1.foo.com in the zone file
i already had it as .116 on godaddy so i musta brainfarted or fingerfarted typing out the addresses on he.net jpalmer: yeh, I mentioned earlier that I thought something else was wrong. good catch
so, I've been trying to get my HE.net tunnel to work correctly on dd-wrt. I get the tunnel up. radvd seems to advertise the space (clients get IPv6 IP's) but I can't ping6 anything beyond the client address of my router. wallshot: possible that protocol41 isn't fully implemented across the router?
i failed miserably to get he.net tunnel working over my home router
i tried it on my arpnetworks vps, and it worked right away with the example configuration commands he.net provides for "Freebsd >= 4.4"
so i figured either my router's natting, or firewalling, or something, is jacking up he.net's tunneling. though weather it's a protocol41 incompatibility or something else i have no clue jpalmer: well, I'd buy that *if* so many other people wren't having success, OR.. if the tunnel couldn't be brought up directly on my laptop ;) wallshot: so i'm still using freenet6 for my laptop's ipv6 from the home network
i'd suspect i overlooked something (since i found no reported problems with using it over nat, except for old routers that don't do protocol41)
cept that it worked right off the bat on my non-nat vps
tho now i do suspect my router
oooh reverse is working gloriously! jpalmer: nice, grats. RandalSchwartz: I don't think he.net tunnels use 41
I think it's straight ipv4
it'd have to be, because I can bring up my he.net laptop tunnel pretty much anywhere that I can see the net wallshot: orly. everything i could find suggested protocol41 would be major cause of failure, but that mighta been random comments about tunneling in general RandalSchwartz: 41 is where you're using a "nearby" 6-to-4 gateway
and the routers have to cooperate
he.net is strictly "6 in 4"
so all your packets go inside a normal ipv4 tunnel
nobody between here and there is the wiser
usable just about everywhere
but less flexible, because the endpoint is fixed wallshot: oooh i musta read some misinformation about tunnels failing due to protocol41 not being passed by routers jpalmer: ok, now I goofed up something :P I can't even ping6 the router. heh RandalSchwartz: as in, all my traffic goes to LA regardless of where it will eventually end up wallshot: doh! RandalSchwartz: whereas with proto41, it floods outward until it finds a willing 6-to-4 gateway wallshot: oh god
that sounds ... messy RandalSchwartz: no - it's just a normal set of routes
.. http://en.wikipedia.org/wiki/6in4
oops - not that... http://en.wikipedia.org/wiki/6to4 wallshot: yeah so close but nto quite RandalSchwartz: the trick is that the gateways anycast 192.88.99.1
and the routers pick up whomever's closest
so your nearest router knows the route to the closest 192.88.99.1 ipv4
and then it turns into v6 for the rest of the way
I've been using miredo instead of that
provided I'm not deeply NATed, miredo works fine for casual v6 connectivity
although it's a different v6 each time
often, my miredo trafffic ends up on a nearby he.net gateway. :)
kinda cute
OSX snow leopard comes with miredo already installed too
just need to enable the launchd item wallshot: dig NS 6-for.me @ns.nic.me <--- is that glue I see, the AAAA records? RandalSchwartz: Yeah... "additional section"
almost always means "glue" wallshot: that's excellent jpalmer: yes. BUT.. one problem. RandalSchwartz: so presuming ns.nic.me is v6 reachable, you should be good jpalmer: yu *only* have AAAA glue. you probably want to also have A glue. RandalSchwartz: oh yeah - you need A glue wallshot: oooh. that -is- a good idea!
should not neglect ipv4 jpalmer: well, if you want to be reachable via ipv6 only, you're fine now :P RandalSchwartz: one more round of support requests. :) jpalmer: RandalSchwartz: ns.nic.me is a TLD for .me RandalSchwartz: sure - but it might not support v6
some of the TLDs don't
although most of them are coming around
ns.nic.me has no AAAA record
as I'm saying :) jpalmer: oh, I see what you're saying. I thuoght you figured ns.nic.me was one of his NS's. chances are good though, if that wasn't ipv6, one of the other ones would be. yekoms: do you all know of the new local root exploit? wallshot: c0.cctld.afilias-nst.info. has ipv6
and is on the IN NS for .me list RandalSchwartz: is there a quick query like "dig ns me" that additionally dumps their A or AAAA? wallshot: and b0.cctld.afilias-nst.org. and b2.me.afilias-nst.org. and ... RandalSchwartz: oh - yeah, of course afilias is on the ball
one of the biggest users of postgresql in the world :)
I was setting up to do some consulting there for a bit
postgresql and perl wallshot: dig NS me. <-- worked for me RandalSchwartz: root exploit for which OS wallshot: shows 3 AAAA's and 5 A's RandalSchwartz: wallshot - that didn't show me the A or AAAA records
probably because you have them cached already or something wallshot: http://pastebin.ca/1950053
doubt i had all of them cached
some, probably RandalSchwartz: well - when I do that, I get 0 additional yekoms: freebsd RandalSchwartz: just the 8 NS records yekoms: it works well on any 7.* and 8.* wallshot: maybe my nameserver is being friendlier yekoms: should h4x any freebsd 8.* and 7.* prior to 12Jul2010 RandalSchwartz: bzip2/bunzup2 ... /me sighs yekoms: it works on a few of my servers.. wallshot: i assume you mean the mbuf advisory yekoms: cept not my vps from here.. wallshot: http://security.freebsd.org/advisories/FreeBSD-SA-10:07.mbuf.asc yekoms: i guess. RandalSchwartz: darn it - I gottta get around to upgrading my 3 older boxes to 8.1 too wallshot: went out july 13 jpalmer: when you said "new exploit" I thught you meant something newer than 6 weeks ago :P RandalSchwartz: no - the bunzip was just a few days ago
... http://security.FreeBSD.org/advisories/FreeBSD-SA-10:08.bzip2.asc wallshot: randalschwartz: if i dig NS me. @4.2.2.2, then i don't get extra
try it @208.79.88.7 RandalSchwartz: Ahh, I'm using comcast's nameservers. no wonder wallshot: (that latter one is arpnet's that my vps defaults to use) yekoms: well i just foind it.. RandalSchwartz: uh - 208.79.88.7 won't talk to me jpalmer: damn, I dunno what I goofed up, but I still can't ping6 my router. RandalSchwartz: no recursion
so I bet it's still cached somewhere for you wallshot: maybe it only talks to me from my vps
was running the dig on there RandalSchwartz: ahh!
@74.82.42.42 wallshot: 4.2.2.2 was what i used for +trace info to actually show up (my home router 192.168.1.1 wouldn't even do that much) but if 4.2.2.2 isn't dishing out the AAAA/A records, i'm not sure what other nameservers would have that option enabled RandalSchwartz: that's he.net's open recursive server wallshot: excellent! RandalSchwartz: and it shows ipv6 for www.google.com
normally you don't get that
or at least, it did at one point. :) wallshot: yeah i don't seem to be getting that
ipv6.google.com is the only way i know of to force google over ipv6 RandalSchwartz: so ns.nic.me and ns2.nic.me are v4 only wallshot: yeah they're lagging back in the 90's shansa: google enables ipv6 for a few networks it deems reliable enough RandalSchwartz: ahh - if you ask for aaaa explicitly, it works
... www.l.google.com.168INAAAA2001:4860:8010::67
ugh
tabs :) wallshot: my dns don't wanna give it to me even if i dig -t aaaa jpalmer: oh, figured out the issue. I logged into the vps.. and can't ping the client side of my tunnel there either. appears the tunnel went down. wallshot: good reason for it to not be available -: wallshot validates address and selects tshirt size ***: shansa has quit IRC (Quit: leaving) jpalmer: wallshot: whats your score? 1000? wallshot: not even
i hit sage with a score of like 500
then i found all the extra tests
so i took them
then i did 1 each of the daily tasks
and am at 905 now jpalmer: hmm. you're missing something then wallshot: and i feel something's missing
cuz 5 daily tasks * 99 is 495 or so more points from those
that's 1400 points. 100 is missing :/
http://ipv6.he.net/certification/scoresheet.php?pass_name=jprather RandalSchwartz: I stopped at 1024 wallshot: haha nice RandalSchwartz: just because the rest is just busy works wallshot: yeah the 1 a day thing RandalSchwartz: I could script it, but who cares wallshot: u do it for 2 days and u got the hang of it RandalSchwartz: I did it for 5
then realized it's just a pain to keep finding new v6 domains
that also have to be on different subnets -: wallshot compares 1500 score to his to see what's missing wallshot: i'm missing nothing from this 1500 score
is it possible he.net math is jacked? -: wallshot adds up this 1500's points jpalmer: your score is 1005 right now. wallshot: my page not refreshed?
that explains the missing 100 points! jpalmer: RandalSchwartz: http://sixy.ch wallshot: i'm all about missing what's right in front of my face today RandalSchwartz: oh wonderful. updating ports today upgrades emac :)
emacs wallshot: see i just don't install emacs, so i never have to update it RandalSchwartz: that'll be a while :)
hey - go see my interview about emacs org-mode wallshot: sometimes i feel i'm missing out, but mostly, i'm happy with it RandalSchwartz: people are switching to emacs *just* for org-mode wallshot: all editors need orgy mode RandalSchwartz: twit.tv/floss136 wallshot: interesting RandalSchwartz: or here's carsten at a google tech talk - http://www.youtube.com/watch?v=oJTwQvgfgMM jpalmer: RandalSchwartz: I scripted it, I'll let crontab take me to 1500 :P
more correctly.. someone else scripted it. I just copied, pasted, and crontabbed. wallshot: is that guy wearing his sunglasses indoors? jpalmer: only two people wear sunglasses indoors. blind people and assholes. wallshot: maybe they're corrective lenses that are just dark
haha
oh
wow i'm insensitive
as i see a kid lead him back to his seat
and realize he may actually be blind
google == lies!
"The only truly portable format, read and edit anywhere" jpalmer: wallshot: one of the guys I work with was speacking at cluecon a year or two ago.. (thats actually his quote) he was drinking one night after his talk.. there was a guy in the bar with sunglasses on.. wallshot: rtf is damn close!
tho console won't show rtf nicely, i confess
it's a pretty accurate quote jpalmer: he waled up to the guy, took his arm, and asid "I'll help you to your chair" the gey goes "get off me!" kris said "the only people that wear glasses indoors are blind people and assholes. I guess we know which one we;re dealing with here" wallshot: hahahaha jpalmer: holy crap, can't type on this MBP keyboard. wallshot: that's great
i'm heading out for the night
thanks for all the tips! jpalmer: night man wallshot: and good luck with routing that he.net tunnel, jpalmer!
guessing less hassle once tunnel isn't down :) jpalmer: I'm not sure why it's actually down yet. but I'm beat. I may let it go until tomorrow. wallshot: that always helps. then u find a ipv4 typo somewhere and facepalm like i did today
cya guys! ***: wallshot has quit IRC (Quit: Leaving.)
yekoms has quit IRC (Ping timeout: 245 seconds)
awyeah has joined #arpnetworks awyeah: RandalSchwartz - heh. emacs. ***: smokey_ has joined #arpnetworks
smokey_ has quit IRC (Quit: Leaving)