Rob wrote: > Steve Kostecke <[email protected]> wrote: >>> But it has two IPv4 addresses. Under the address 204.152.184.138 it >>> works OK. >> >> That's our off-site back-up. > > Well, in DNS it says: > www.ntp.org has address 128.4.35.16 > www.ntp.org has address 204.152.184.138 > www.ntp.org has IPv6 address 2001:4f8:0:2::23
The IPv6 entry in the DNS may lead to another error on a local site which we have recently encountered. I'm explicitely pointing out that what I describe below is *not* a problem of the NTP site, even though users may think so after the first glance. Anyway, I'd like to mention this here just for the records. The problem we've been observing was that we have been unable to access e.g. support.ntp.org, www.isc.org and some other sites from some machines in our local intranet, even using different browsers. The browsers returned an error, or the page was displayed only after quite a number of seconds delay. From other machines on our local intranet access to those sites was fast and without problems. After some digging around we found out the problem occurs only if the DNS server also returns an IPv6 address for this site. Our intranet is behind a NAT router which only has IPv4 connection to our ISP. If both an IPv4 and IPv6 address for a host on the internet is returned then applications may try to connect via IPv6 first, which fails in this case. Interestingly, some application/machines try to use IPv4 first, whereas others try to use IPv6 first. I'm not sure whether this is a global configuration option of the IP stack, or due to the application. A good way to see what's going on is to use wget. On a SuSE Linux 9.3 machine using wget 1.10 the IPv4 address is used first, so the program succeeds: # wget http://support.ntp.org --10:37:14-- http://support.ntp.org/ => `index.html' Resolving support.ntp.org... 204.152.184.138, 2001:4f8:0:2::23 Connecting to support.ntp.org|204.152.184.138|:80... connected. HTTP request sent, awaiting response... 302 Found Location: http://support.ntp.org/bin/view/Main/WebHome [following] --10:37:14-- http://support.ntp.org/bin/view/Main/WebHome => `WebHome' Reusing existing connection to support.ntp.org:80. HTTP request sent, awaiting response... 200 OK Length: 34,199 (33K) [text/html] 10:37:19 (9.83 KB/s) - `WebHome' saved [34199/34199] On a openSUSE 11.1 machine running wget 1.11.4 and also on a recent Ubuntu machine the IPv6 address is used first: # wget http://support.ntp.org --2009-03-05 10:38:33-- http://support.ntp.org/ Resolving support.ntp.org... 2001:4f8:0:2::23, 204.152.184.138 Connecting to support.ntp.org|2001:4f8:0:2::23|:80... failed: Connection timed out. Connecting to support.ntp.org|204.152.184.138|:80... connected. HTTP request sent, awaiting response... 302 Found Location: http://support.ntp.org/bin/view/Main/WebHome [following] --2009-03-05 10:41:46-- http://support.ntp.org/bin/view/Main/WebHome Reusing existing connection to support.ntp.org:80. HTTP request sent, awaiting response... 200 OK Length: 34199 (33K) [text/html] Saving to: `WebHome' The IPv4 address is used only after the IPv6 address has timed out, even though (as far as I understand it) the DNS server first returns an IPv4 address, then an IPv6 address: # host support.ntp.org support.ntp.org has address 204.152.184.138 support.ntp.org has IPv6 address 2001:4f8:0:2::23 I know a possible solution would be to use a IPv6-over-IPv4 tunnel to the internet. However, if this has not been set up then access may fail for a reason which is not obvious. AFAIK some browsers, e.g. Firefox, can be configured to prefer either IPv4 or IPv6, so this can be solved without a tunnel. A good solution would be to let the local DNS server discard IPv6 addresses returned from forwarders while maintaining IPv6 suuport for the local zone/network, but I currently don't know if/how this can be configured for bind 9. Danny, any ideas? ;-)) Martin -- Martin Burnicki Meinberg Funkuhren Bad Pyrmont Germany _______________________________________________ questions mailing list [email protected] https://lists.ntp.org/mailman/listinfo/questions
