Re: pay.gov and IPv6

480 seq = 1:174(1420)> > > > Regards, > Jordi > > > -Mensaje original- > De: Mark Andrews <ma...@isc.org> > Responder a: <ma...@isc.org> > Fecha: lunes, 21 de noviembre de 2016, 1:26 > Para: Carl Byington <c...@five-ten-sg.com> &

Re: pay.gov and IPv6

isc.org> Responder a: <ma...@isc.org> Fecha: lunes, 21 de noviembre de 2016, 1:26 Para: Carl Byington <c...@five-ten-sg.com> CC: <jordi.pa...@consulintel.es>, <nanog@nanog.org> Asunto: Re: pay.gov and IPv6 In message <1479686835.13553.4.ca...@ns.five-ten-sg.com>, Car

Re: pay.gov and IPv6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Mon, 2016-11-21 at 11:26 +1100, Mark Andrews wrote: > And the advertised MSS was what? On my box I'm seeing 1220 for > IPv6 compared with 1460 for IPv4. 1220 shouldn't see PMTU problems. --> 2001:8d8:100f:f000::2d5 syn w/ mss 1440 <--

Re: pay.gov and IPv6

In message <1479686835.13553.4.ca...@ns.five-ten-sg.com>, Carl Byington writes: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On Sun, 2016-11-20 at 10:51 +0100, JORDI PALET MARTINEZ wrote: > > For example, you will not get this working if you have a lower MTU > > than 1.500, which is

Re: pay.gov and IPv6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sun, 2016-11-20 at 10:51 +0100, JORDI PALET MARTINEZ wrote: > For example, you will not get this working if you have a lower MTU > than 1.500, which is quite normal, not just for tunnels, but also > because the PPP/others encapsulation in many

Re: pay.gov and IPv6

ntel.es> Fecha: viernes, 18 de noviembre de 2016, 21:05 Para: <nanog@nanog.org> Asunto: Re: pay.gov and IPv6 I tested from my home and happy eyeballs is not falling back to IPv4. So, I tend to suspect that is not ICMPv6 filtering, but something else, such as wrong loa

Re: pay.gov and IPv6

In message <87twb4slol@mid.deneb.enyo.de>, Florian Weimer writes: > * Mark Andrews: > > > The DNSSEC testing is also insufficient. 9-11commission.gov shows > > green for example but if you use DNS COOKIES (which BIND 9.10.4 and > > BIND 9.11.0 do) then servers barf and return BADVERS and

Re: pay.gov and IPv6

e Carl Byington <c...@five-ten-sg.com> Responder a: <c...@five-ten-sg.com> Fecha: sábado, 19 de noviembre de 2016, 3:22 Para: <nanog@nanog.org> Asunto: Re: pay.gov and IPv6 > > I am working with pay.gov.c...@clev.frb.org, trying to explain the > problem.

Re: pay.gov and IPv6

> > I am working with pay.gov.c...@clev.frb.org, trying to explain the > problem. The intersection of government bureaucracy and technical issues is frustrating to say the least. I just sent the message below, but have no expectation that it will change anything. == On Fri,

Re: pay.gov and IPv6

* Mark Andrews: > The DNSSEC testing is also insufficient. 9-11commission.gov shows > green for example but if you use DNS COOKIES (which BIND 9.10.4 and > BIND 9.11.0 do) then servers barf and return BADVERS and validation > fails. QWEST you have been informed of this already. > > Why the hell

Re: pay.gov and IPv6

On Thu, 17 Nov 2016, Mark Andrews wrote: Why the hell should validating resolver have to work around the crap you guys are using? DO YOUR JOBS which is to use RFC COMPLIANT servers. You get PAID to do DNS because people think you are compentent to do the job. Evidence shows otherwise.

Re: pay.gov and IPv6

On 11/17/16, Carl Byington wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On Thu, 2016-11-17 at 15:32 -0500, Lee wrote: >> That's fine, but until someone is willing to work with them don't >> expect it to get fixed. > > I am working with

Re: pay.gov and IPv6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2016-11-17 at 15:32 -0500, Lee wrote: > That's fine, but until someone is willing to work with them don't > expect it to get fixed. I am working with pay.gov.c...@clev.frb.org, trying to explain the problem. They seem to think I should

Re: pay.gov and IPv6

>> >> If you don't do MSS fix up a 1280 link in the middle will find PMTUD >> >> issues >> >> provided the testing host has a MTU > 1280. >> >> >> >> Mark >> >> >> >> > -Mensaje original- >> >&

Re: pay.gov and IPv6

> >> issues > >> provided the testing host has a MTU > 1280. > >> > >> Mark > >> > >> > -----Mensaje original- > >> > De: NANOG <nanog-boun...@nanog.org> en nombre de Mark Andrews < > >> ma...@isc.org&g

Re: pay.gov and IPv6

gt; > De: NANOG <nanog-boun...@nanog.org> en nombre de Mark Andrews < >> ma...@isc.org> >> > Responder a: <ma...@isc.org> >> > Fecha: jueves, 17 de noviembre de 2016, 9:26 >> > Para: Lee <ler...@gmail.com> >> > CC: &

Re: pay.gov and IPv6

sc.org> > > Fecha: jueves, 17 de noviembre de 2016, 9:26 > > Para: Lee <ler...@gmail.com> > > CC: <nanog@nanog.org> > > Asunto: Re: pay.gov and IPv6 > > > > > > In message > <cad8gwsvetsmn1ssfk_adttkheog0e1zfxrld11fpkbpjghm...@mail.gmai

Re: pay.gov and IPv6

t; Fecha: jueves, 17 de noviembre de 2016, 9:26 > Para: Lee <ler...@gmail.com> > CC: <nanog@nanog.org> > Asunto: Re: pay.gov and IPv6 > > > In message <cad8gwsvetsmn1ssfk_adttkheog0e1zfxrld11fpkbpjghm...@mail.gmai > l.com> > , Lee

Re: pay.gov and IPv6

onder a: <ma...@isc.org> Fecha: jueves, 17 de noviembre de 2016, 9:26 Para: Lee <ler...@gmail.com> CC: <nanog@nanog.org> Asunto: Re: pay.gov and IPv6 In message <cad8gwsvetsmn1ssfk_adttkheog0e1zfxrld11fpkbpjghm...@mail.gmail.com> , Lee writes: > On 11/16

Re: pay.gov and IPv6

In message , Lee writes: > On 11/16/16, Mark Andrews wrote: > > > > In message <1479249003.3937.6.ca...@ns.five-ten-sg.com>, Carl Byington > > writes > > : > >> -BEGIN PGP SIGNED MESSAGE- > >> Hash:

Re: pay.gov and IPv6

It happens too often, unfortunately. People deploying IPv6 at web sites and other services, don’t check if PMTUD is broken by filtering, ECMP, load balancers, etc. This is the case here: tbit from 2001:df0:4:4000::1:115 to 2605:3100:fffd:100::15 server-mss 1440, result: pmtud-fail app: http,

Re: pay.gov and IPv6

On 11/16/16, Mark Andrews wrote: > > In message <1479249003.3937.6.ca...@ns.five-ten-sg.com>, Carl Byington > writes > : >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA512 >> >> Following up on a two year old thread, one of my clients just hit this >> problem. The failure is not

Re: pay.gov and IPv6

> On Nov 15, 2016, at 5:30 PM, Carl Byington wrote: > > openssl s_client -connect www.pay.gov:443 I’m not seeing the issue here, but they do have some possible issues the way they’re setting cookies (See details below). What path are you seeing to them? I’m also not

Re: pay.gov and IPv6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2016-11-16 at 20:59 +, Matthew Kaufman wrote: > I fixed it (and Netflix) by turning off IPv6 for all my users... but > any chance this is a path MTU issue causing the apparent hang? I fixed it by using the rpz feature of bind to disable

Re: pay.gov and IPv6

I fixed it (and Netflix) by turning off IPv6 for all my users... but any chance this is a path MTU issue causing the apparent hang? Matthew Kaufman On Wed, Nov 16, 2016 at 12:26 PM Mark Andrews wrote: > > In message <1479249003.3937.6.ca...@ns.five-ten-sg.com>, Carl Byington >

Re: pay.gov and IPv6

In message <1479249003.3937.6.ca...@ns.five-ten-sg.com>, Carl Byington writes : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Following up on a two year old thread, one of my clients just hit this > problem. The failure is not that www.pay.gov is not reachable over ipv6 >

Re: pay.gov and IPv6

On Sat, Oct 25, 2014 at 10:26 AM, Matthew Kaufman matt...@matthew.at wrote: Random IPv6 complaint of the day: redirects from FCC.gov to pay.gov fail when clients have IPv6 enabled. Work fine if IPv6 is off. One more set of Still broken, 7 months later. And again, I was too busy trying to pay

Re: pay.gov and IPv6

In message CAFG21ohZ6MV6Tef_sWuwV6kmAZmHQ3nFRLq-FkdU38g=vl3...@mail.gmail.com , Todd Lyons writes: On Sat, Oct 25, 2014 at 10:26 AM, Matthew Kaufman matt...@matthew.at wrote: Random IPv6 complaint of the day: redirects from FCC.gov to pay.gov fail when clients have IPv6 enabled. Work fine

Re: pay.gov and IPv6

Have you tried emailing the server admin at pay.gov.c...@clev.frb.org? On Sun, Oct 26, 2014 at 5:16 PM, Mark Andrews ma...@isc.org wrote: In message CAFG21ohZ6MV6Tef_sWuwV6kmAZmHQ3nFRLq-FkdU38g= vl3...@mail.gmail.com , Todd Lyons writes: On Sat, Oct 25, 2014 at 10:26 AM, Matthew Kaufman

Re: pay.gov and IPv6

This is why I need to pull logs the next time I need to pay the FCC. There are several rounds of redirects involved from clicking the payment button on the FCC site to the final landing at pay.gov, and one of the last steps never connects if IPv6 is enabled. Matthew Kaufman (Sent from my

Re: pay.gov and IPv6

On 3/17/2014 11:43 AM, Matthew Kaufman wrote: Random IPv6 complaint of the day: redirects from FCC.gov to pay.gov fail when clients have IPv6 enabled. Work fine if IPv6 is off. One more set of client computers that should be dual-stacked are now relegated to IPv4-only until someone remembers

Re: pay.gov and IPv6

Why not just use a browser plugin that allow you to disable v6 selectively on a per site/domain basis? Most of them just display v4/v6 information, but 4or6 allows you to quickly set a domain/site as v4 only. Ref https://addons.mozilla.org/en-US/firefox/addon/4or6/?src=search -- Hugo On Oct

Re: pay.gov and IPv6

www.eda.gov has been broken since January. It has a record but when clients connect via IPv6 they see Bad Request (Invalid Hostname)” rather than the web site. On Mar 17, 2014, at 1:43 PM, Matthew Kaufman matt...@matthew.at wrote: Random IPv6 complaint of the day: redirects from

Re: pay.gov and IPv6

No Happy Eyeballs? Perhaps also time to ditch XP and IE for something new as well. -as On Mon, Mar 17, 2014 at 11:43 AM, Matthew Kaufman matt...@matthew.atwrote: Random IPv6 complaint of the day: redirects from FCC.gov to pay.gov fail when clients have IPv6 enabled. Work fine if IPv6 is

Re: pay.gov and IPv6

Windows 8 running Google Chrome as the browser. Matthew Kaufman On 3/17/2014 11:46 AM, Arturo Servin wrote: No Happy Eyeballs? Perhaps also time to ditch XP and IE for something new as well. -as On Mon, Mar 17, 2014 at 11:43 AM, Matthew Kaufman matt...@matthew.at

Re: pay.gov and IPv6

No issues for me over IPv6 on Comcast. Perhaps some local network issue? Any reported issues if you try to visit http://www.test-ipv6.com/ ? - Jared On Mar 17, 2014, at 2:55 PM, Matthew Kaufman matt...@matthew.at wrote: Windows 8 running Google Chrome as the browser. Matthew Kaufman

Re: pay.gov and IPv6

Hi Matthew, in Italy I see the site pay.gov in IPv6, as you can see: [image: Immagine in linea 1] Regards, Marco 2014-03-17 19:43 GMT+01:00 Matthew Kaufman matt...@matthew.at: Random IPv6 complaint of the day: redirects from FCC.gov to pay.gov fail when clients have IPv6 enabled. Work

Re: pay.gov and IPv6

One more (498?) set(s) of data points: I used RIPE ATLAS probes to check the SSL certificate over IPv6 (a nice way to check reachability).. Measurement# 1584700 You can look through the data to determine where it's not reachable from, but it seems to be generally reachable without issue from

Re: pay.gov and IPv6

It was reachable by hand-typed URL, but the machines trying to follow a redirect from the FCC site during payment flow failed. Had to be brought back online, so once it was determined that turning v6 off was sufficient, that was the end if the debugging. Matthew Kaufman (Sent from my iPhone)

Re: pay.gov and IPv6

HE should work then, perhaps another problem + IPv6. -as On Mon, Mar 17, 2014 at 11:55 AM, Matthew Kaufman matt...@matthew.atwrote: Windows 8 running Google Chrome as the browser. Matthew Kaufman On 3/17/2014 11:46 AM, Arturo Servin wrote: No Happy Eyeballs? Perhaps also time to