480 seq = 1:174(1420)> > > > Regards, > Jordi > >
> -Mensaje original- > De: Mark Andrews <ma...@isc.org> >
Responder a: <ma...@isc.org> > Fecha: lunes, 21 de noviembre de 2016,
1:26 > Para: Carl Byington <c...@five-ten-sg.com> &
isc.org>
Responder a: <ma...@isc.org>
Fecha: lunes, 21 de noviembre de 2016, 1:26
Para: Carl Byington <c...@five-ten-sg.com>
CC: <jordi.pa...@consulintel.es>, <nanog@nanog.org>
Asunto: Re: pay.gov and IPv6
In message <1479686835.13553.4.ca...@ns.five-ten-sg.com>, Car
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, 2016-11-21 at 11:26 +1100, Mark Andrews wrote:
> And the advertised MSS was what? On my box I'm seeing 1220 for
> IPv6 compared with 1460 for IPv4. 1220 shouldn't see PMTU problems.
--> 2001:8d8:100f:f000::2d5 syn w/ mss 1440
<--
In message <1479686835.13553.4.ca...@ns.five-ten-sg.com>, Carl Byington writes:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On Sun, 2016-11-20 at 10:51 +0100, JORDI PALET MARTINEZ wrote:
> > For example, you will not get this working if you have a lower MTU
> > than 1.500, which is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sun, 2016-11-20 at 10:51 +0100, JORDI PALET MARTINEZ wrote:
> For example, you will not get this working if you have a lower MTU
> than 1.500, which is quite normal, not just for tunnels, but also
> because the PPP/others encapsulation in many
ntel.es>
Fecha: viernes, 18 de noviembre de 2016, 21:05
Para: <nanog@nanog.org>
Asunto: Re: pay.gov and IPv6
I tested from my home and happy eyeballs is not falling back to IPv4.
So, I tend to suspect that is not ICMPv6 filtering, but something else,
such as wrong loa
In message <87twb4slol@mid.deneb.enyo.de>, Florian Weimer writes:
> * Mark Andrews:
>
> > The DNSSEC testing is also insufficient. 9-11commission.gov shows
> > green for example but if you use DNS COOKIES (which BIND 9.10.4 and
> > BIND 9.11.0 do) then servers barf and return BADVERS and
e Carl Byington
<c...@five-ten-sg.com>
Responder a: <c...@five-ten-sg.com>
Fecha: sábado, 19 de noviembre de 2016, 3:22
Para: <nanog@nanog.org>
Asunto: Re: pay.gov and IPv6
> > I am working with pay.gov.c...@clev.frb.org, trying to explain the
> problem.
> > I am working with pay.gov.c...@clev.frb.org, trying to explain the
> problem.
The intersection of government bureaucracy and technical issues is
frustrating to say the least. I just sent the message below, but have no
expectation that it will change anything.
==
On Fri,
* Mark Andrews:
> The DNSSEC testing is also insufficient. 9-11commission.gov shows
> green for example but if you use DNS COOKIES (which BIND 9.10.4 and
> BIND 9.11.0 do) then servers barf and return BADVERS and validation
> fails. QWEST you have been informed of this already.
>
> Why the hell
On Thu, 17 Nov 2016, Mark Andrews wrote:
Why the hell should validating resolver have to work around the
crap you guys are using? DO YOUR JOBS which is to use RFC COMPLIANT
servers. You get PAID to do DNS because people think you are
compentent to do the job. Evidence shows otherwise.
On 11/17/16, Carl Byington wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On Thu, 2016-11-17 at 15:32 -0500, Lee wrote:
>> That's fine, but until someone is willing to work with them don't
>> expect it to get fixed.
>
> I am working with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2016-11-17 at 15:32 -0500, Lee wrote:
> That's fine, but until someone is willing to work with them don't
> expect it to get fixed.
I am working with pay.gov.c...@clev.frb.org, trying to explain the
problem. They seem to think I should
>> >> If you don't do MSS fix up a 1280 link in the middle will find PMTUD
>> >> issues
>> >> provided the testing host has a MTU > 1280.
>> >>
>> >> Mark
>> >>
>> >> > -Mensaje original-
>> >&
> >> issues
> >> provided the testing host has a MTU > 1280.
> >>
> >> Mark
> >>
> >> > -----Mensaje original-
> >> > De: NANOG <nanog-boun...@nanog.org> en nombre de Mark Andrews <
> >> ma...@isc.org&g
gt; > De: NANOG <nanog-boun...@nanog.org> en nombre de Mark Andrews <
>> ma...@isc.org>
>> > Responder a: <ma...@isc.org>
>> > Fecha: jueves, 17 de noviembre de 2016, 9:26
>> > Para: Lee <ler...@gmail.com>
>> > CC: &
sc.org>
> > Fecha: jueves, 17 de noviembre de 2016, 9:26
> > Para: Lee <ler...@gmail.com>
> > CC: <nanog@nanog.org>
> > Asunto: Re: pay.gov and IPv6
> >
> >
> > In message
> <cad8gwsvetsmn1ssfk_adttkheog0e1zfxrld11fpkbpjghm...@mail.gmai
t; Fecha: jueves, 17 de noviembre de 2016, 9:26
> Para: Lee <ler...@gmail.com>
> CC: <nanog@nanog.org>
> Asunto: Re: pay.gov and IPv6
>
>
> In message <cad8gwsvetsmn1ssfk_adttkheog0e1zfxrld11fpkbpjghm...@mail.gmai
> l.com>
> , Lee
onder a: <ma...@isc.org>
Fecha: jueves, 17 de noviembre de 2016, 9:26
Para: Lee <ler...@gmail.com>
CC: <nanog@nanog.org>
Asunto: Re: pay.gov and IPv6
In message
<cad8gwsvetsmn1ssfk_adttkheog0e1zfxrld11fpkbpjghm...@mail.gmail.com>
, Lee writes:
> On 11/16
In message
, Lee writes:
> On 11/16/16, Mark Andrews wrote:
> >
> > In message <1479249003.3937.6.ca...@ns.five-ten-sg.com>, Carl Byington
> > writes
> > :
> >> -BEGIN PGP SIGNED MESSAGE-
> >> Hash:
It happens too often, unfortunately.
People deploying IPv6 at web sites and other services, don’t check if PMTUD is
broken by filtering, ECMP, load balancers, etc.
This is the case here:
tbit from 2001:df0:4:4000::1:115 to 2605:3100:fffd:100::15
server-mss 1440, result: pmtud-fail
app: http,
On 11/16/16, Mark Andrews wrote:
>
> In message <1479249003.3937.6.ca...@ns.five-ten-sg.com>, Carl Byington
> writes
> :
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA512
>>
>> Following up on a two year old thread, one of my clients just hit this
>> problem. The failure is not
> On Nov 15, 2016, at 5:30 PM, Carl Byington wrote:
>
> openssl s_client -connect www.pay.gov:443
I’m not seeing the issue here, but they do have some possible issues the way
they’re setting cookies (See details below).
What path are you seeing to them? I’m also not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Wed, 2016-11-16 at 20:59 +, Matthew Kaufman wrote:
> I fixed it (and Netflix) by turning off IPv6 for all my users... but
> any chance this is a path MTU issue causing the apparent hang?
I fixed it by using the rpz feature of bind to disable
I fixed it (and Netflix) by turning off IPv6 for all my users... but any
chance this is a path MTU issue causing the apparent hang?
Matthew Kaufman
On Wed, Nov 16, 2016 at 12:26 PM Mark Andrews wrote:
>
> In message <1479249003.3937.6.ca...@ns.five-ten-sg.com>, Carl Byington
>
In message <1479249003.3937.6.ca...@ns.five-ten-sg.com>, Carl Byington writes
:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Following up on a two year old thread, one of my clients just hit this
> problem. The failure is not that www.pay.gov is not reachable over ipv6
>
On Sat, Oct 25, 2014 at 10:26 AM, Matthew Kaufman matt...@matthew.at wrote:
Random IPv6 complaint of the day: redirects from FCC.gov to pay.gov fail
when clients have IPv6 enabled. Work fine if IPv6 is off. One more set of
Still broken, 7 months later. And again, I was too busy trying to pay
In message CAFG21ohZ6MV6Tef_sWuwV6kmAZmHQ3nFRLq-FkdU38g=vl3...@mail.gmail.com
, Todd Lyons writes:
On Sat, Oct 25, 2014 at 10:26 AM, Matthew Kaufman matt...@matthew.at wrote:
Random IPv6 complaint of the day: redirects from FCC.gov to pay.gov fail
when clients have IPv6 enabled. Work fine
Have you tried emailing the server admin at pay.gov.c...@clev.frb.org?
On Sun, Oct 26, 2014 at 5:16 PM, Mark Andrews ma...@isc.org wrote:
In message CAFG21ohZ6MV6Tef_sWuwV6kmAZmHQ3nFRLq-FkdU38g=
vl3...@mail.gmail.com
, Todd Lyons writes:
On Sat, Oct 25, 2014 at 10:26 AM, Matthew Kaufman
This is why I need to pull logs the next time I need to pay the FCC. There are
several rounds of redirects involved from clicking the payment button on the
FCC site to the final landing at pay.gov, and one of the last steps never
connects if IPv6 is enabled.
Matthew Kaufman
(Sent from my
On 3/17/2014 11:43 AM, Matthew Kaufman wrote:
Random IPv6 complaint of the day: redirects from FCC.gov to pay.gov
fail when clients have IPv6 enabled. Work fine if IPv6 is off. One
more set of client computers that should be dual-stacked are now
relegated to IPv4-only until someone remembers
Why not just use a browser plugin that allow you to disable v6 selectively on a
per site/domain basis? Most of them just display v4/v6 information, but 4or6
allows you to quickly set a domain/site as v4 only. Ref
https://addons.mozilla.org/en-US/firefox/addon/4or6/?src=search
--
Hugo
On Oct
www.eda.gov has been broken since January.
It has a record but when clients connect via IPv6 they see Bad Request
(Invalid Hostname)” rather than the web site.
On Mar 17, 2014, at 1:43 PM, Matthew Kaufman matt...@matthew.at wrote:
Random IPv6 complaint of the day: redirects from
No Happy Eyeballs?
Perhaps also time to ditch XP and IE for something new as well.
-as
On Mon, Mar 17, 2014 at 11:43 AM, Matthew Kaufman matt...@matthew.atwrote:
Random IPv6 complaint of the day: redirects from FCC.gov to pay.gov fail
when clients have IPv6 enabled. Work fine if IPv6 is
Windows 8 running Google Chrome as the browser.
Matthew Kaufman
On 3/17/2014 11:46 AM, Arturo Servin wrote:
No Happy Eyeballs?
Perhaps also time to ditch XP and IE for something new as well.
-as
On Mon, Mar 17, 2014 at 11:43 AM, Matthew Kaufman matt...@matthew.at
No issues for me over IPv6 on Comcast.
Perhaps some local network issue? Any reported issues if you try to visit
http://www.test-ipv6.com/ ?
- Jared
On Mar 17, 2014, at 2:55 PM, Matthew Kaufman matt...@matthew.at wrote:
Windows 8 running Google Chrome as the browser.
Matthew Kaufman
Hi Matthew,
in Italy I see the site pay.gov in IPv6, as you can see:
[image: Immagine in linea 1]
Regards,
Marco
2014-03-17 19:43 GMT+01:00 Matthew Kaufman matt...@matthew.at:
Random IPv6 complaint of the day: redirects from FCC.gov to pay.gov fail
when clients have IPv6 enabled. Work
One more (498?) set(s) of data points:
I used RIPE ATLAS probes to check the SSL certificate over IPv6 (a nice way to
check reachability)..
Measurement# 1584700
You can look through the data to determine where it's not reachable from, but
it seems to be generally reachable without issue from
It was reachable by hand-typed URL, but the machines trying to follow a
redirect from the FCC site during payment flow failed. Had to be brought back
online, so once it was determined that turning v6 off was sufficient, that was
the end if the debugging.
Matthew Kaufman
(Sent from my iPhone)
HE should work then, perhaps another problem + IPv6.
-as
On Mon, Mar 17, 2014 at 11:55 AM, Matthew Kaufman matt...@matthew.atwrote:
Windows 8 running Google Chrome as the browser.
Matthew Kaufman
On 3/17/2014 11:46 AM, Arturo Servin wrote:
No Happy Eyeballs?
Perhaps also time to
40 matches
Mail list logo