Re: pay.gov and IPv6

1480 seq = 1:174(1420)> > > > Regards, > Jordi > > > -Mensaje original- > De: Mark Andrews > Responder a: > Fecha: lunes, 21 de noviembre de 2016, 1:26 > Para: Carl Byington > CC: , > Asunto: Re: pay.gov and IPv6 > > >

Re: pay.gov and IPv6

echa: lunes, 21 de noviembre de 2016, 1:26 Para: Carl Byington CC: , Asunto: Re: pay.gov and IPv6 In message <1479686835.13553.4.ca...@ns.five-ten-sg.com>, Carl Byington writes: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On Sun, 2016-11-20

Re: pay.gov and IPv6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Mon, 2016-11-21 at 11:26 +1100, Mark Andrews wrote: > And the advertised MSS was what? On my box I'm seeing 1220 for > IPv6 compared with 1460 for IPv4. 1220 shouldn't see PMTU problems. --> 2001:8d8:100f:f000::2d5 syn w/ mss 1440 <-- 2

Re: pay.gov and IPv6

In message <1479686835.13553.4.ca...@ns.five-ten-sg.com>, Carl Byington writes: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On Sun, 2016-11-20 at 10:51 +0100, JORDI PALET MARTINEZ wrote: > > For example, you will not get this working if you have a lower MTU > > than 1.500, which is qu

Re: pay.gov and IPv6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sun, 2016-11-20 at 10:51 +0100, JORDI PALET MARTINEZ wrote: > For example, you will not get this working if you have a lower MTU > than 1.500, which is quite normal, not just for tunnels, but also > because the PPP/others encapsulation in many acc

Re: pay.gov and IPv6

t follow RIPE LABS site: https://labs.ripe.net/Members/jordipaletm/results-of-the-ipv6-deployment-survey Regards, Jordi -Mensaje original- De: NANOG en nombre de JORDI PALET MARTINEZ Responder a: Fecha: viernes, 18 de noviembre de 2016, 21:05 Para: Asunto: Re: pay.gov and IPv6

Re: pay.gov and IPv6

In message <87twb4slol@mid.deneb.enyo.de>, Florian Weimer writes: > * Mark Andrews: > > > The DNSSEC testing is also insufficient. 9-11commission.gov shows > > green for example but if you use DNS COOKIES (which BIND 9.10.4 and > > BIND 9.11.0 do) then servers barf and return BADVERS and val

Re: pay.gov and IPv6

: Fecha: sábado, 19 de noviembre de 2016, 3:22 Para: Asunto: Re: pay.gov and IPv6 > > I am working with pay.gov.c...@clev.frb.org, trying to explain the > problem. The intersection of government bureaucracy and technical issues is frustrating to say the least. I just

Re: pay.gov and IPv6

ing text for your tech support folks. Alternatively, have them look at the "pay.gov and ipv6" thread on nanog: http://mailman.nanog.org/pipermail/nanog/2016-November/thread.html www.pay.gov has an IPv6 address of 2605:3100:fffd:100::15, but that machine or its upstream routers are filtering icmpv6

Re: pay.gov and IPv6

* Mark Andrews: > The DNSSEC testing is also insufficient. 9-11commission.gov shows > green for example but if you use DNS COOKIES (which BIND 9.10.4 and > BIND 9.11.0 do) then servers barf and return BADVERS and validation > fails. QWEST you have been informed of this already. > > Why the hell

Re: pay.gov and IPv6

On Thu, 17 Nov 2016, Mark Andrews wrote: Why the hell should validating resolver have to work around the crap you guys are using? DO YOUR JOBS which is to use RFC COMPLIANT servers. You get PAID to do DNS because people think you are compentent to do the job. Evidence shows otherwise. https:/

Re: pay.gov and IPv6

On 11/17/16, Carl Byington wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On Thu, 2016-11-17 at 15:32 -0500, Lee wrote: >> That's fine, but until someone is willing to work with them don't >> expect it to get fixed. > > I am working with pay.gov.c...@clev.frb.org, trying to explain

Re: pay.gov and IPv6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2016-11-17 at 15:32 -0500, Lee wrote: > That's fine, but until someone is willing to work with them don't > expect it to get fixed. I am working with pay.gov.c...@clev.frb.org, trying to explain the problem. They seem to think I should provi

Re: pay.gov and IPv6

ure that PMTUD is not broken, so it just works in any >> circumstances. >> >> > >> >> > Regards, >> >> > Jordi >> >> >> >> If you don't do MSS fix up a 1280 link in the middle will find PMTUD >> >> issues >

Re: pay.gov and IPv6

circumstances. > >> > > >> > Regards, > >> > Jordi > >> > >> If you don't do MSS fix up a 1280 link in the middle will find PMTUD > >> issues > >> provided the testing host has a MTU > 1280. > >> > >> M

Re: pay.gov and IPv6

n't do MSS fix up a 1280 link in the middle will find PMTUD >> issues >> provided the testing host has a MTU > 1280. >> >> Mark >> >> > -Mensaje original- >> > De: NANOG en nombre de Mark Andrews < >> ma...@isc.org> >> &g

Re: pay.gov and IPv6

ting host has a MTU > 1280. > > Mark > > > -Mensaje original- > > De: NANOG en nombre de Mark Andrews < > ma...@isc.org> > > Responder a: > > Fecha: jueves, 17 de noviembre de 2016, 9:26 > > Para: Lee > > CC: > > Asunt

Re: pay.gov and IPv6

ll find PMTUD issues provided the testing host has a MTU > 1280. Mark > -Mensaje original- > De: NANOG en nombre de Mark Andrews > Responder a: > Fecha: jueves, 17 de noviembre de 2016, 9:26 > Para: Lee > CC: > Asunto: Re: pay.gov and IPv6 > > >

Re: pay.gov and IPv6

: Lee CC: Asunto: Re: pay.gov and IPv6 In message , Lee writes: > On 11/16/16, Mark Andrews wrote: > > > > In message <1479249003.3937.6.ca...@ns.five-ten-sg.com>, Carl Byington > > writes > > : > >> -BEGIN PGP

Re: pay.gov and IPv6

In message , Lee writes: > On 11/16/16, Mark Andrews wrote: > > > > In message <1479249003.3937.6.ca...@ns.five-ten-sg.com>, Carl Byington > > writes > > : > >> -BEGIN PGP SIGNED MESSAGE- > >> Hash: SHA512 > >> > >> Following up on a two year old thread, one of my clients just hit this >

Re: pay.gov and IPv6

Responder a: Fecha: miércoles, 16 de noviembre de 2016, 7:30 Para: Asunto: pay.gov and IPv6 -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Following up on a two year old thread, one of my clients just hit this problem. The failure is not that www.pay.gov is not reachable over

Re: pay.gov and IPv6

On 11/16/16, Mark Andrews wrote: > > In message <1479249003.3937.6.ca...@ns.five-ten-sg.com>, Carl Byington > writes > : >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA512 >> >> Following up on a two year old thread, one of my clients just hit this >> problem. The failure is not that www.pay.go

Re: pay.gov and IPv6

> On Nov 15, 2016, at 5:30 PM, Carl Byington wrote: > > openssl s_client -connect www.pay.gov:443 I’m not seeing the issue here, but they do have some possible issues the way they’re setting cookies (See details below). What path are you seeing to them? I’m also not having the issue from t

Re: pay.gov and IPv6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2016-11-16 at 20:59 +, Matthew Kaufman wrote: > I fixed it (and Netflix) by turning off IPv6 for all my users... but > any chance this is a path MTU issue causing the apparent hang? I fixed it by using the rpz feature of bind to disable

Re: pay.gov and IPv6

I fixed it (and Netflix) by turning off IPv6 for all my users... but any chance this is a path MTU issue causing the apparent hang? Matthew Kaufman On Wed, Nov 16, 2016 at 12:26 PM Mark Andrews wrote: > > In message <1479249003.3937.6.ca...@ns.five-ten-sg.com>, Carl Byington > writes > : > > ---

Re: pay.gov and IPv6

In message <1479249003.3937.6.ca...@ns.five-ten-sg.com>, Carl Byington writes : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Following up on a two year old thread, one of my clients just hit this > problem. The failure is not that www.pay.gov is not reachable over ipv6 > (2605:3100:fff

pay.gov and IPv6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Following up on a two year old thread, one of my clients just hit this problem. The failure is not that www.pay.gov is not reachable over ipv6 (2605:3100:fffd:100::15). They accept (TCP handshake) the port 443 connection, but the connection then hang

pay.gov and IPv6

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Following up on a two year old thread, one of my clients just hit this problem. The failure is not that www.pay.gov is not reachable over ipv6 (2605:3100:fffd:100::15). They accept (TCP handshake) the port 443 connection, but the connection then hang

Re: pay.gov and IPv6

This is why I need to pull logs the next time I need to pay the FCC. There are several rounds of redirects involved from clicking the payment button on the FCC site to the final landing at pay.gov, and one of the last steps never connects if IPv6 is enabled. Matthew Kaufman (Sent from my iPhon

Re: pay.gov and IPv6

Have you tried emailing the server admin at pay.gov.c...@clev.frb.org? On Sun, Oct 26, 2014 at 5:16 PM, Mark Andrews wrote: > > In message vl3...@mail.gmail.com> > , Todd Lyons writes: > > On Sat, Oct 25, 2014 at 10:26 AM, Matthew Kaufman > wrote: > > >> > > >> Random IPv6 complaint of the day

Re: pay.gov and IPv6

In message , Todd Lyons writes: > On Sat, Oct 25, 2014 at 10:26 AM, Matthew Kaufman wrote: > >> > >> Random IPv6 complaint of the day: redirects from FCC.gov to pay.gov fail > >> when clients have IPv6 enabled. Work fine if IPv6 is off. One more set of > > Still broken, 7 months later. And again

Re: pay.gov and IPv6

On Sat, Oct 25, 2014 at 10:26 AM, Matthew Kaufman wrote: >> >> Random IPv6 complaint of the day: redirects from FCC.gov to pay.gov fail >> when clients have IPv6 enabled. Work fine if IPv6 is off. One more set of > Still broken, 7 months later. And again, I was too busy trying to pay to try > to p

Re: pay.gov and IPv6

Why not just use a browser plugin that allow you to disable v6 selectively on a per site/domain basis? Most of them just display v4/v6 information, but 4or6 allows you to quickly set a domain/site as v4 only. Ref https://addons.mozilla.org/en-US/firefox/addon/4or6/?src=search -- Hugo On Oct 25

Re: pay.gov and IPv6

On 3/17/2014 11:43 AM, Matthew Kaufman wrote: Random IPv6 complaint of the day: redirects from FCC.gov to pay.gov fail when clients have IPv6 enabled. Work fine if IPv6 is off. One more set of client computers that should be dual-stacked are now relegated to IPv4-only until someone remembers to

Re: pay.gov and IPv6

www.eda.gov has been broken since January. It has a record but when clients connect via IPv6 they see "Bad Request (Invalid Hostname)” rather than the web site. On Mar 17, 2014, at 1:43 PM, Matthew Kaufman wrote: > Random IPv6 complaint of the day: redirects from FCC.gov to pay.gov fai

Re: pay.gov and IPv6

HE should work then, perhaps another problem + IPv6. -as On Mon, Mar 17, 2014 at 11:55 AM, Matthew Kaufman wrote: > Windows 8 running Google Chrome as the browser. > > Matthew Kaufman > > > On 3/17/2014 11:46 AM, Arturo Servin wrote: > > > No Happy Eyeballs? > > Perhaps also time to ditch XP

Re: pay.gov and IPv6

It was reachable by hand-typed URL, but the machines trying to follow a redirect from the FCC site during payment flow failed. Had to be brought back online, so once it was determined that turning v6 off was sufficient, that was the end if the debugging. Matthew Kaufman (Sent from my iPhone)

Re: pay.gov and IPv6

One more (498?) set(s) of data points: I used RIPE ATLAS probes to check the SSL certificate over IPv6 (a nice way to check reachability).. Measurement# 1584700 You can look through the data to determine where it's not reachable from, but it seems to be "generally reachable" without issue from

Re: pay.gov and IPv6

Hi Matthew, in Italy I see the site pay.gov in IPv6, as you can see: [image: Immagine in linea 1] Regards, Marco 2014-03-17 19:43 GMT+01:00 Matthew Kaufman : > Random IPv6 complaint of the day: redirects from FCC.gov to pay.gov fail > when clients have IPv6 enabled. Work fine if IPv6 is off.

Re: pay.gov and IPv6

No issues for me over IPv6 on Comcast. Perhaps some local network issue? Any reported issues if you try to visit http://www.test-ipv6.com/ ? - Jared On Mar 17, 2014, at 2:55 PM, Matthew Kaufman wrote: > Windows 8 running Google Chrome as the browser. > > Matthew Kaufman > > On 3/17/2014 11

Re: pay.gov and IPv6

Windows 8 running Google Chrome as the browser. Matthew Kaufman On 3/17/2014 11:46 AM, Arturo Servin wrote: No Happy Eyeballs? Perhaps also time to ditch XP and IE for something new as well. -as On Mon, Mar 17, 2014 at 11:43 AM, Matthew Kaufman > wrote: R

Re: pay.gov and IPv6

No Happy Eyeballs? Perhaps also time to ditch XP and IE for something new as well. -as On Mon, Mar 17, 2014 at 11:43 AM, Matthew Kaufman wrote: > Random IPv6 complaint of the day: redirects from FCC.gov to pay.gov fail > when clients have IPv6 enabled. Work fine if IPv6 is off. One more set

pay.gov and IPv6

Random IPv6 complaint of the day: redirects from FCC.gov to pay.gov fail when clients have IPv6 enabled. Work fine if IPv6 is off. One more set of client computers that should be dual-stacked are now relegated to IPv4-only until someone remembers to turn it back on for each of them... sigh. M