[opensuse] NTP question
On my home network, I have my firewall providing NTP and in turn connecting to a public NTP server. I access my firewall NTP server by host name, which will return both IPv4 and IPv6 addresses. In watching the NTP traffic between my desktop computer and firewall, I see both IPv4 and IPv6 addresses alternately being used. Is this the way the NTP client normally works? I could understand it trying multiple addresses, if that is what I provided, but I only provide a single host name, that returns both IPv4 and IPv6 addresses. Normally, with other apps, IPv6 is preferred over IPv4. This is on openSUSE 15.1 and my firewall/router runs pfSense. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On my home network, I have my firewall providing NTP and in turn connecting to a public NTP server. I access my firewall NTP server by host name, which will return both IPv4 and IPv6 addresses. In watching the NTP traffic between my desktop computer and firewall, I see both IPv4 and IPv6 addresses alternately being used. Is this the way the NTP client normally works? I could understand it trying multiple addresses, if that is what I provided, but I only provide a single host name, that returns both IPv4 and IPv6 addresses. Normally, with other apps, IPv6 is preferred over IPv4.
I have never looked at the traffic, only at the output of 'ntpq -pn' - sometime I see ipv4, some times I see ipv6. -- Per Jessen, Zürich (21.9°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-06 11:22 AM, Per Jessen wrote:
James Knott wrote:
On my home network, I have my firewall providing NTP and in turn connecting to a public NTP server. I access my firewall NTP server by host name, which will return both IPv4 and IPv6 addresses. In watching the NTP traffic between my desktop computer and firewall, I see both IPv4 and IPv6 addresses alternately being used. Is this the way the NTP client normally works? I could understand it trying multiple addresses, if that is what I provided, but I only provide a single host name, that returns both IPv4 and IPv6 addresses. Normally, with other apps, IPv6 is preferred over IPv4. I have never looked at the traffic, only at the output of 'ntpq -pn' - sometime I see ipv4, some times I see ipv6.
I have also noticed sometimes I get 2 IPv6 requests in a row, but haven't seen 2 IPv4 yet. It's not a problem, but I am curious as to why it happens, when normally IPv6 is preferred. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
> On 2019-08-06 11:22 AM, Per Jessen wrote:
>> James Knott wrote:
>>
>>> On my home network, I have my firewall providing NTP and in turn
>>> connecting to a public NTP server. I access my firewall NTP server
>>> by host name, which will return both IPv4 and IPv6 addresses. In
>>> watching the NTP traffic between my desktop computer and firewall, I
>>> see both IPv4 and IPv6 addresses alternately being used. Is this
>>> the way the NTP client normally works? I could understand it trying
>>> multiple addresses, if that is what I provided, but I only provide a
>>> single host name, that returns both IPv4 and IPv6 addresses.
>>> Normally, with other apps, IPv6 is preferred over IPv4.
>> I have never looked at the traffic, only at the output of 'ntpq -pn'
>> - sometime I see ipv4, some times I see ipv6.
>>
>>
>
> I have also noticed sometimes I get 2 IPv6 requests in a row, but
> haven't seen 2 IPv4 yet.
> It's not a problem, but I am curious as to why it happens, when
> normally IPv6 is preferred.
Yeah - on your local network it seems odd, but otherwise I guess there
could be differences that make an ipv6 connection better than an ipv4,
or vice versa?
On a 15.1 server I have running externally -
server ntp1.hetzner.de iburst
server ntp2.hetzner.com iburst
server ntp3.hetzner.net iburst
peer beaufort15.enidan.ch
peer beaufort2.enidan.ch
tattoo16:~ # ntpq -pn
remote refid st t when poll reach delay offset jitter
==============================================================================
+2a01:4f8:0:a0a1 237.17.204.95 2 u 635 1024 377 2.732 -1.105 0.148
+2a01:4f8:0:a112 124.216.164.14 2 u 387 1024 377 0.344 0.624 0.158
*2a01:4f8:0:a101 124.216.164.14 2 u 1020 1024 377 0.383 0.236 1.132
2a01:4f8:130:30 122.227.206.195 3 s 6h 1024 0 0.342 0.844 0.000
-2a01:4f8:121:43 213.239.239.166 3 s 927 1024 377 0.329 2.549 2.720
--
Per Jessen, Zürich (22.2°C)
http://www.dns24.ch/ - your free DNS host, made in Switzerland.
--
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-06 12:07 PM, Per Jessen wrote:
I have also noticed sometimes I get 2 IPv6 requests in a row, but haven't seen 2 IPv4 yet. It's not a problem, but I am curious as to why it happens, when normally IPv6 is preferred. Yeah - on your local network it seems odd, but otherwise I guess there could be differences that make an ipv6 connection better than an ipv4, or vice versa?
I have been letting Wireshark run for a while. In general, it alternates IPv4 & IPv6. There have been a few with 2 IPv6 requests in a row, 1 with 4 IPv6 and 1 with 2 IPv4. What ever it is, it sure isn't consistent. As I said, if I had specified 2 or more addresses, I'd expect them all to be used, as that's what NTP clients are supposed to do, as your results show. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 2019-08-06 12:07 PM, Per Jessen wrote:
I have also noticed sometimes I get 2 IPv6 requests in a row, but haven't seen 2 IPv4 yet. It's not a problem, but I am curious as to why it happens, when normally IPv6 is preferred. Yeah - on your local network it seems odd, but otherwise I guess there could be differences that make an ipv6 connection better than an ipv4, or vice versa?
I have been letting Wireshark run for a while. In general, it alternates IPv4 & IPv6. There have been a few with 2 IPv6 requests in a row, 1 with 4 IPv6 and 1 with 2 IPv4. What ever it is, it sure isn't consistent.
As I said, if I had specified 2 or more addresses, I'd expect them all to be used, as that's what NTP clients are supposed to do, as your results show.
Yes, when you only have one host, the lookup may reveal two addresses, and only if ipv6 somehow yields poor results (not likely on your local network), might ipv4 be preferred. For that host. What does "ntpq -pn" show? Just out of curiousity. -- Per Jessen, Zürich (22.0°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-06 01:53 PM, Per Jessen wrote:
Yes, when you only have one host, the lookup may reveal two addresses, and only if ipv6 somehow yields poor results (not likely on your local network), might ipv4 be preferred. For that host.
They are connected by a 1 Gb switch.
What does "ntpq -pn" show? Just out of curiousity.
# ntpq -pn If 'ntpq' is not a typo you can use command-not-found to lookup the package that contains it, like this: cnf ntpq I don't have ntp installed, so no server here. After installing it, I get # ntpq -pn ntpq: read: Connection refused -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-06 02:04 PM, James Knott wrote:
What does "ntpq -pn" show? Just out of curiousity. # ntpq -pn If 'ntpq' is not a typo you can use command-not-found to lookup the package that contains it, like this: cnf ntpq
I don't have ntp installed, so no server here.
After installing it, I get # ntpq -pn ntpq: read: Connection refused
After starting ntpd, I get # ntpq -pn No association ID's returned -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Content-ID: <alpine.LSU.2.21.1908062020070.26801@Telcontar.valinor> On Tuesday, 2019-08-06 at 14:09 -0400, James Knott wrote:
On 2019-08-06 02:04 PM, James Knott wrote:
What does "ntpq -pn" show? Just out of curiousity. # ntpq -pn If 'ntpq' is not a typo you can use command-not-found to lookup the package that contains it, like this: cnf ntpq
I don't have ntp installed, so no server here.
After installing it, I get # ntpq -pn ntpq: read: Connection refused
After starting ntpd, I get # ntpq -pn No association ID's returned
If you are not using ntpd, who/what was sending those packets? - -- Cheers, Carlos E. R. (from openSUSE 15.0 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXUnFARwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVrCEAnjF20lth9lEhuInkmbuY MF/kjRyTAJ4z5yIWDVpoiEuvoBSdwyVGQnNzwg== =xtd9 -----END PGP SIGNATURE-----
On 2019-08-06 02:20 PM, Carlos E. R. wrote:
If you are not using ntpd, who/what was sending those packets?
I don't know. It was a surprise to me too. I just assumed there might be some basic client function. Regardless, there doesn't seem to be much about the server in that package. I have set up ntp servers before, when I was using openSUSE for my firewall, and there was some configuration involved. I just checked software management for ntp stuff. All that's installed is the yast2 ntp client configuration, which was there before and ntp, which I just installed. I don't see anything else for basic ntp, though there is for ntpsec, etc.. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 2019-08-06 01:53 PM, Per Jessen wrote:
Yes, when you only have one host, the lookup may reveal two addresses, and only if ipv6 somehow yields poor results (not likely on your local network), might ipv4 be preferred. For that host.
They are connected by a 1 Gb switch.
Which should have zero impact or influence.
What does "ntpq -pn" show? Just out of curiousity.
# ntpq -pn If 'ntpq' is not a typo you can use command-not-found to lookup the package that contains it, like this: cnf ntpq
I don't have ntp installed, so no server here.
Oh, so what are you using? That other thing - chrony? I don't know anything about chrony, can't help with that. -- Per Jessen, Zürich (21.3°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-06 02:37 PM, Per Jessen wrote:
I don't have ntp installed, so no server here. Oh, so what are you using? That other thing - chrony? I don't know anything about chrony, can't help with that.
As I mentioned in another note, I didn't install anything. All that was installed was the yast ntp config. I have since installed ntp, but it doesn't seem to provide much in the way of an ntp server, at least not compared to what I'd seen a few years ago. This is 15.1. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 06/08/2019 20.53, James Knott wrote:
On 2019-08-06 02:37 PM, Per Jessen wrote:
I don't have ntp installed, so no server here. Oh, so what are you using? That other thing - chrony? I don't know anything about chrony, can't help with that.
As I mentioned in another note, I didn't install anything. All that was installed was the yast ntp config. I have since installed ntp, but it doesn't seem to provide much in the way of an ntp server, at least not compared to what I'd seen a few years ago.
This is 15.1.
Yes, but if you are asking about ntp network packets, you must have one of the three clients possible: ntp, chrony, or systemd-timesyncd.service. You don't have to install ntpd if it wasn't installed, you have to check the configuration of what was already installed. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-06 03:12 PM, Carlos E. R. wrote:
Yes, but if you are asking about ntp network packets, you must have one of the three clients possible: ntp, chrony, or systemd-timesyncd.service.
You don't have to install ntpd if it wasn't installed, you have to check the configuration of what was already installed.
I just covered this in another note. Chrony is installed and running. I didn't install it, so I guess it's part of the basic install. I'll uninstall ntp, as I don't need both. Is one better than the other? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 06/08/2019 21.19, James Knott wrote:
On 2019-08-06 03:12 PM, Carlos E. R. wrote:
Yes, but if you are asking about ntp network packets, you must have one of the three clients possible: ntp, chrony, or systemd-timesyncd.service.
You don't have to install ntpd if it wasn't installed, you have to check the configuration of what was already installed.
I just covered this in another note. Chrony is installed and running. I didn't install it, so I guess it's part of the basic install.
I'll uninstall ntp, as I don't need both. Is one better than the other?
I don't know. I have always used ntp, but some say that chrony is better because ntp has not received as much care recently, it needs an overhaul or something. So apparently chronny is the default now. I know nothing about the systemd client. I tried it once, and it seemed to use more memory than chronny, so I discarded it. But some one commented that perhaps I was not considering that part of that memory was shared libraries. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
James Knott wrote:
I'll uninstall ntp, as I don't need both. Is one better than the other?
Not to my knowledge, except I believe chrony is better when you're travelling (with a device). For a regular install it should be just as good, I only default to ntp because I'v ebene doing so for 15-20 years. -- Per Jessen, Zürich (21.4°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-06 02:53 PM, James Knott wrote:
On 2019-08-06 02:37 PM, Per Jessen wrote:
I don't have ntp installed, so no server here. Oh, so what are you using? That other thing - chrony? I don't know anything about chrony, can't help with that. As I mentioned in another note, I didn't install anything. All that was installed was the yast ntp config. I have since installed ntp, but it doesn't seem to provide much in the way of an ntp server, at least not compared to what I'd seen a few years ago.
This is 15.1.
I just checked my ThinkPad, which is running 15.0. Ntp is installed, but the services manager shows that while it's supposed to start on boot, it's state is inactive (dead). Also, chrony is installed and running on both systems. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 2019-08-06 02:37 PM, Per Jessen wrote:
I don't have ntp installed, so no server here. Oh, so what are you using? That other thing - chrony? I don't know anything about chrony, can't help with that.
As I mentioned in another note, I didn't install anything. All that was installed was the yast ntp config. I have since installed ntp, but it doesn't seem to provide much in the way of an ntp server, at least not compared to what I'd seen a few years ago.
This is 15.1.
Although I use both 15.0 and 15.1, I always ignore chrony and only use the old/real ntp. According to $SUBJ, I assumed you did too, my mistake. Installing ntp will not do anything for you - chrony is probably still running, I don't think they are mutually exclusive. Maybe repost your question specifically mentioning chrony. -- Per Jessen, Zürich (23.9°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 06/08/2019 21.26, Per Jessen wrote:
James Knott wrote:
On 2019-08-06 02:37 PM, Per Jessen wrote:
I don't have ntp installed, so no server here. Oh, so what are you using? That other thing - chrony? I don't know anything about chrony, can't help with that.
As I mentioned in another note, I didn't install anything. All that was installed was the yast ntp config. I have since installed ntp, but it doesn't seem to provide much in the way of an ntp server, at least not compared to what I'd seen a few years ago.
This is 15.1.
Although I use both 15.0 and 15.1, I always ignore chrony and only use the old/real ntp. According to $SUBJ, I assumed you did too, my mistake.
Installing ntp will not do anything for you - chrony is probably still running, I don't think they are mutually exclusive.
But running both should. They interfere with one another if they try to adjust the clock speed. I am using ntpd on the fixed machines, but on the laptops I think I have chronny. Undecided yet.
Maybe repost your question specifically mentioning chrony.
Yes :-) -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-06 03:26 PM, Per Jessen wrote:
Installing ntp will not do anything for you - chrony is probably still running, I don't think they are mutually exclusive.
Maybe repost your question specifically mentioning chrony.
I have disabled Chrony and enabled ntp. Both do the same with IPv4 and IPv6 addresses. One thing I've noticed is that both occur within a couple of seconds. Then, after about 64 seconds, they both repeat again. On the occasions when there are 2 IPv4 or IPv6 together, they're again about about 64 seconds apart. It would appear in those cases that the other protocol isn't used. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 2019-08-06 03:26 PM, Per Jessen wrote:
Installing ntp will not do anything for you - chrony is probably still running, I don't think they are mutually exclusive.
Maybe repost your question specifically mentioning chrony.
I have disabled Chrony and enabled ntp. Both do the same with IPv4 and IPv6 addresses. One thing I've noticed is that both occur within a couple of seconds. Then, after about 64 seconds, they both repeat again. On the occasions when there are 2 IPv4 or IPv6 together, they're again about about 64 seconds apart. It would appear in those cases that the other protocol isn't used.
Now that you've switched, what does "ntpq -pn" tell you? I have just enabled and configured ntpd on a test machine, eventually it also prefers IPv4, but that's because it has a higher stratum: # ntpq -pn remote refid st t when poll reach delay offset jitter ============================================================================== +192.168.2.254 .DCFa. 1 u 37 64 77 0.222 8.747 6.018 *fe80::202:a5ff: 192.168.2.254 2 b 14 16 376 0.115 4.498 2.684 I don't remember why the IPv6 address only is stratum 2, but there is some explanation. -- Per Jessen, Zürich (19.5°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/08/2019 08.50, Per Jessen wrote:
James Knott wrote:
Now that you've switched, what does "ntpq -pn" tell you?
I have just enabled and configured ntpd on a test machine, eventually it also prefers IPv4, but that's because it has a higher stratum:
# ntpq -pn remote refid st t when poll reach delay offset jitter ============================================================================== +192.168.2.254 .DCFa. 1 u 37 64 77 0.222 8.747 6.018 *fe80::202:a5ff: 192.168.2.254 2 b 14 16 376 0.115 4.498 2.684
I don't remember why the IPv6 address only is stratum 2, but there is some explanation.
So that I can try, how does ntp know that a server has both IPv4 and 6 on the same network? By setting both addresses on the dns server? I tried adding the IPv6 entry in /etc/hosts, but doesn't work. This machine uses bind since ages, and I don't know how to add IPv6 entries to it... I have being considering changing to dnsmasq instead, but... -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E. R. wrote:
On 07/08/2019 08.50, Per Jessen wrote:
James Knott wrote:
Now that you've switched, what does "ntpq -pn" tell you?
I have just enabled and configured ntpd on a test machine, eventually it also prefers IPv4, but that's because it has a higher stratum:
# ntpq -pn remote refid st t when poll reach delay offset jitter
==============================================================================
+192.168.2.254 .DCFa. 1 u 37 64 77 0.222 8.747 6.018 *fe80::202:a5ff: 192.168.2.254 2 b 14 16 376 0.115 4.498 2.684
I don't remember why the IPv6 address only is stratum 2, but there is some explanation.
So that I can try, how does ntp know that a server has both IPv4 and 6 on the same network? By setting both addresses on the dns server?
Yes, exactly. Or in my case, I use ipv6 multicast. If you just specify one server in ntp.conf, I think you also only ought to see one opf the addresses.
I tried adding the IPv6 entry in /etc/hosts, but doesn't work. This machine uses bind since ages, and I don't know how to add IPv6 entries to it... I have being considering changing to dnsmasq instead, but...
You add IPv6 the same way you add IPv4 - edit the zone file, add a 'AAAA' record. -- Per Jessen, Zürich (18.6°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/08/2019 11.59, Per Jessen wrote:
Carlos E. R. wrote:
...
So that I can try, how does ntp know that a server has both IPv4 and 6 on the same network? By setting both addresses on the dns server?
Yes, exactly. Or in my case, I use ipv6 multicast. If you just specify one server in ntp.conf, I think you also only ought to see one opf the addresses.
I tried adding the IPv6 entry in /etc/hosts, but doesn't work. This machine uses bind since ages, and I don't know how to add IPv6 entries to it... I have being considering changing to dnsmasq instead, but...
You add IPv6 the same way you add IPv4 - edit the zone file, add a 'AAAA' record.
Gosh. I tremble every time I touch them. :-} I have two zone files: /etc/named/zone/1.168.192: $TTL 86400 1.168.192.in-addr.arpa. SOA Telcontar.valinor. root.Telcontar.valinor. ( 2018071501 28800 7200 604800 86400 ) NS Telcontar.valinor. ... 14 PTR Telcontar.valinor. 15 PTR AmonLanc.valinor. 16 PTR Isengard.valinor. /etc/named/zone/valinor: $TTL 86400 valinor. SOA Telcontar.valinor. root.Telcontar.valinor. ( 2018071501 28800 7200 604800 86400 ) NS Telcontar MX 10 Telcontar ... Telcontar A 192.168.1.14 MX 10 Telcontar AmonLanc A 192.168.1.15 Isengard A 192.168.1.16 As you see, I don't cover IPv6 at all. I would not know how to start. Maybe find some sample files on google :-? -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E. R. wrote:
/etc/named/zone/valinor:
$TTL 86400 valinor. SOA Telcontar.valinor. root.Telcontar.valinor. ( 2018071501 28800 7200 604800 86400 ) NS Telcontar MX 10 Telcontar
...
Telcontar A 192.168.1.14 MX 10 Telcontar AmonLanc A 192.168.1.15 Isengard A 192.168.1.16
As you see, I don't cover IPv6 at all. I would not know how to start.
Just add a line : Isengard AAAA 2001:db8:140:726c::2 -- Per Jessen, Zürich (20.2°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/08/2019 13.42, Per Jessen wrote:
Carlos E. R. wrote:
/etc/named/zone/valinor:
$TTL 86400 valinor. SOA Telcontar.valinor. root.Telcontar.valinor. ( 2018071501 28800 7200 604800 86400 ) NS Telcontar MX 10 Telcontar
...
Telcontar A 192.168.1.14 MX 10 Telcontar AmonLanc A 192.168.1.15 Isengard A 192.168.1.16
As you see, I don't cover IPv6 at all. I would not know how to start.
Just add a line :
Isengard AAAA 2001:db8:140:726c::2
I had done that just now. Doesn't work. (See or jump down, solved) Isengard A 192.168.1.16 Isengard AAAA fe80::4ecc:6aff:fe61:50a1 I restart the daemon, and now: Telcontar:~ # host Isengard Host Isengard.valinor not found: 2(SERVFAIL) Telcontar:~ # host isengard Host isengard.valinor not found: 2(SERVFAIL) Telcontar:~ # But it is not the IPv6 address, because I revert the change and I have the same issue. Both ping and ssh work. For some reason, all my dns queries to the local network fail. /etc/resolv.conf search valinor nameserver 192.168.1.14 It is the correct IP. Reverse search is working: Telcontar:~ # host 192.168.1.14 14.1.168.192.in-addr.arpa domain name pointer Telcontar.valinor. Telcontar:~ # host 192.168.1.16 16.1.168.192.in-addr.arpa domain name pointer Isengard.valinor. Telcontar:~ # Baffled :-? Oh! Aug 07 13:56:44 Telcontar named[15097]: zone valinor/IN: loading from master file zone/valinor failed: bad owner name (check-names) Aug 07 13:56:44 Telcontar named[15097]: zone valinor/IN: not loaded due to errors. Aug 07 13:56:44 Telcontar named[15097]: zone localhost/IN: loaded serial 2007123000 Aug 07 13:56:44 Telcontar named[15097]: zone 168.16.172.in-addr.arpa/IN: loading from master file zone/168.16.172 failed: file not found Aug 07 13:56:44 Telcontar named[15097]: zone 168.16.172.in-addr.arpa/IN: not loaded due to errors. Google says it can be international names, but I use none, AFAIK. Found it! A commented line starting with '#' instead of ';' Telcontar:~ # host isengard.valinor Isengard.valinor has address 192.168.1.16 Isengard.valinor has IPv6 address fe80::4ecc:6aff:fe61:50a1 Telcontar:~ # Gosh :-( Solved that part. But I still can not connect on IPv6, maybe it doesn't like link local addresses. Telcontar:~ # ping -6 isengard connect: Invalid argument Telcontar:~ # ping -4 isengard PING Isengard.valinor (192.168.1.16) 56(84) bytes of data. 64 bytes from Isengard.valinor (192.168.1.16): icmp_seq=1 ttl=64 time=0.297 ms 64 bytes from Isengard.valinor (192.168.1.16): icmp_seq=2 ttl=64 time=0.296 ms ^C --- Isengard.valinor ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1011ms rtt min/avg/max/mdev = 0.296/0.296/0.297/0.017 ms Telcontar:~ # cer@Telcontar:~> ssh -6 -X root@Isengard.valinor ssh: connect to host isengard.valinor port 22: Invalid argument cer@Telcontar:~> The old problem :-( cer@Telcontar:~> ping fe80::4ecc:6aff:fe61:50a1 connect: Invalid argument cer@Telcontar:~> ping "fe80::4ecc:6aff:fe61:50a1" connect: Invalid argument cer@Telcontar:~> -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 07/08/2019 14:13, Carlos E. R. wrote:
Telcontar:~ # ping -6 isengard connect: Invalid argument Telcontar:~ # ping -4 isengard PING Isengard.valinor (192.168.1.16) 56(84) bytes of data. 64 bytes from Isengard.valinor (192.168.1.16): icmp_seq=1 ttl=64 time=0.297 ms 64 bytes from Isengard.valinor (192.168.1.16): icmp_seq=2 ttl=64 time=0.296 ms ^C --- Isengard.valinor ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1011ms rtt min/avg/max/mdev = 0.296/0.296/0.297/0.017 ms Telcontar:~ #
cer@Telcontar:~> ssh -6 -X root@Isengard.valinor ssh: connect to host isengard.valinor port 22: Invalid argument cer@Telcontar:~>
The old problem :-(
cer@Telcontar:~> ping fe80::4ecc:6aff:fe61:50a1 connect: Invalid argument cer@Telcontar:~> ping "fe80::4ecc:6aff:fe61:50a1" connect: Invalid argument cer@Telcontar:~>
From a forever noob who knows nothing about any of this but is so far spending today looking at random tutorials regarding ssh and ipv6, could it be anything to do with not specifying the port at the end of the link local address, e.g. with %eth0 ? gumb -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/08/2019 14:51, gumb wrote:
From a forever noob who knows nothing about any of this but is so far spending today looking at random tutorials regarding ssh and ipv6, could it be anything to do with not specifying the port at the end of the link local address, e.g. with %eth0 ?
I meant interface, not port. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/08/2019 14.52, gumb wrote:
On 07/08/2019 14:51, gumb wrote:
From a forever noob who knows nothing about any of this but is so far spending today looking at random tutorials regarding ssh and ipv6, could it be anything to do with not specifying the port at the end of the link local address, e.g. with %eth0 ?
I meant interface, not port.
Probably. But as my machines do not get IPv6 from the ISP (and there are no plans to do so), the router does not give IPv6 addresses to the machines. So I tried to use the link-local address. I would have to _add_ an IPv6 address to the interface. I don't know how to have that machine on automatic IPv6 address and add a fixed IPv6 address too. I must try again. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E. R. wrote:
I would have to _add_ an IPv6 address to the interface. I don't know how to have that machine on automatic IPv6 address and add a fixed IPv6 address too. I must try again.
ip addr add ipv6-addr dev ethx If you want it to be permanent, you add it to /etc/sysconfig/network/ifcfg-ethX. -- Per Jessen, Zürich (20.6°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-07 08:59 AM, Carlos E. R. wrote:
But as my machines do not get IPv6 from the ISP (and there are no plans to do so), the router does not give IPv6 addresses to the machines.
So I tried to use the link-local address.
I would have to _add_ an IPv6 address to the interface. I don't know how to have that machine on automatic IPv6 address and add a fixed IPv6 address too. I must try again.
If you use something like pfSense for a firewall, you can have it provide addresses to the network. However, if you're not getting addresses from the ISP or via a tunnel from he.net or similar, you should use something in the unique local range, which is fc:: /7. Normally you'd use addresses starting with fd. Like RFC1918 addresses on IPv4, unique local addresses are routeable, but not allowed on the Internet. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2019-08-07 at 12:40 -0400, James Knott wrote:
On 2019-08-07 08:59 AM, Carlos E. R. wrote:
But as my machines do not get IPv6 from the ISP (and there are no plans to do so), the router does not give IPv6 addresses to the machines.
So I tried to use the link-local address.
I would have to _add_ an IPv6 address to the interface. I don't know how to have that machine on automatic IPv6 address and add a fixed IPv6 address too. I must try again.
If you use something like pfSense for a firewall, you can have it provide addresses to the network. However, if you're not getting addresses from the ISP or via a tunnel from he.net or similar, you should use something in the unique local range, which is fc:: /7. Normally you'd use addresses starting with fd. Like RFC1918 addresses on IPv4, unique local addresses are routeable, but not allowed on the Internet.
Forget the router. It has to be done on YaST. I'll have a look later. - -- Cheers, Carlos E. R. (from openSUSE 15.0 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXUsl+Bwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVqtMAn3j3DQc+qJiNPrad04A3 Vo1mPZibAJ9vX4FZ5f2zD6S3htJB6dTNbPuQEA== =JXpO -----END PGP SIGNATURE-----
On 2019-08-07 03:26 PM, Carlos E. R. wrote:
If you use something like pfSense for a firewall, you can have it provide addresses to the network. However, if you're not getting addresses from the ISP or via a tunnel from he.net or similar, you should use something in the unique local range, which is fc:: /7. Normally you'd use addresses starting with fd. Like RFC1918 addresses on IPv4, unique local addresses are routeable, but not allowed on the Internet. Forget the router.
It has to be done on YaST.
I'll have a look later.
You can still do it in Yast. Just pick addresses within that range. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/08/2019 21.38, James Knott wrote:
On 2019-08-07 03:26 PM, Carlos E. R. wrote:
If you use something like pfSense for a firewall, you can have it provide addresses to the network. However, if you're not getting addresses from the ISP or via a tunnel from he.net or similar, you should use something in the unique local range, which is fc:: /7. Normally you'd use addresses starting with fd. Like RFC1918 addresses on IPv4, unique local addresses are routeable, but not allowed on the Internet. Forget the router.
It has to be done on YaST.
I'll have a look later.
You can still do it in Yast. Just pick addresses within that range.
Yes, I know. What I wonder is: having one IP-6 automated having another IP-6 fixed. In YaST [... Looking...] Ok, I have one IPv4 fixed address, and it allows me to add another IPv4 address, not an IPv6 address. It asks for IPv4 Label, address and netmask. What is label? Ah. Help explains it. Still, no IPv6 support in Yast :-( -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2019-08-07 at 22:16 +0200, Carlos E. R. wrote:
On 07/08/2019 21.38, James Knott wrote:
On 2019-08-07 03:26 PM, Carlos E. R. wrote:
...
In YaST [... Looking...]
Ok, I have one IPv4 fixed address, and it allows me to add another IPv4 address, not an IPv6 address.
It asks for IPv4 Label, address and netmask. What is label? Ah. Help explains it. Still, no IPv6 support in Yast :-(
YaST2 - lan @ Isengard Network Card Setup ┌General──Address──Hardware───────────────────────────────────────┐ │ Device Type Configuration Name │ │ Ethernet▒▒▒▒▒▒▒▒▒▒▒▒↓ eth0▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ │ │( ) No Link and IP Setup (Bonding Slaves) [ ] Use iBFT Values │ │( ) Dynamic Address DHCP▒▒▒▒▒▒▒▒▒▒↓ DHCP both version 4 and 6▒↓│ │(x) Statically Assigned IP Address │ │IP Address Subnet Mask Hostname │ │192.168.1.16▒▒▒▒▒▒ /24▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ←engard.valinor▒ │ │┌Additional Addresses─┌──────────────────┐──────────────────────┐│ ││ ┌─────────────────│IPv4 Address Label│ ─────────────────┐ ││ ││ │IPv4 Address Labe│▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒│ │ ││ ││ │ │IP Address │ │ ││ ││ │ │▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒│ │ ││ ││ │ │Netmask │ │ ││ ││ │ │▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒│ │ ││ ││ │ │ [OK][Cancel] │ │ ││ ││ │ └──────────────────┘ │ ││ ││ │ │ ││ ││ │ │ ││ ││ │ │ ││ ││ │ │ ││ ││ └───────────────────────────────────────────────────────┘ ││ ││ [Add][Edit][Delete] ││ │└───────────────────────────────────────────────────────────────┘│ └─────────────────────────────────────────────────────────────────┘ [Help] [Back] [Cancel] [Next] F9 Cancel F10 OK I can not enter an IPv6 there :-( - -- Cheers, Carlos E. R. (from openSUSE 15.0 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXUs2XBwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVkWQAn04ZseOs/3zKSpRP7XfV gMu4I5k2AKCEoUHhrGrHnA3VXbfXKTFXx2lUhg== =w3gR -----END PGP SIGNATURE-----
Carlos E. R. wrote:
YaST2 - lan @ Isengard
Network Card Setup ┌General──Address──Hardware───────────────────────────────────────┐ │ Device Type Configuration Name │ │ Ethernet▒▒▒▒▒▒▒▒▒▒▒▒↓ eth0▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ │ │( ) No Link and IP Setup (Bonding Slaves) [ ] Use iBFT Values │ │( ) Dynamic Address DHCP▒▒▒▒▒▒▒▒▒▒↓ DHCP both version 4 and 6▒↓│ │(x) Statically Assigned IP Address │ │IP Address Subnet Mask Hostname │ │192.168.1.16▒▒▒▒▒▒ /24▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ←engard.valinor▒ │ │┌Additional Addresses─┌──────────────────┐──────────────────────┐│ ││ ┌─────────────────│IPv4 Address Label│ ─────────────────┐ ││ ││ │IPv4 Address Labe│▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒│ │ ││ ││ │ │IP Address │ │ ││ ││ │ │▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒│ │ ││ ││ │ │Netmask │ │ ││ ││ │ │▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒│ │ ││ ││ │ │ [OK][Cancel] │ │ ││ ││ │ └──────────────────┘ │ ││ ││ │ │ ││ ││ │ │ ││ ││ │ │ ││ ││ │ │ ││ ││ └───────────────────────────────────────────────────────┘ ││ ││ [Add][Edit][Delete] ││ │└───────────────────────────────────────────────────────────────┘│ └─────────────────────────────────────────────────────────────────┘ [Help] [Back] [Cancel] [Next]
F9 Cancel F10 OK
I can not enter an IPv6 there :-(
Did you actually try? It works just fine. -- Per Jessen, Zürich (22.9°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday, 2019-08-08 at 13:31 +0200, Per Jessen wrote: ...
F9 Cancel F10 OK
I can not enter an IPv6 there :-(
Did you actually try? It works just fine.
Yes, I did. On another post :-) - -- Cheers, Carlos E. R. (from openSUSE 15.0 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXUwVUhwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVsUsAnRAuuE8psYT6RTOhi7PE q/M7M9X6AJ94gLcx0W3vVjAEbePLWqI/8hFI5g== =ZKLt -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-08 08:28 AM, Carlos E. R. wrote:
Did you actually try? It works just fine. Yes, I did. On another post :-)
Try it on your computer instead. ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/08/2019 15.02, James Knott wrote:
On 2019-08-08 08:28 AM, Carlos E. R. wrote:
Did you actually try? It works just fine. Yes, I did. On another post :-)
Try it on your computer instead. ;-)
I mean that I did on my computer and said so on another post. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-07 04:16 PM, Carlos E. R. wrote:
It asks for IPv4 Label, address and netmask. What is label? Ah. Help explains it. Still, no IPv6 support in Yast :-(
In all the years I've been running IPv6, I've never had to manually configure an IPv6 address. It normally happens automagically. With pfSense, you could configure it to use SLAAC or DHCPv6 to assign addresses. On the other hand, there have been plenty of times I've manually configured IPv4 addresses. You can have many addresses on an interface. For example, with SLAAC, after a computer has been up for a week, it will have at least 9 addresses. There will be a link local address, which starts with fe80, a consistent address that does not change, which can be based on the MAC address or a random number and up to 7 temporary "privacy" addresses, with a new one created every day, with the old ones falling off the list after a week. Then you can add unique local addresses, again up to 8 after a week. So, if your computer has been up long enough, you could have 15 addresses assigned to an interface. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Content-ID: <alpine.LSU.2.21.1908080027080.748@Telcontar.valinor> On Wednesday, 2019-08-07 at 16:44 -0400, James Knott wrote:
On 2019-08-07 04:16 PM, Carlos E. R. wrote:
It asks for IPv4 Label, address and netmask. What is label? Ah. Help explains it. Still, no IPv6 support in Yast :-(
In all the years I've been running IPv6, I've never had to manually configure an IPv6 address. It normally happens automagically.
And I have never had it happen automatically, because no provider provides IPv6 here. As far as we know, it is going to be IPv4 for ever. Those histories about IPv4 running out and having to implement IPv6 now yes or yes, were all lies {sarcastic}. I don't know if I'll ever see IPv6 before I go gaga. Maybe if the Chinese implement 5G here we might see something. I'm not the only one wondering about it: <https://www.adslzone.net/2017/02/16/no-estamos-utilizando-ya-todos-espana-ipv6-pleno-2017/> *Why aren't we all already using IPv6 in Spain in full 2017?* ... In Europe we find countries with an average of 12%, with Spain being one of the countries in the European Union where there is the least adoption with 0.11%. ... The main problem is that Spanish operators do not have IPv6 routing enabled. Movistar has adapted its network to IPv6 and with addresses assigned to all customers, but these addresses are not routable over the Internet as routing and RA/DHCPv6 are deactivated, so until they activate it, the rest of the operators will not move a chip. <https://www.adslzone.net/2018/05/22/reduce-velocidad-adopcion-ipv6/> *IPv6 Adoption Slowed: What's Happening?* IPv6 was officially released to the world in 2012, and since then its adoption has been accelerating. However, so far in 2018 its adoption has stagnated, which is atypical considering the rapid adoption it has had so far. ... There is little interest in implementing it However, these measures do not appear to be sufficient to encourage adoption that does not seem to follow patterns, making it difficult to understand the deployment or predict what its adoption will be in the coming years. In addition, a user often looks at coverage, price and speed when contracting the Internet rather than whether or not he or she has IPv6. <https://www.redeszone.net/2019/05/04/adopcion-ipv6-nativa/> *Adoption of native IPv6 worldwide is around 25%, in Spain only 2.1% of connections.* Written by Sergio De Luz 4 May, 2019 at 13:00 The IPv6 protocol continues to expand around the world at a good pace, but it is not yet too widespread, which is a problem since all IPv4 addresses are exhausted. Currently what some operators are doing is trying to delay as much as possible the adoption of IPv6 in their networks, mitigating the problem of lack of public IPv4 addresses by using techniques such as CG-NAT to save a significant number of public IP addresses, while they continue to grow in number of customers. Do you want to know how is the adoption of IPv6 worldwide, in Spain and surrounding countries? ... While, worldwide, the use of IPv6 measured by Google is around 25%, in Spain we have a serious problem and that is that only 2.1% of Internet connections that use Google services use this network protocol natively. Currently the main operators are already deploying this protocol to their customers, but they do not usually do so natively, but make use of techniques such as DS-Lite, to provide connectivity with IPv4 networks since we are currently in a transition period.
With pfSense, you could configure it to use SLAAC or DHCPv6 to assign addresses.
Well, the router is ISP provided and I can not change it, so there is nothing of that. And no point in setting it up, as there is no IPv6 to internet. (as a matter of fact, the router supports IPv6. But as it sees no outside IPv6, it does not handle them internally either) I can only set up IPv6 internally, with no route to internet, to play internally. That's what I'm trying on that computer, and YaST doen't seem to allow it. Funny, because years ago I did set it up in this computer: 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:21:85:16:2d:0b brd ff:ff:ff:ff:ff:ff inet 192.168.1.14/24 brd 192.168.1.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fc00::14/64 scope global valid_lft forever preferred_lft forever inet6 fe80::221:85ff:fe16:2d0b/64 scope link valid_lft forever preferred_lft forever YaST: Network Card Setup ┌General──Address──Hardware───────────────────────────────────────┐ │ Device Type Configuration Name │ │ Ethernet▒▒▒▒▒▒▒▒▒▒▒▒↓ eth0▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ │ │( ) No Link and IP Setup (Bonding Slaves) [ ] Use iBFT Values │ │( ) Dynamic Address DHCP▒▒▒▒▒▒▒▒▒▒↓ DHCP both version 4 and 6▒↓│ │(x) Statically Assigned IP Address │ │IP Address Subnet Mask Hostname │ │192.168.1.14▒▒▒▒▒▒ /24▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ←contar.valinor▒ │ │┌Additional Addresses───────────────────────────────────────────┐│ ││ ┌───────────────────────────────────────────────────────┐ ││ ││ │IPv4 Address Label│IP Address │Netmask │ ││ ││ │ │fC00:0:0:0::14│/64 │ ││ ││ │ │ ││ ││ │ │ ││ ││ │ │ ││ ││ │ │ ││ ││ │ │ ││ ││ │ │ ││ ││ │ │ ││ Maybe it works. I'll try to just write an fc00::16 address there, even if it says IPv4 only. [...] Slow... takes minutes to think it out. Well, it took: 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 4c:cc:6a:61:50:a1 brd ff:ff:ff:ff:ff:ff inet 192.168.1.16/24 brd 192.168.1.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fc00::16/64 scope global valid_lft forever preferred_lft forever inet6 fe80::4ecc:6aff:fe61:50a1/64 scope link valid_lft forever preferred_lft forever I have /64. You commented to use /7. I have no preference either way. Should I? Still, it doesn't work by name after updating my name server: Telcontar:~ # host Isengard Isengard.valinor has address 192.168.1.16 Isengard.valinor has IPv6 address fc00::16 Telcontar:~ # host Telcontar Telcontar.valinor has address 192.168.1.14 Telcontar.valinor has IPv6 address fc00::14 Telcontar.valinor mail is handled by 10 Telcontar.valinor. Telcontar:~ # ping Isengard PING Isengard.valinor (192.168.1.16) 56(84) bytes of data. 64 bytes from Isengard.valinor (192.168.1.16): icmp_seq=1 ttl=64 time=0.309 ms 64 bytes from Isengard.valinor (192.168.1.16): icmp_seq=2 ttl=64 time=0.352 ms ^C - --- Isengard.valinor ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.309/0.330/0.352/0.028 ms Telcontar:~ # ping -6 Isengard connect: Invalid argument Telcontar:~ # ping -6 fc00::16 PING fc00::16(fc00::16) 56 data bytes 64 bytes from fc00::16: icmp_seq=1 ttl=64 time=0.643 ms 64 bytes from fc00::16: icmp_seq=2 ttl=64 time=0.344 ms ^C - --- fc00::16 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1030ms rtt min/avg/max/mdev = 0.344/0.493/0.643/0.151 ms Telcontar:~ # I can not ping using IPv6 by name. I can by IP. Same thing with ssh. cer@Telcontar:~> ssh -X cer@Isengard.valinor Last login: Wed Aug 7 21:33:42 2019 from 192.168.1.14 Have a lot of fun... cer@Isengard:~> logout Connection to isengard.valinor closed. cer@Telcontar:~> ssh -6 -X cer@Isengard.valinor ssh: connect to host isengard.valinor port 22: Invalid argument cer@Telcontar:~> ssh -6 -X cer@fc00::16 The authenticity of host 'fc00::16 (fc00::16)' can't be established. ECDSA key fingerprint is SHA256:ILybaOsrdw95ufuc4st0K1V6QyLT8ZWwBCJQVZfzwNk. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'fc00::16' (ECDSA) to the list of known hosts. Last login: Thu Aug 8 00:22:42 2019 from 192.168.1.14 Have a lot of fun... cer@Isengard:~> Baffled... - -- Cheers, Carlos E. R. (from openSUSE 15.0 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXUtQ7xwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVeysAnRh7PhB5SqpP73tgc+vo w+qOeWpyAJ0YMeM4uyO4Bio6E1U4xLytpctgWA== =E4hH -----END PGP SIGNATURE-----
On 2019-08-07 06:30 PM, Carlos E. R. wrote:
And I have never had it happen automatically, because no provider provides IPv6 here.
You can use a tunnel, as provided by Hurricane Electric or similar Check he.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/08/2019 01.10, James Knott wrote:
On 2019-08-07 06:30 PM, Carlos E. R. wrote:
And I have never had it happen automatically, because no provider provides IPv6 here.
You can use a tunnel, as provided by Hurricane Electric or similar
Check he.net
Sure, but I get no advantage from it. I don't need to connect to any IPv6 only site. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-07 07:43 PM, Carlos E. R. wrote:
Check he.net Sure, but I get no advantage from it. I don't need to connect to any IPv6 only site.
You can get some experience with IPv6. BTW, that he.net tunnel is free. I had previously used a tunnel from a different provider, when I was using openSUSE as my firewall/router. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/08/2019 01.10, James Knott wrote:
On 2019-08-07 06:30 PM, Carlos E. R. wrote:
And I have never had it happen automatically, because no provider provides IPv6 here.
You can use a tunnel, as provided by Hurricane Electric or similar
Check he.net
They want my name, address, phone number... Too intrusive. I cancelled the procedure. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
* Carlos E. R. <robin.listas@telefonica.net> [08-11-19 14:05]:
On 08/08/2019 01.10, James Knott wrote:
On 2019-08-07 06:30 PM, Carlos E. R. wrote:
And I have never had it happen automatically, because no provider provides IPv6 here.
You can use a tunnel, as provided by Hurricane Electric or similar
Check he.net
They want my name, address, phone number... Too intrusive. I cancelled the procedure.
got the tin-foil hat out again? -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-11 02:02 PM, Carlos E. R. wrote:
They want my name, address, phone number... Too intrusive. I cancelled the procedure.
Does your ISP want your name, address phone number? Phone company? Bank? Employer? Library? Doctor? etc. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 11/08/2019 20.13, James Knott wrote:
On 2019-08-11 02:02 PM, Carlos E. R. wrote:
They want my name, address, phone number... Too intrusive. I cancelled the procedure.
Does your ISP want your name, address phone number? Phone company? Bank? Employer? Library? Doctor? etc.
But they are *MY* ISP and subject to the local laws. These people I don't know what they are and what they will do with that information. Why will they give service gratis? Surely there is some hidden interest. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-11 02:29 PM, Carlos E. R. wrote:
But they are *MY* ISP and subject to the local laws. These people I don't know what they are and what they will do with that information. Why will they give service gratis? Surely there is some hidden interest.
Have you never ordered a magazine subscription from a foreign publisher? Do you think they respect your local laws? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 11/08/2019 20.13, James Knott wrote:
On 2019-08-11 02:02 PM, Carlos E. R. wrote:
They want my name, address, phone number... Too intrusive. I cancelled the procedure.
Does your ISP want your name, address phone number? Phone company? Bank? Employer? Library? Doctor? etc.
But they are *MY* ISP and subject to the local laws. These people I don't know what they are and what they will do with that information. Why will they give service gratis? Surely there is some hidden interest.
HE is only acting as a responsible ISP. If I were to provide you with an IPv6 tunnel and a /64 prefix, I would also want to know your exact details. -- Per Jessen, Zürich (18.2°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-11 02:45 PM, Per Jessen wrote:
HE is only acting as a responsible ISP. If I were to provide you with an IPv6 tunnel and a /64 prefix, I would also want to know your exact details.
I believe they provide a /48. Also, they have POPs in Spain. Wouldn't that bring them under Spanish or EU law? https://pop.he.net/?country=Spain -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 2019-08-11 02:45 PM, Per Jessen wrote:
HE is only acting as a responsible ISP. If I were to provide you with an IPv6 tunnel and a /64 prefix, I would also want to know your exact details.
I believe they provide a /48.
Also, they have POPs in Spain. Wouldn't that bring them under Spanish or EU law? https://pop.he.net/?country=Spain
Maybe - Equinix (US) and Interxion (NL) are big backbone providers, I presume they simply have peering with HE. The EU GPDR will apply though. -- Per Jessen, Zürich (18.2°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen wrote:
Carlos E. R. wrote:
On 11/08/2019 20.13, James Knott wrote:
On 2019-08-11 02:02 PM, Carlos E. R. wrote:
They want my name, address, phone number... Too intrusive. I cancelled the procedure.
Does your ISP want your name, address phone number? Phone company? Bank? Employer? Library? Doctor? etc.
But they are *MY* ISP and subject to the local laws. These people I don't know what they are and what they will do with that information. Why will they give service gratis? Surely there is some hidden interest.
HE is only acting as a responsible ISP. If I were to provide you with an IPv6 tunnel and a /64 prefix, I would also want to know your exact details.
If they are really doing it 100% properly, they'll even record your details in the whois database. -- Per Jessen, Zürich (18.0°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 11/08/2019 20.45, Per Jessen wrote:
Carlos E. R. wrote:
On 11/08/2019 20.13, James Knott wrote:
On 2019-08-11 02:02 PM, Carlos E. R. wrote:
They want my name, address, phone number... Too intrusive. I cancelled the procedure.
Does your ISP want your name, address phone number? Phone company? Bank? Employer? Library? Doctor? etc.
But they are *MY* ISP and subject to the local laws. These people I don't know what they are and what they will do with that information. Why will they give service gratis? Surely there is some hidden interest.
HE is only acting as a responsible ISP. If I were to provide you with an IPv6 tunnel and a /64 prefix, I would also want to know your exact details.
Mmmm... I'll ask my pillow about it. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E. R. wrote:
On Wednesday, 2019-08-07 at 16:44 -0400, James Knott wrote:
On 2019-08-07 04:16 PM, Carlos E. R. wrote:
It asks for IPv4 Label, address and netmask. What is label? Ah. Help explains it. Still, no IPv6 support in Yast :-(
In all the years I've been running IPv6, I've never had to manually configure an IPv6 address. It normally happens automagically.
And I have never had it happen automatically, because no provider provides IPv6 here.
As far as we know, it is going to be IPv4 for ever. Those histories about IPv4 running out and having to implement IPv6 now yes or yes, were all lies {sarcastic}. I don't know if I'll ever see IPv6 before I go gaga.
Yes, that might be too late already :-) There is plenty of IPv6 about, judging by clients accessing our openSUSE mirror, some major users are: Germany (35-40% of all access is IPv6) France (35-40%) Belgium, Greece, Switzerland, Portugal (all 25-30%).
In Europe we find countries with an average of 12%, with Spain being one of the countries in the European Union where there is the least adoption with 0.11%.
On our mirror, Spain IPv6 access is less than 2%. You're not alone, Italy is also around 2%.
With pfSense, you could configure it to use SLAAC or DHCPv6 to assign addresses.
Well, the router is ISP provided and I can not change it, so there is nothing of that. And no point in setting it up, as there is no IPv6 to internet.
You could do what many did in the early beginning - use a tunnel. I think there are still some providers out there. (Hurricane Electric maybe). Wow, just had a look at when I started with an IPv6 tunnel .... 2006. -- Per Jessen, Zürich (22.5°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/08/2019 13.27, Per Jessen wrote:
Carlos E. R. wrote:
You could do what many did in the early beginning - use a tunnel. I think there are still some providers out there. (Hurricane Electric maybe).
Sure. But I do not want to, I have no use for IPv6 till my provider provides it as it is his duty.
Wow, just had a look at when I started with an IPv6 tunnel .... 2006.
:-) -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E. R. wrote:
On 08/08/2019 13.27, Per Jessen wrote:
Carlos E. R. wrote:
You could do what many did in the early beginning - use a tunnel. I think there are still some providers out there. (Hurricane Electric maybe).
Sure. But I do not want to, I have no use for IPv6 till my provider provides it as it is his duty.
Oh okay, I thought you wanted to learn, gain some experience. -- Per Jessen, Zürich (23.4°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/08/2019 15.04, Per Jessen wrote:
Carlos E. R. wrote:
On 08/08/2019 13.27, Per Jessen wrote:
Carlos E. R. wrote:
You could do what many did in the early beginning - use a tunnel. I think there are still some providers out there. (Hurricane Electric maybe).
Sure. But I do not want to, I have no use for IPv6 till my provider provides it as it is his duty.
Oh okay, I thought you wanted to learn, gain some experience.
I'm content with experimenting on my local network. Sigh... I'll have a look. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 08/08/2019 16.23, Carlos E. R. wrote:
On 08/08/2019 15.04, Per Jessen wrote:
Carlos E. R. wrote:
On 08/08/2019 13.27, Per Jessen wrote:
Carlos E. R. wrote:
You could do what many did in the early beginning - use a tunnel. I think there are still some providers out there. (Hurricane Electric maybe).
Sure. But I do not want to, I have no use for IPv6 till my provider provides it as it is his duty.
Oh okay, I thought you wanted to learn, gain some experience.
I'm content with experimenting on my local network.
For example, I have found out that I have to stop nscd for IPv6 name solving to work (as shown on other posts). -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E. R. wrote:
On 08/08/2019 16.23, Carlos E. R. wrote:
On 08/08/2019 15.04, Per Jessen wrote:
Carlos E. R. wrote:
On 08/08/2019 13.27, Per Jessen wrote:
Carlos E. R. wrote:
You could do what many did in the early beginning - use a tunnel. I think there are still some providers out there. (Hurricane Electric maybe).
Sure. But I do not want to, I have no use for IPv6 till my provider provides it as it is his duty.
Oh okay, I thought you wanted to learn, gain some experience.
I'm content with experimenting on my local network.
You may be running into quirks and behaviour not seen elsewhere.
For example, I have found out that I have to stop nscd for IPv6 name solving to work (as shown on other posts).
Hasn't been an issue here, for 10+ years, on a variety of openSUSE versions. I would venture a guess and say nobody else has seen it either. -- Per Jessen, Zürich (26.2°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/08/2019 16.58, Per Jessen wrote:
Carlos E. R. wrote:
On 08/08/2019 16.23, Carlos E. R. wrote:
On 08/08/2019 15.04, Per Jessen wrote:
Carlos E. R. wrote:
On 08/08/2019 13.27, Per Jessen wrote:
Carlos E. R. wrote:
You could do what many did in the early beginning - use a tunnel. I think there are still some providers out there. (Hurricane Electric maybe).
Sure. But I do not want to, I have no use for IPv6 till my provider provides it as it is his duty.
Oh okay, I thought you wanted to learn, gain some experience.
I'm content with experimenting on my local network.
You may be running into quirks and behaviour not seen elsewhere.
For example, I have found out that I have to stop nscd for IPv6 name solving to work (as shown on other posts).
Hasn't been an issue here, for 10+ years, on a variety of openSUSE versions. I would venture a guess and say nobody else has seen it either.
Telcontar:~ # systemctl start nscd Telcontar:~ # ping -6 Isengard ping: Isengard: Name or service not known Telcontar:~ # systemctl stop nscd Telcontar:~ # ping -6 Isengard PING Isengard(Isengard6.valinor (fc00::16)) 56 data bytes 64 bytes from Isengard6.valinor (fc00::16): icmp_seq=1 ttl=64 time=0.424 ms 64 bytes from Isengard6.valinor (fc00::16): icmp_seq=2 ttl=64 time=0.448 ms ^C --- Isengard ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1022ms rtt min/avg/max/mdev = 0.424/0.436/0.448/0.012 ms Telcontar:~ # Same thing happens with ssh -6 -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E. R. wrote:
On 08/08/2019 16.58, Per Jessen wrote:
Carlos E. R. wrote:
On 08/08/2019 16.23, Carlos E. R. wrote:
On 08/08/2019 15.04, Per Jessen wrote:
Carlos E. R. wrote:
On 08/08/2019 13.27, Per Jessen wrote: > Carlos E. R. wrote:
> > You could do what many did in the early beginning - use a > tunnel. I > think there are still some providers out there. (Hurricane > Electric maybe).
Sure. But I do not want to, I have no use for IPv6 till my provider provides it as it is his duty.
Oh okay, I thought you wanted to learn, gain some experience.
I'm content with experimenting on my local network.
You may be running into quirks and behaviour not seen elsewhere.
For example, I have found out that I have to stop nscd for IPv6 name solving to work (as shown on other posts).
Hasn't been an issue here, for 10+ years, on a variety of openSUSE versions. I would venture a guess and say nobody else has seen it either.
Telcontar:~ # systemctl start nscd Telcontar:~ # ping -6 Isengard ping: Isengard: Name or service not known Telcontar:~ # systemctl stop nscd Telcontar:~ # ping -6 Isengard PING Isengard(Isengard6.valinor (fc00::16)) 56 data bytes 64 bytes from Isengard6.valinor (fc00::16): icmp_seq=1 ttl=64 time=0.424 ms 64 bytes from Isengard6.valinor (fc00::16): icmp_seq=2 ttl=64 time=0.448 ms ^C --- Isengard ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1022ms rtt min/avg/max/mdev = 0.424/0.436/0.448/0.012 ms Telcontar:~ #
Same thing happens with ssh -6
test99:~ # systemctl start nscd test99:~ # ping -6 beaufort13.enidan.ch PING beaufort13.enidan.ch(beaufort13.enidan.ch (2a01:4f8:120:14aa::2)) 56 data bytes 64 bytes from beaufort13.enidan.ch (2a01:4f8:120:14aa::2): icmp_seq=1 ttl=51 time=11.7 ms 64 bytes from beaufort13.enidan.ch (2a01:4f8:120:14aa::2): icmp_seq=2 ttl=51 time=11.4 ms test99:~ # systemctl stop nscd test99:~ # ping -6 beaufort13.enidan.ch PING beaufort13.enidan.ch(beaufort13.enidan.ch (2a01:4f8:120:14aa::2)) 56 data bytes 64 bytes from beaufort13.enidan.ch (2a01:4f8:120:14aa::2): icmp_seq=1 ttl=51 time=11.5 ms Of course, if you feel certain it is a bug, open a report, but I think it is more likely a problem in the environment. -- Per Jessen, Zürich (24.1°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/08/2019 20.28, Per Jessen wrote:
Carlos E. R. wrote:
Telcontar:~ # systemctl start nscd Telcontar:~ # ping -6 Isengard ping: Isengard: Name or service not known Telcontar:~ # systemctl stop nscd Telcontar:~ # ping -6 Isengard PING Isengard(Isengard6.valinor (fc00::16)) 56 data bytes 64 bytes from Isengard6.valinor (fc00::16): icmp_seq=1 ttl=64 time=0.424 ms 64 bytes from Isengard6.valinor (fc00::16): icmp_seq=2 ttl=64 time=0.448 ms ^C --- Isengard ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1022ms rtt min/avg/max/mdev = 0.424/0.436/0.448/0.012 ms Telcontar:~ #
Same thing happens with ssh -6
test99:~ # systemctl start nscd test99:~ # ping -6 beaufort13.enidan.ch PING beaufort13.enidan.ch(beaufort13.enidan.ch (2a01:4f8:120:14aa::2)) 56 data bytes 64 bytes from beaufort13.enidan.ch (2a01:4f8:120:14aa::2): icmp_seq=1 ttl=51 time=11.7 ms 64 bytes from beaufort13.enidan.ch (2a01:4f8:120:14aa::2): icmp_seq=2 ttl=51 time=11.4 ms test99:~ # systemctl stop nscd test99:~ # ping -6 beaufort13.enidan.ch PING beaufort13.enidan.ch(beaufort13.enidan.ch (2a01:4f8:120:14aa::2)) 56 data bytes 64 bytes from beaufort13.enidan.ch (2a01:4f8:120:14aa::2): icmp_seq=1 ttl=51 time=11.5 ms
Of course, if you feel certain it is a bug, open a report, but I think it is more likely a problem in the environment.
I don't feel certain of anything, but I do not know where to look. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E. R. wrote:
Of course, if you feel certain it is a bug, open a report, but I think it is more likely a problem in the environment.
I don't feel certain of anything, but I do not know where to look.
Try looking up www.google.com or mirror.hostsuisse.com, use 'host' or 'dig'. That'll ascertain that dns ipv6 lookups work. With nscd running, try with 'ping -6', even if you can't actually ping anything. I am pretty certain that will work. (except for the actual ping). -- Per Jessen, Zürich (20.8°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/08/2019 09.44, Per Jessen wrote:
Carlos E. R. wrote:
Of course, if you feel certain it is a bug, open a report, but I think it is more likely a problem in the environment.
I don't feel certain of anything, but I do not know where to look.
Try looking up www.google.com or mirror.hostsuisse.com, use 'host' or 'dig'. That'll ascertain that dns ipv6 lookups work.
Of course it works. cer@Telcontar:~> host Isengard Isengard.valinor has address 192.168.1.16 Isengard.valinor has IPv6 address fc00::16 <============ cer@Telcontar:~> cer@Telcontar:~> host google.com google.com has address 216.58.206.238 google.com has IPv6 address 2a00:1450:4007:811::200e google.com mail is handled by 20 alt1.aspmx.l.google.com. google.com mail is handled by 10 aspmx.l.google.com. google.com mail is handled by 30 alt2.aspmx.l.google.com. google.com mail is handled by 50 alt4.aspmx.l.google.com. google.com mail is handled by 40 alt3.aspmx.l.google.com. cer@Telcontar:~>
With nscd running, try with 'ping -6', even if you can't actually ping anything. I am pretty certain that will work. (except for the actual ping).
(with nscd off) cer@Telcontar:~> host Isengard Isengard.valinor has address 192.168.1.16 Isengard.valinor has IPv6 address fc00::16 cer@Telcontar:~> ping -v -6 Isengard ping: socket: Permission denied, attempting raw socket... PING Isengard(Isengard6.valinor (fc00::16)) 56 data bytes 64 bytes from Isengard6.valinor (fc00::16): icmp_seq=1 ttl=64 time=0.320 ms 64 bytes from Isengard6.valinor (fc00::16): icmp_seq=2 ttl=64 time=0.340 ms 64 bytes from Isengard6.valinor (fc00::16): icmp_seq=3 ttl=64 time=0.311 ms ^C --- Isengard ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2034ms rtt min/avg/max/mdev = 0.311/0.323/0.340/0.024 ms cer@Telcontar:~> su - Password: Telcontar:~ # systemctl start nscd Telcontar:~ # logout cer@Telcontar:~> ping -v -6 Isengard ping: socket: Permission denied, attempting raw socket... ping: Isengard: Name or service not known cer@Telcontar:~> er@Telcontar:~> ping -v -6 google.com ping: socket: Permission denied, attempting raw socket... connect: Network is unreachable cer@Telcontar:~> -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E. R. wrote:
On 09/08/2019 09.44, Per Jessen wrote:
Carlos E. R. wrote:
Of course, if you feel certain it is a bug, open a report, but I think it is more likely a problem in the environment.
I don't feel certain of anything, but I do not know where to look.
Try looking up www.google.com or mirror.hostsuisse.com, use 'host' or 'dig'. That'll ascertain that dns ipv6 lookups work.
Of course it works.
Seeing as you complained that IPv6 lookups didn't work when nscd was running, I thought it best to check.
cer@Telcontar:~> host Isengard Isengard.valinor has address 192.168.1.16 Isengard.valinor has IPv6 address fc00::16 <============
This is with or without nscd running?
er@Telcontar:~> ping -v -6 google.com ping: socket: Permission denied, attempting raw socket... connect: Network is unreachable
I think that proves my point - it isn't nscd, it's the environment. Clearly ping was able to resolve 'google.com' and tries to ping it, but as you have no default route, the network is unreachable. -- Per Jessen, Zürich (21.9°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/08/2019 10.28, Per Jessen wrote:
Carlos E. R. wrote:
On 09/08/2019 09.44, Per Jessen wrote:
Carlos E. R. wrote:
Of course, if you feel certain it is a bug, open a report, but I think it is more likely a problem in the environment.
I don't feel certain of anything, but I do not know where to look.
Try looking up www.google.com or mirror.hostsuisse.com, use 'host' or 'dig'. That'll ascertain that dns ipv6 lookups work.
Of course it works.
Seeing as you complained that IPv6 lookups didn't work when nscd was running, I thought it best to check.
cer@Telcontar:~> host Isengard Isengard.valinor has address 192.168.1.16 Isengard.valinor has IPv6 address fc00::16 <============
This is with or without nscd running?
Indifferent.
er@Telcontar:~> ping -v -6 google.com ping: socket: Permission denied, attempting raw socket... connect: Network is unreachable
I think that proves my point - it isn't nscd, it's the environment. Clearly ping was able to resolve 'google.com' and tries to ping it, but as you have no default route, the network is unreachable.
I don't care. I simply want it to work, and it doesn't, here. I have no ideas where to look. The only thing I found out, by looking at strace of the ping command, was that nscd was involved. Maybe there is a problem with "fc00::" addresses. Do you have any such to try? strace of "ping -6 -c 1 Isengard" socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4 connect(4, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = 0 sendto(4, "\2\0\0\0\r\0\0\0\6\0\0\0hosts\0", 18, MSG_NOSIGNAL, NULL, 0) = 18 poll([{fd=4, events=POLLIN|POLLERR|POLLHUP}], 1, 5000) = 1 ([{fd=4, revents=POLLIN|POLLHUP}]) recvmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="hosts\0", iov_len=6}, {iov_base="\310O\3\0\0\0\0\0", iov_len=8}], msg_iovlen=2, msg_control=[{cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[5]}], msg_controllen=20, msg_flags=MSG_CMSG_CLOEXEC}, MSG_CMSG_CLOEXEC) = 14 mmap(NULL, 217032, PROT_READ, MAP_SHARED, 5, 0) = 0x7f5834907000 close(5) = 0 close(4) = 0 socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4 connect(4, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = 0 sendto(4, "\2\0\0\0\16\0\0\0\t\0\0\0Isengard\0", 21, MSG_NOSIGNAL, NULL, 0) = 21 poll([{fd=4, events=POLLIN|POLLERR|POLLHUP}], 1, 5000) = 1 ([{fd=4, revents=POLLIN}]) read(4, "\2\0\0\0\1\0\0\0\1\0\0\0\4\0\0\0\21\0\0\0\0\0\0\0", 24) = 24 read(4, "\300\250\1\20\2Isengard.valinor\0", 22) = 22 <================= close(4) = 0 write(2, "ping: Isengard: Name or service "..., 42) = 42 exit_group(2) = ? +++ exited with 2 +++ strace of "ping -6 -c 1 google.com" connect(4, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = 0 sendto(4, "\2\0\0\0\r\0\0\0\6\0\0\0hosts\0", 18, MSG_NOSIGNAL, NULL, 0) = 18 poll([{fd=4, events=POLLIN|POLLERR|POLLHUP}], 1, 5000) = 1 ([{fd=4, revents=POLLIN|POLLHUP}]) recvmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="hosts\0", iov_len=6}, {iov_base="\310O\3\0\0\0\0\0", iov_len=8}], msg_iovlen=2, msg_control=[{cmsg_len=20, cmsg_level=SOL_SOCKET, cmsg_type=SCM_RIGHTS, cmsg_data=[5]}], msg_controllen=20, msg_flags=MSG_CMSG_CLOEXEC}, MSG_CMSG_CLOEXEC) = 14 mmap(NULL, 217032, PROT_READ, MAP_SHARED, 5, 0) = 0x7f151c775000 close(5) = 0 close(4) = 0 socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 4 connect(4, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = 0 sendto(4, "\2\0\0\0\16\0\0\0\v\0\0\0google.com\0", 23, MSG_NOSIGNAL, NULL, 0) = 23 poll([{fd=4, events=POLLIN|POLLERR|POLLHUP}], 1, 5000) = 1 ([{fd=4, revents=POLLIN|POLLHUP}]) read(4, "\2\0\0\0\1\0\0\0\2\0\0\0\24\0\0\0\v\0\0\0\0\0\0\0", 24) = 24 read(4, "*\0\24P@\7\10\21\0\0\0\0\0\0 \16\254\331\22\316\n\2google.com"..., 33) = 33 <================= close(4) = 0 socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 4 connect(4, {sa_family=AF_INET6, sin6_port=htons(1025), inet_pton(AF_INET6, "2a00:1450:4007:811::200e", &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = -1 ENETUNREACH (Network is unreachable) dup(2) = 5 fcntl(5, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) fstat(5, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 29), ...}) = 0 write(5, "connect: Network is unreachable\n", 32) = 32 close(5) = 0 exit_group(2) = ? +++ exited with 2 +++ The arrow marks what I think is the reply from nscd. When it is running, it does not give the IPv6 answer for Isengard, so ping fails with "Name or service not known". Why, I have no idea. Another one (nscd running): Telcontar:~ # ping -6 telcontar ping: telcontar: Name or service not known Telcontar:~ # host telcontar Telcontar.valinor has address 192.168.1.14 Telcontar.valinor has IPv6 address fc00::14 Telcontar.valinor mail is handled by 10 Telcontar.valinor. Telcontar:~ # -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E. R. wrote:
er@Telcontar:~> ping -v -6 google.com ping: socket: Permission denied, attempting raw socket... connect: Network is unreachable
I think that proves my point - it isn't nscd, it's the environment. Clearly ping was able to resolve 'google.com' and tries to ping it, but as you have no default route, the network is unreachable.
I don't care.
Well, it is important though - it tells you where to look, in your environment. What you have created.
Maybe there is a problem with "fc00::" addresses. Do you have any such to try?
I'm just trying it now - I have defined a name "carlos.example.com" = fc00::1234 - # nscd -i hosts # host carlos.example.com carlos.example.com has IPv6 address fc00::1234 # ping carlos.example.com PING carlos.example.com(fc00::1234 (fc00::1234)) 56 data bytes Is there any chance your nscd is caching a negative lookup from earlier? -- Per Jessen, Zürich (23.3°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/08/2019 11.29, Per Jessen wrote:
Carlos E. R. wrote:
er@Telcontar:~> ping -v -6 google.com ping: socket: Permission denied, attempting raw socket... connect: Network is unreachable
I think that proves my point - it isn't nscd, it's the environment. Clearly ping was able to resolve 'google.com' and tries to ping it, but as you have no default route, the network is unreachable.
I don't care.
Well, it is important though - it tells you where to look, in your environment. What you have created.
sure, but that is not my meaning :-) No matter if the issue is inside or outside, configuration or bug, I want to resolve it. Thus, I don't care what it is. Not that I don't care about resolving it. I don't care what the cause is. Sure, it is configuration related - either bad config or bug triggered by the local config.
Maybe there is a problem with "fc00::" addresses. Do you have any such to try?
I'm just trying it now - I have defined a name "carlos.example.com" = fc00::1234 -
# nscd -i hosts # host carlos.example.com carlos.example.com has IPv6 address fc00::1234 # ping carlos.example.com PING carlos.example.com(fc00::1234 (fc00::1234)) 56 data bytes
Is there any chance your nscd is caching a negative lookup from earlier?
No, as I have it stopped and restarted several times. This is its configuration: Telcontar:~ # cat /etc/nscd.conf | egrep -v "^[[:space:]]*$|^#" | grep hosts enable-cache hosts yes positive-time-to-live hosts 600 negative-time-to-live hosts 0 suggested-size hosts 211 check-files hosts yes persistent hosts no shared hosts yes max-db-size hosts 33554432 Telcontar:~ # The whole one: Telcontar:~ # cat /etc/nscd.conf | egrep -v "^[[:space:]]*$|^#" server-user nscd debug-level 0 paranoia no enable-cache passwd yes positive-time-to-live passwd 600 negative-time-to-live passwd 20 suggested-size passwd 211 check-files passwd yes persistent passwd yes shared passwd yes max-db-size passwd 33554432 auto-propagate passwd yes enable-cache group yes positive-time-to-live group 3600 negative-time-to-live group 60 suggested-size group 211 check-files group yes persistent group yes shared group yes max-db-size group 33554432 auto-propagate group yes enable-cache hosts yes positive-time-to-live hosts 600 negative-time-to-live hosts 0 suggested-size hosts 211 check-files hosts yes persistent hosts no shared hosts yes max-db-size hosts 33554432 enable-cache services yes positive-time-to-live services 28800 negative-time-to-live services 20 suggested-size services 211 check-files services yes persistent services yes shared services yes max-db-size services 33554432 enable-cache netgroup yes positive-time-to-live netgroup 28800 negative-time-to-live netgroup 20 suggested-size netgroup 211 check-files netgroup yes persistent netgroup yes shared netgroup yes max-db-size netgroup 33554432 Telcontar:~ # From Isengard to Telcontar, it works - but it uses dnsmasq instead of bind. AND, Isengard has: enable-cache hosts no (that's the single different line) I'll enable it. [...] It keeps working. Telcontar:~ # egrep -v "^[[:space:]]*$|^#" /etc/hosts.conf order hosts, bind multi on Telcontar:~ # Isengard:~ # egrep -v "^[[:space:]]*$|^#" /etc/hosts.conf grep: /etc/hosts.conf: No such file or directory Isengard:~ # I think it then uses another file, but I forget which. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-09 04:58 AM, Carlos E. R. wrote:
Maybe there is a problem with "fc00::" addresses. Do you have any such to try?
There is nothing special with those. They are the IPv6 equivalent of the IPv4 RFC1918 addresses. I use them here as well as my global addresses. Here is one from my computer as an example: fd48:1a37:2160:0:3a:144:2a16:71cb My DNS has no problem dealing with them at all. Incidentally, there is a minor difference between fc and fd addresses. The fc block is supposed to come from some server somewhere, to ensure there's no overlap with someone else. With the fd block, you create your own prefix. Beyond that, there's no difference. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 2019-08-09 04:58 AM, Carlos E. R. wrote:
Maybe there is a problem with "fc00::" addresses. Do you have any such to try?
There is nothing special with those. They are the IPv6 equivalent of the IPv4 RFC1918 addresses. I use them here as well as my global addresses.
Here is one from my computer as an example: fd48:1a37:2160:0:3a:144:2a16:71cb
My DNS has no problem dealing with them at all.
Incidentally, there is a minor difference between fc and fd addresses. The fc block is supposed to come from some server somewhere, to ensure there's no overlap with someone else.
That was never implemented, afaik. -- Per Jessen, Zürich (30.7°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-09 10:06 AM, Per Jessen wrote:
Incidentally, there is a minor difference between fc and fd addresses. The fc block is supposed to come from some server somewhere, to ensure there's no overlap with someone else. That was never implemented, afaik.
That is my understanding too. However, that is the "official" position. Either way, I doubt it will make much difference whether he uses fc or fd. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/08/2019 14.53, James Knott wrote:
On 2019-08-09 04:58 AM, Carlos E. R. wrote:
Maybe there is a problem with "fc00::" addresses. Do you have any such to try?
There is nothing special with those. They are the IPv6 equivalent of the IPv4 RFC1918 addresses. I use them here as well as my global addresses.
Here is one from my computer as an example: fd48:1a37:2160:0:3a:144:2a16:71cb
My DNS has no problem dealing with them at all.
Incidentally, there is a minor difference between fc and fd addresses. The fc block is supposed to come from some server somewhere, to ensure there's no overlap with someone else. With the fd block, you create your own prefix. Beyond that, there's no difference.
I take it that as my entries are invented, I should have fd addresses? Well, it makes no difference. Telcontar:~ # mcedit /etc/named/zone/valinor (failed reverse-i-search)`bind': mcedit ~/^Cn/bckall2mybook Telcontar:~ # systemctl reload named Telcontar:~ # cat /etc/nscd.conf | egrep -v "^[[:space:]]*$|^#"^C Telcontar:~ # ping -6 Isengard ping: Isengard: Name or service not known Telcontar:~ # systemctl reload nscd Telcontar:~ # ping -6 Isengard ping: Isengard: Name or service not known Telcontar:~ # systemctl restart named Telcontar:~ # ping -6 Isengard ping: Isengard: Name or service not known Telcontar:~ # systemctl restart nscd Telcontar:~ # The address does resolve: Telcontar:~ # host Isengard Isengard.valinor has address 192.168.1.16 Isengard.valinor has IPv6 address fd00::16 Telcontar:~ # Of course, as I have not changed the actual address of the machine: Telcontar:~ # ping -6 fd00::16 connect: Network is unreachable Telcontar:~ # Telcontar:~ # dig Isengard ; <<>> DiG 9.11.2 <<>> Isengard ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2739 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 29978b6c8a21268a716110005d4d9e977195f1db4b9d9811 (good) ;; QUESTION SECTION: ;Isengard. IN A ;; AUTHORITY SECTION: . 8974 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019080901 1800 900 604800 86400 ;; Query time: 33 msec ;; SERVER: 192.168.1.14#53(192.168.1.14) ;; WHEN: Fri Aug 09 18:25:59 CEST 2019 ;; MSG SIZE rcvd: 140 Telcontar:~ # dig is not answering " fd00::16" :-? Maybe it only asks for the "A", not the "AAAA". I prefer the host -v command: Telcontar:~ # host -v Isengard Trying "Isengard.valinor" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32981 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION: ;Isengard.valinor. IN A ;; ANSWER SECTION: Isengard.valinor. 86400 IN A 192.168.1.16 ;; AUTHORITY SECTION: valinor. 86400 IN NS Telcontar.valinor. ;; ADDITIONAL SECTION: Telcontar.valinor. 86400 IN A 192.168.1.14 Telcontar.valinor. 86400 IN AAAA fd00::14 Received 118 bytes from 192.168.1.14#53 in 0 ms Trying "Isengard.valinor" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11391 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; QUESTION SECTION: ;Isengard.valinor. IN AAAA ;; ANSWER SECTION: Isengard.valinor. 86400 IN AAAA fd00::16 ;; AUTHORITY SECTION: valinor. 86400 IN NS Telcontar.valinor. ;; ADDITIONAL SECTION: Telcontar.valinor. 86400 IN A 192.168.1.14 Telcontar.valinor. 86400 IN AAAA fd00::14 Received 130 bytes from 192.168.1.14#53 in 0 ms Trying "Isengard.valinor" ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38238 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;Isengard.valinor. IN MX ;; AUTHORITY SECTION: valinor. 86400 IN SOA Telcontar.valinor. root.Telcontar.valinor. 2019080901 28800 7200 604800 86400 Received 85 bytes from 192.168.1.14#53 in 0 ms Telcontar:~ # -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-09 12:30 PM, Carlos E. R. wrote:
Well, it makes no difference.
I aleady said that. The original intent of the fc block is that you'd get your prefix from a server, where you could choose one that wasn't in use, so as to avoid any possible conflict with other networks you might connect to. The fd block is your choice, without any consideration of what someone else might use. That is the extent of the difference and, as mentioned in another note, that server method doesn't appear to have been implemented. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/08/2019 18.48, James Knott wrote:
On 2019-08-09 12:30 PM, Carlos E. R. wrote:
Well, it makes no difference.
I aleady said that. The original intent of the fc block is that you'd get your prefix from a server, where you could choose one that wasn't in use, so as to avoid any possible conflict with other networks you might connect to. The fd block is your choice, without any consideration of what someone else might use. That is the extent of the difference and, as mentioned in another note, that server method doesn't appear to have been implemented.
Not saying you said "that" :-) I'm grasping at straws here. Hopping that some old bug of behaviour in some software worked differently based on those addresses. So I tried, just in case... -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-09 01:02 PM, Carlos E.R. wrote:
Not saying you said "that" :-)
I'm grasping at straws here. Hopping that some old bug of behaviour in some software worked differently based on those addresses. So I tried, just in case...
Those addresses are not the issue. With DNS, there's no difference between them and any other routeable address. Don't forget, the DNS only returns addresses, that is strings of digits. It makes no difference what those digits are. What you are implying is that on IPv4, a DNS server would choke on RFC1918 addresses. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/08/2019 19.13, James Knott wrote:
On 2019-08-09 01:02 PM, Carlos E.R. wrote:
Not saying you said "that" :-)
I'm grasping at straws here. Hopping that some old bug of behaviour in some software worked differently based on those addresses. So I tried, just in case...
Those addresses are not the issue. With DNS, there's no difference between them and any other routeable address. Don't forget, the DNS only returns addresses, that is strings of digits. It makes no difference what those digits are. What you are implying is that on IPv4, a DNS server would choke on RFC1918 addresses.
As I said, I'm grasping on straws. The program that fails is "ping -6 Isengard", claims no name found. If I stop nscd it works. But "ping -6 google.com" works (at least it finds the name). -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E. R. wrote:
On 09/08/2019 19.13, James Knott wrote:
On 2019-08-09 01:02 PM, Carlos E.R. wrote:
Not saying you said "that" :-)
I'm grasping at straws here. Hopping that some old bug of behaviour in some software worked differently based on those addresses. So I tried, just in case...
Those addresses are not the issue. With DNS, there's no difference between them and any other routeable address. Don't forget, the DNS only returns addresses, that is strings of digits. It makes no difference what those digits are. What you are implying is that on IPv4, a DNS server would choke on RFC1918 addresses.
As I said, I'm grasping on straws.
The program that fails is "ping -6 Isengard", claims no name found. If I stop nscd it works. But "ping -6 google.com" works (at least it finds the name).
So something is wrong with your DNS setup. IIRC, you're also using /etc/hosts - clear out anything to do with Isengard, if anything. -- Per Jessen, Zürich (26.1°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 09/08/2019 21.28, Per Jessen wrote:
Carlos E. R. wrote:
On 09/08/2019 19.13, James Knott wrote:
On 2019-08-09 01:02 PM, Carlos E.R. wrote:
Not saying you said "that" :-)
I'm grasping at straws here. Hopping that some old bug of behaviour in some software worked differently based on those addresses. So I tried, just in case...
Those addresses are not the issue. With DNS, there's no difference between them and any other routeable address. Don't forget, the DNS only returns addresses, that is strings of digits. It makes no difference what those digits are. What you are implying is that on IPv4, a DNS server would choke on RFC1918 addresses.
As I said, I'm grasping on straws.
The program that fails is "ping -6 Isengard", claims no name found. If I stop nscd it works. But "ping -6 google.com" works (at least it finds the name).
So something is wrong with your DNS setup. IIRC, you're also using /etc/hosts - clear out anything to do with Isengard, if anything.
That was it! Why? But this has a new problem: the localhost. This machine is called "Telcontar", so obviously hosts has an entry for it: 192.168.1.14 Telcontar.valinor Telcontar fc00::14 Telcontar6.valinor Telcontar6 I have to remove both for ping -6 to work, but if I do, other things will stop working - I don't remember which, perhaps postfix. On the other hand, on Isengard /etc/hosts has those entries, and they work - with dnsmasq, which reads that file precisely. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-08 07:27 AM, Per Jessen wrote:
Wow, just had a look at when I started with an IPv6 tunnel .... 2006.
I started with a tunnel in 2009. My ISP has been providing it for almost 4 years. Here's some IPv6 deployment info: https://www.google.com/intl/en/ipv6/statistics.html https://en.wikipedia.org/wiki/IPv6_deployment -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
Solved that part. But I still can not connect on IPv6, maybe it doesn't like link local addresses.
Telcontar:~ # ping -6 isengard connect: Invalid argument Telcontar:~ # ping -4 isengard PING Isengard.valinor (192.168.1.16) 56(84) bytes of data. 64 bytes from Isengard.valinor (192.168.1.16): icmp_seq=1 ttl=64 time=0.297 ms 64 bytes from Isengard.valinor (192.168.1.16): icmp_seq=2 ttl=64 time=0.296 ms ^C --- Isengard.valinor ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1011ms rtt min/avg/max/mdev = 0.296/0.296/0.297/0.017 ms Telcontar:~ #
cer@Telcontar:~> ssh -6 -X root@Isengard.valinor ssh: connect to host isengard.valinor port 22: Invalid argument cer@Telcontar:~>
The old problem :-(
cer@Telcontar:~> ping fe80::4ecc:6aff:fe61:50a1 connect: Invalid argument cer@Telcontar:~> ping "fe80::4ecc:6aff:fe61:50a1" connect: Invalid argument
Yes, you have to specify the interface when trying to use a link-local address. -- Per Jessen, Zürich (19.4°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2019-08-07 at 17:25 +0200, Per Jessen wrote:
Carlos E. R. wrote:
...
The old problem :-(
cer@Telcontar:~> ping fe80::4ecc:6aff:fe61:50a1 connect: Invalid argument cer@Telcontar:~> ping "fe80::4ecc:6aff:fe61:50a1" connect: Invalid argument
Yes, you have to specify the interface when trying to use a link-local address.
I guess that is not doable on named. - -- Cheers, Carlos E. R. (from openSUSE 15.0 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXUslbRwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVtNEAn1Ve69OTW/L12QZzCfs/ QjcAMT55AJwIHw8Cc4rx0sfE+MnmJRQZU8iymQ== =FIUn -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On Wednesday, 2019-08-07 at 17:25 +0200, Per Jessen wrote:
Carlos E. R. wrote:
...
The old problem :-(
cer@Telcontar:~> ping fe80::4ecc:6aff:fe61:50a1 connect: Invalid argument cer@Telcontar:~> ping "fe80::4ecc:6aff:fe61:50a1" connect: Invalid argument
Yes, you have to specify the interface when trying to use a link-local address.
I guess that is not doable on named.
Huh? where does named come into it? -- Per Jessen, Zürich (21.9°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/08/2019 13.10, Per Jessen wrote:
Carlos E. R. wrote:
On Wednesday, 2019-08-07 at 17:25 +0200, Per Jessen wrote:
Carlos E. R. wrote:
...
The old problem :-(
cer@Telcontar:~> ping fe80::4ecc:6aff:fe61:50a1 connect: Invalid argument cer@Telcontar:~> ping "fe80::4ecc:6aff:fe61:50a1" connect: Invalid argument
Yes, you have to specify the interface when trying to use a link-local address.
I guess that is not doable on named.
Huh? where does named come into it?
See again. I'm trying to use ping by name. The name is resolved by named. I can not tell named to answer and IP plus an interface to use, that's absurd. However, you are getting lost in the forest of mails ;-) I solved that part. It turns out that it works if I stop nscd. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 07/08/2019 11.59, Per Jessen wrote:
Carlos E. R. wrote:
On 07/08/2019 08.50, Per Jessen wrote:
James Knott wrote:
Now that you've switched, what does "ntpq -pn" tell you?
I have just enabled and configured ntpd on a test machine, eventually it also prefers IPv4, but that's because it has a higher stratum:
# ntpq -pn remote refid st t when poll reach delay offset jitter
==============================================================================
+192.168.2.254 .DCFa. 1 u 37 64 77 0.222 8.747 6.018 *fe80::202:a5ff: 192.168.2.254 2 b 14 16 376 0.115 4.498 2.684
I don't remember why the IPv6 address only is stratum 2, but there is some explanation.
So that I can try, how does ntp know that a server has both IPv4 and 6 on the same network? By setting both addresses on the dns server?
Yes, exactly. Or in my case, I use ipv6 multicast. If you just specify one server in ntp.conf, I think you also only ought to see one opf the addresses.
Ok, now that my DNS gives two addresses for my lan ntpd server: Telcontar:~ # host Isengard Isengard.valinor has address 192.168.1.16 Isengard.valinor has IPv6 address fc00::16 Telcontar:~ # After restarting the daemons in both server and desktop, I do not see them using Isengard IPv6 address: Telcontar:~ # ntpq -pn remote refid st t when poll reach delay offset jitter ============================================================================== 127.127.1.0 .LOCL. 10 l 94 64 2 0.000 0.000 0.000 *192.168.1.16 213.251.52.234 3 u 25 64 3 0.093 -1.828 1.151 <==== 80.58.60.23 172.20.47.7 5 u 27 64 3 13.652 1.925 0.956 178.255.228.77 194.80.204.184 2 u 25 64 3 15.678 -0.310 0.637 193.136.152.71 145.238.203.14 2 u 27 64 3 93.899 -2.632 0.801 91.212.242.21 .INIT. 16 u - 64 0 0.000 0.000 0.000 147.156.7.26 66.78.223.230 2 u 29 64 3 31.254 -2.310 0.747 195.141.190.190 10.17.10.20 3 u 27 64 3 59.500 3.168 0.806 37.187.5.167 138.96.64.10 2 u 25 64 3 32.093 -1.476 0.848 195.154.223.198 193.11.166.36 2 u 28 64 3 44.454 2.866 0.987 213.251.52.234 193.0.0.229 2 u 29 64 3 14.637 -1.435 1.039 84.16.73.33 .GPS. 1 u 30 64 3 39.297 -2.728 0.918 212.83.158.83 145.238.203.14 2 u 27 64 3 33.076 -2.047 0.918 85.199.214.98 .GPS. 1 u 30 64 3 46.302 -0.124 0.924 Telcontar:~ # -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-07 05:15 AM, Carlos E. R. wrote:
So that I can try, how does ntp know that a server has both IPv4 and 6 on the same network? By setting both addresses on the dns server?
The DNS server returns A and AAAA records for IPv4 and IPv6. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-07 02:50 AM, Per Jessen wrote:
Now that you've switched, what does "ntpq -pn" tell you?
I'm running ntpd on my desktop and it fails with "No association ID's returned".
I have just enabled and configured ntpd on a test machine, eventually it also prefers IPv4, but that's because it has a higher stratum:
# ntpq -pn remote refid st t when poll reach delay offset jitter ============================================================================== +192.168.2.254 .DCFa. 1 u 37 64 77 0.222 8.747 6.018 *fe80::202:a5ff: 192.168.2.254 2 b 14 16 376 0.115 4.498 2.684
I don't remember why the IPv6 address only is stratum 2, but there is some explanation.
I just checked and see ntpd is not making any requests, other than when I tell it to test the server. So, something is keeping ntpd from working. Ntp and Chrony are both installed, but only ntpd is running. My notebook, running Chrony is working fine. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 07/08/2019 15.56, James Knott wrote:
On 2019-08-07 02:50 AM, Per Jessen wrote:
I just checked and see ntpd is not making any requests, other than when I tell it to test the server. So, something is keeping ntpd from working.
systemctl status ntpd see the log. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-07 09:59 AM, Carlos E. R. wrote:
systemctl status ntpd 7 Aug 10:04:06 ntpd[7733]: Listen and drop on 0 v6wildcard [::]:123 7 Aug 10:04:06 ntpd[7733]: Listen and drop on 1 v4wildcard 0.0.0.0:123 7 Aug 10:04:06 ntpd[7733]: Listen normally on 2 lo 127.0.0.1:123 7 Aug 10:04:06 ntpd[7733]: Listen normally on 3 eth0 172.16.0.10:123 7 Aug 10:04:06 ntpd[7733]: Listen normally on 4 lo [::1]:123 7 Aug 10:04:06 ntpd[7733]: Listen normally on 5 eth0 [2607:fea8:4c80:600:8400:3372:3c57 :8777]:123 7 Aug 10:04:06 ntpd[7733]: Listen normally on 6 eth0 [fd48:1a37:2160:0:8400:3372:3c57:8 777]:123 7 Aug 10:04:06 ntpd[7733]: Listen normally on 7 eth0 [2607:fea8:4c80:600:b4b8:549f:d3d0 :1bec]:123 7 Aug 10:04:06 ntpd[7733]: Listen normally on 8 eth0 [2607:fea8:4c80:600:76d4:35ff:fe5b :f5fa]:123 7 Aug 10:04:06 ntpd[7733]: Listen normally on 9 eth0 [fd48:1a37:2160:0:b4b8:549f:d3d0:1 bec]:123 7 Aug 10:04:06 ntpd[7733]: Listen normally on 10 eth0 [fd48:1a37:2160:0:76d4:35ff:fe5b: f5fa]:123 7 Aug 10:04:06 ntpd[7733]: Listen normally on 11 eth0 [fe80::76d4:35ff:fe5b:f5fa%2]:123 7 Aug 10:04:06 ntpd[7733]: Listening on routing socket on fd #28 for interface updates 7 Aug 10:04:06 ntpd[7733]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized 7 Aug 10:04:06 ntpd[7733]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
Also, from the command prompt. # systemctl status ntpd ● ntpd.service - NTP Server Daemon Loaded: loaded (/usr/lib/systemd/system/ntpd.service; disabled; vendor preset: disab> Drop-In: /run/systemd/generator/ntpd.service.d └─50-insserv.conf-$time.conf Active: active (running) since Wed 2019-08-07 10:04:06 EDT; 27s ago Docs: man:ntpd(1) Process: 7727 ExecStart=/usr/sbin/start-ntpd start (code=exited, status=0/SUCCESS) Main PID: 7733 (ntpd) Tasks: 2 (limit: 4915) CGroup: /system.slice/ntpd.service ├─7733 /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid -g -u ntp:ntp -c /etc/ntp.conf └─7734 ntpd: asynchronous dns resolver Aug 07 10:04:05 linux systemd[1]: Starting NTP Server Daemon... Aug 07 10:04:06 linux ntpd[7732]: ntpd 4.2.8p13@1.3847-o (1): Starting Aug 07 10:04:06 linux ntpd[7732]: Command line: /usr/sbin/ntpd -p /var/run/ntp/ntpd.pid> Aug 07 10:04:06 linux ntpd[7733]: proto: precision = 0.041 usec (-24) Aug 07 10:04:06 linux ntpd[7733]: basedate set to 2019-02-27 Aug 07 10:04:06 linux ntpd[7733]: gps base set to 2019-03-03 (week 2043) Aug 07 10:04:06 linux ntpd[7733]: switching logging to file /var/log/ntp Aug 07 10:04:06 linux start-ntpd[7727]: Starting network time protocol daemon (NTPD) Aug 07 10:04:06 linux systemd[1]: Started NTP Server Daemon. lines 1-22/22 (END) Despite all that, there are still no requests from ntpd. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-06 01:53 PM, Per Jessen wrote:
What does "ntpq -pn" show? Just out of curiousity.
On my ThinkPad (15.0), with Chrony running, that command doesn't work, but it does with ntp. On my desktop (15.1), I get an error # ntpq -pn No association ID's returned -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 06/08/2019 21.54, James Knott wrote:
On 2019-08-06 01:53 PM, Per Jessen wrote:
What does "ntpq -pn" show? Just out of curiousity.
On my ThinkPad (15.0), with Chrony running, that command doesn't work, but it does with ntp. On my desktop (15.1), I get an error # ntpq -pn No association ID's returned
That command is to be used only against a working ntpd daemon. You can use it to query the one at your firewall, but not your local chronny. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-06 03:58 PM, Carlos E. R. wrote:
That command is to be used only against a working ntpd daemon. You can use it to query the one at your firewall, but not your local chronny.
It works on my ThinkPad, when it's running ntp. With Chrony, I get connection refused. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 2019-08-06 03:58 PM, Carlos E. R. wrote:
That command is to be used only against a working ntpd daemon. You can use it to query the one at your firewall, but not your local chronny.
It works on my ThinkPad, when it's running ntp. With Chrony, I get connection refused.
ntpq is for ntpd, for chrony there is no doubt some other command to do the same. -- Per Jessen, Zürich (19.9°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (6)
-
Carlos E. R. -
Carlos E.R. -
gumb -
James Knott -
Patrick Shanahan -
Per Jessen