Hi all, I recently signed up to Bigpipe and decided to give the IPv6 beta a try. Ubnt edgerouter platform, for the most part all good after a few tweaks to my configuration.
TL;DR: Open question: are the Bigpipe DNS servers firewalled with a whitelist that only includes address space that they are allocating the /60 prefixes from? Should we be able to query Bigpipe DNS servers from /128 autoconfigure addresses on our routers?
When I was first configuring for the prefix-delegation, things didn't seem to be lighting up so I added ipv6 autoconf address to pppoe0 (the WAN interface). Bingo, I saw a new /128 address on that interface and /60 PD lit up straight away and I saw a /64 assignment on the LAN interface that I had selected for testing. I attached a client device and straight away, full noise v6 around the LAN and to the Internet, everything "just works". Excellent!
However, after that I started noticing a delay at the login prompt to the router. Long story short, this is a reverse DNS timeout causing the delay, i.e. the router is attempting to lookup my client IP address (it will show my the qualified hostname or just the IP address in the welcome banner next time I login)
tcpdump to the rescue to have a look at the packet flow. What's the story here?
- Info: the router has learned some IPv6 nameservers so it prefers those now, i.e. Bigpipe DNS 2403:9800:c041:1000::[a|b]
- Test: Two way DNS traffic? Fail. Queries are going out but no response coming back.
- Test: Ping? Pass. I get an echo from 2403:9800:c041:1000::a
- Test: Alternative DNS server (OpenDNS). Pass! I can resolve DNS from my router by using 2620:0:ccc::2
- Test: LAN IPv6 client device -> Bigpipe DNS. Pass! I get DNS replies over IPv6 from Bigpipe DNS.
So it seems to be specifically querying Bigpipe DNS servers from my router's /128 address will fail with no reply.
Related message snips from what I've found in this thread already:
AKLWestie:
---
I can use linux's host command to do a DNS lookup.
thedr@myerl3:~/zone$ host www.geekzone.co.nz
www.geekzone.co.nz has address 104.24.3.14
www.geekzone.co.nz has address 104.24.2.14
www.geekzone.co.nz has IPv6 address 2400:cb00:2048:1::6818:20e
www.geekzone.co.nz has IPv6 address 2400:cb00:2048:1::6818:30e
**********
However, if I do the same using bigpipe's DNSv6 servers, it said the servers cannot be reached.
thedr@myerl3:~/zone$ host www.geekzone.co.nz 2403:9800:c041:1000::a
;; connection timed out; no servers could be reached
thedr@myerl3:~/zone$ host www.geekzone.co.nz 2403:9800:c041:1000::b
;; connection timed out; no servers could be reached
**********
But the v4 version of DNS servers work.
----
hashbrown:
3. Bigpipe didn't assign you the /128 public on your PPPoE interface. They assign you a /60 to do with what you will. Your router decided to allocate that address. Using the MAC is fine for the last 48bits of the address, and is expected behavior. I'm more interested that it allocated a public address to that interface, as your config doesn't seem to request it and technically it's not necessary. Probably an edgerouter quirk and unlikely to be hurting anything as it's a /128.
michaelmurfy:
having a /128 allocated on your external interface is normal. If it is all working you'll note /64's allocated on your internal interfaces.
ID Verified
Trusted
BigPipe
i.e. different network 
