Sep 212018
 

Sooo, my TP-Link Archer C8 AC1750 Gigabit router decided to not play nice after a short power outage. Didn’t do much anyway except keep a couple of machines in a their own little subnet in which the pi-hole was located.

Replaced it with… NETGEAR GS108Tv2 8-Port Gigabit managed switch and flatten the network a little. Everything was peachy with that set up, but the pihole was still on 172.16.0.0/24… reconfigured that with pihole -r and all looked well except for the pi-hole could not ping outside of the LAN. Grrr! Much hair pulling until…

pi@pihole:~ $ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
From 192.168.2.101 icmp_seq=1 Destination Host Unreachable
^Z
[11]+  Stopped                 ping 1.1.1.1
pi@pihole:~ $ clear

pi@pihole:~ $ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         172.16.0.1      0.0.0.0         UG    202    0        0 eth0
default         192.168.2.1     0.0.0.0         UG    303    0        0 wlan0
default         192.168.2.1     0.0.0.0         UG    304    0        0 wlan1
192.168.2.0     0.0.0.0         255.255.255.0   U     202    0        0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U     303    0        0 wlan0
192.168.2.0     0.0.0.0         255.255.255.0   U     304    0        0 wlan1

.
.
.
pi@pihole:~ $ sudo route del -net 0.0.0.0 gw 172.16.0.1 metric 202 dev eth0
.
.
.
pi@pihole:~ $ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.2.1     0.0.0.0         UG    303    0        0 wlan0
default         192.168.2.1     0.0.0.0         UG    304    0        0 wlan1
192.168.2.0     0.0.0.0         255.255.255.0   U     202    0        0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U     303    0        0 wlan0
192.168.2.0     0.0.0.0         255.255.255.0   U     304    0        0 wlan1
pi@pihole:~ $ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=59 time=20.9 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=59 time=21.3 ms

DICE!

Lord knows when I purchased the Archer, but it was a good few years ago, and I sure as eggs didn’t spent that much on it. What gives?

Jun 162018
 

Getting pretty annoyed with keeping track of which browser on which machine has which add blockers installed, so it’s time for a more holistic approach. Enter, stage left, the Pi-hole. In short it:

…acts as a forwarding DNS server, which means if it doesn’t know where a domain is, it has to forward your query to another server that does. When you install Pi-hole, it knows where the ad-serving domains are (because you tell it), so it doesn’t forward those requests.

With a Rapsberry Pi 3 model b and a 64GB micro SD card, a set-up that is beefier than it needs to be, but who knows what the Pi will be used for in the future…

#1 Get Raspbian, and format micro SD card— after much jiggling with the unlock tab on the adapter and delicately repeatedly inserting-half-inserting into 2012 Macbook Pro’s gunked-up card reader port…

$ wget http://director.downloads.raspberrypi.org/raspbian/images/raspbian-2018-04-19/2018-04-18-raspbian-stretch.zip

$ unzip -a 2018-04-18-raspbian-stretch.zip

$ diskutil list
...
/dev/disk3 (internal, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:     FDisk_partition_scheme                        *62.0 GB    disk3
   1:               Windows_NTFS                         62.0 GB    disk3s1

$ sudo diskutil eraseDisk FAT32 RASPBIAN MBRFormat /dev/disk3
...
Finished erase on disk3

$ df -h
/dev/disk3s1    62Gi  1.5Mi   62Gi     1%       0                   0  100%   /Volumes/RASPBIAN

$ sudo diskutil unmount /dev/disk3s1
Volume RASPBIAN on disk3s1 unmounted

$ sudo dd if=/Users/yearluk/Downloads/2018-04-18-raspbian-stretch.img of=/dev/disk3 bs=4m

#2 First boot on the Pi, change hostname, and run the installer…

$ sudo apt update
$ sudo apt upgrade
$ sudo nano /etc/hostname
pihole
...
$ curl -sSL https://install.pi-hole.net | bash

#3 Select eth0 as the interface, and 1.1.1.1 (Cloudflare) and 8.8.8.8 (Google) as the upstream DNS providers.

IP: 192.168.2.23/24
Default Gateway: 192.168.2.1

Log queries and select web-gui option.

admin password xxxxxxx

install log at /etc/pihole/install.log

web gui 192.168.2.23/admin

As easy as Pi 🙂

Set up SSH and VNC access (just a couple of checkboxes in Raspberian’s GUI), enable wi-fi (DCHP– 192.168.0.104)

Expand blacklists…

curl -s https://tspprs.com/dl/fraud | pihole -g
curl -s https://tspprs.com/dl/ads | pihole -g
curl -s https://tspprs.com/dl/spam | pihole -g
curl -s https://tspprs.com/dl/scam | pihole -g
curl -s https://tspprs.com/dl/ransomware | pihole -g
curl -s https://tspprs.com/dl/phishing | pihole -g
curl -s https://tspprs.com/dl/tracking | pihole -g

Unbound and setting up resolving/recursive DNS (rather than merely forwarding)

What’s the difference? With forwarding, if a name has not been previously associated with an IP (ie. ached on the pi-hole), the request is sent upstream and the result cahed.

Aaand in recursive… request is sent to ROOT servers for resolving say, “.us”, and thence to TLD name servers. Domain lookup will go to AUTHORATATIVE servers handling “yearl” (and subdomains), and all will be relayed and chached locally. So, a few more steps? Why do this? Neither Cloudflare nor Google (or whatever my upstream DNS would have been) will know where I am going. So, err privacy. Why not do this? It will take longer for the first resolution of a name.

Install the recursive DNS resolver:

sudo apt install unbound

Update list of primary root servers:

wget -O root.hints https://www.internic.net/domain/named.root
sudo mv root.hints /var/lib/unbound/

Configure unbound:

sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf
...
server:
    verbosity: 1
    port: 5353
    do-ip4: yes
    do-udp: yes
    do-tcp: yes

<h1>May be set to yes if you have IPv6 connectivity</h1>

<pre><code>do-ip6: no

# Use this only when you downloaded the list of primary root servers!
root-hints: "/var/lib/unbound/root.hints"

# Trust glue only if it is within the servers authority
harden-glue: yes

# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
harden-dnssec-stripped: yes

# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
# see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
use-caps-for-id: no

# Reduce EDNS reassembly buffer size.
# Suggested by the unbound man page to reduce fragmentation reassembly problems
edns-buffer-size: 1472

# TTL bounds for cache
cache-min-ttl: 3600
cache-max-ttl: 86400

# Perform prefetching of close to expired message cache entries
# This only applies to domains that have been frequently queried
prefetch: yes

# One thread should be sufficient, can be increased on beefy machines
num-threads: 1

# Ensure kernel buffer is large enough to not loose messages in traffic spikes
so-rcvbuf: 1m

# Ensure privacy of local IP ranges
private-address: 192.168.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
</code></pre>

And start unbound and validate:

sudo service unbound start
dig yearl.us @127.0.0.1 -p 5353
...
; &lt;&lt;>> DiG 9.10.3-P4-Raspbian &lt;&lt;>> yearl.us @127.0.0.1 -p 5353
;; global options: +cmd
;; Got answer:
;; ->>HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 26331
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;yearl.us.          IN  A

;; ANSWER SECTION:
yearl.us.       3585    IN  A   104.28.19.121
yearl.us.       3585    IN  A   104.28.18.121

dig sigok.verteiltesysteme.net @127.0.0.1 -p 5353
...
NOERR
...

And then set custom upstram DNS in the pi-hole webgui to “127.0.0.1#5353”

Some basic Pi (Debian Stretch base) stuff…

Basic Pi config:

$ sudo raspi-config

Move over, ifconfig!

$ hostname -I
192.168.2.23 192.168.0.104

$ ip -4 addr show | grep global
    inet 192.168.2.23/24 brd 192.168.2.255 scope global eth0
    inet 192.168.0.104/24 brd 192.168.0.255 scope global wlan0

$ cat /etc/resolv.conf
# Generated by resolvconf
nameserver 127.0.0.1

What’re my interfaces default gateways?

$ ip route | grep default | awk '{print $3}'
192.168.2.1
192.168.0.1

Can configure a static IP via /etc/network/interfaces or /etc/dhcpcd.conf Might do this when moving the Pi from the 192.168.2.0 subnet to the router “guarding” 192.168.0.0

$ sudo route add default gw 192.168.0.1 eth0
$ sudo /etc/init.d/networking restart

EDIT (2018-06-19): Pi-hole was running quite nicely over wi-fi (assigned to 192.168.0.0), went to put it on the LAN and after removing SD card to placement of the Pi board inso some case the SD card decided to go fuck up. Anyhoo repeated above steps with a new (32GB) SD card, and all appears to be peachy-creamy.



Apr 192018
 

#1 plug laptop into eth0

#2 Edgerouter X defaults to 192.168.1.1 as did the TG589vac, but that doesn’t matter as it is now just a modem

#3 get on same net segment… statically configure laptop to
IP 192.168.1.42 (’cause Douglas Adams, obvs)
NM 255.255.255.0
DG 192.168.1.1

#4 Browser to 192.168.1.1, default login usr and pswd: ‘ubnt’ / ‘ubnt’

Dice!

OOH WHAT A PRETTY INTERFACE. Kinda overwhelming actually. Enable SSH, enable DNS forwarding on all interfaces. Should be good to go right? Wrong!

$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=59 time=15.007 ms
64 bytes from 1.1.1.1: icmp_seq=1 ttl=59 time=15.275 ms

$ ping google.com
ping: cannot resolve google.com: Unknown host

Oh noes.

$ ssh 192.168.1.1 -p 2222 -l ubnt

[email protected]:~$ show dns forwarding nameservers
&#45;----------------------------------------------
 Nameservers configured for DNS forwarding
&#45;----------------------------------------------
1.1.1.1 available via 'system'
8.8.8.8 available via 'system'
89.145.254.78 available via 'ppp pppoe0'
94.30.127.100 available via 'ppp pppoe0'

[email protected]:~$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_req=1 ttl=60 time=18.4 ms
64 bytes from 1.1.1.1: icmp_req=2 ttl=60 time=14.6 ms

[email protected]:~$ ping google.com
PING google.com (216.58.213.78) 56(84) bytes of data.
64 bytes from lhr25s01-in-f14.1e100.net (216.58.213.78): icmp_req=1 ttl=57 time=15.3 ms
64 bytes from lhr25s01-in-f14.1e100.net (216.58.213.78): icmp_req=2 ttl=57 time=15.3 ms

[email protected]:~$configure
[email protected]#set service dns forwarding system
[email protected]#commit
[email protected]# commit
[edit]
[email protected]# save
Saving configuration to '/config/config.boot'...
Done
[edit]
[email protected]# exit
exit
[email protected]:~$

DICE!

Now for the rest of the network… but it’s sooo nice outside. There’s this orange thing in the sky, apparently

Apr 192018
 

Like >90% of folk, I’ve typically used whatever POS modem/router/switch/WAP combo that my ISP supplied me with. These all-in-ones are pretty convenient, but there is something just not right about bundling so many features into a single unit… it basically means that whilst is can do all these things it does not do any one thing particularly well.

Wireless range, for example, is particularly bad (even on the 2.4MHz band). Time for a change. I’ve finally had enough.

#1 get your router’s loin credentials to the service. My ISP had these hard-coded and were not supplied to me. It was a royal waste of 40 minutes trying to explain that I was not trying to login to the TG589vac itself, but instead to use that which allows login to the ISPs edge router… need this to pass on to the replacement router (Ubiquiti’s Edgerouter X) otherwise… no Internetz!

#2 logging in to the TG589vac as “admin” gives one rather limited options, and certainly none for resetting the router. It’s not in the consumer documentation, but log in as “engineer” and use the value next to “Access Key” on the bottom of the device.

#3 Gateway >> Setup Your Gateway >> change “routed type” to bridge

#4 if VSDL retain VLAN 101; if ADSL set ATM VP to 0 and ATM VC to 38

#5 Cross fingers and reboot

#6 Congratulations you now have no Internet access; the TG589vac is now just a modem!

#7 need to get into the device again… that’s an ethernet cable into port #4, so obvs do not connect your new router to this port.

For giggles as “engineer” you get to see that your ISP has probably enabled TR-069 / CWMP. The what now? That’s the L7 protocol that kept your device up-to-date with firmware and such… or is/was a means for them to have get another means to sniff your packets. If you disabled it as soon as you initially got your device, TURN IT BACK ON BEFORE YOU CALL your ISP’s tech support (see #1). Mine got real pissy when I called on an unrelated issue and they could not get in and poke around.

Feb 082012
 

It can take a wee while after getting “sage” to hit 1500. Lots of pretty mundane traceroute6-ing, ping-ing and such, but I stuck through it:

IPv6 Certification Badge for sjy2

 

Really I should have scripted something to chron submit the result entries when the command result was obviously valid, but by the time I had found a reliable list of valid ipv6 addrs that were alive and correctly reporting it was too late for me to bother… and besides I sort of enjoyed the daily catharsis of taking five minutes to submit.

I’d usually stretch it out for ten or fifteen minutes when he kids were being particularly narky… sorry Mrs Sjy2!

Of course it’s of no practical use to me; but Hurricane Electric‘s IPv6 certification certainly has raised ipv6 awareness, I’d say. Actually, I lied there… one tangible benefit was free dinner and cocktails aboard the USS Hornet. My eldest and I took a relative. We had a blast.

Jan 312012
 

Going to be changing ipv4 addresses a lot over the next little while, so I’ve decided to try a different v4-6 brokering arrangement. he.net’s tunnelbroker has been rock solid and I’ve been using it on and off since ’08, but I think it time to try something else.

The ideal would be a self-monitoring client that identifies local ipv4 changes here (kind like a dynDNS client might), and renegotiate an ipv6 endpoint to tunnel through based on that change. he.net’s configureation is a little more static than that, and there is no API that I can see that I can hook into to write that client myself. I sure as hell am not going the ‘scrape screens’ route for this.

First up is sixxxs. Looks like they have a client (AICCU) that might do the trick. Here goes.

A lot of the below is lifted from https://www.sixxs.net/wiki/Aiccu/Installation No apologies from me for that. Just wanted it in a concise space for future reference.

$ tar -zxf aiccu_current.tar.gz
$ cd aiccu
$ make clean
$ make
$ sudo make install
$ chmod 600 /etc/aiccu.conf
$ cd /usr/sbin
$ sudo aiccu start
$ ifconfig -a

Boomshaka!

gif0: flags=8051 mtu 1280 tunnel inet 31.111.38.188 --&gt; 216.93.250.26 inet6 fe80::222:41ff:fe35:cf82%gif0 prefixlen 64 scopeid 0x2 inet6 2001:4830:1100:1c8::2 --&gt; 2001:4830:1100:1c8::1 prefixlen 128
Jun 182011
 

http://ipv6.he.net/certification/

Guru technical test — not done yet, despite being sage!
covers technical knowledge of IPv6 routing and IPv6 related protocols.

When using auto-configuration, what is used from the host to configure the last 64bits of the IPv6 address?
Random number generator is used
Nothing on the host is used
The IPv4 address on the ethernet interface
The MAC address of the ethernet interface
The loopback interface IPv4 address
Question 2
A MAC address is only 48bits. So when using auto-configuration, what is used to fill in the missing 16bits?
FFFF
FE80
0
Nothing, a MAC is really 64bits
FFFE
Question 3
On many routers, which one of the following commands is used to configure an IPv6 address on an interface?
ip address 2001:A:B:C::1/64
ipv6 address 2001:A:B:C:1
ipv6 address 2001:A:B:C::1/64
ipv6 address 2001:A:B:C:1/64
Question 4
What is the length of an IPv6 packet header?
40 bytes
128 bits
16 bytes
32 bits
Question 5
Which of the following organizations assigns IPv6 addresses?
ARIN
RIPE
APNIC
LACNIC
AFRINIC
All of the above
Question 6
What protocol number is used for 6in4 IPv4 packets?
41
6
53
4
Question 7
Which of the following is the 6to4 IPv6 prefix?
ff00::/8
2001:0000::/32
2001:db8::/32
2002::/16
Question 8
Which of the following well-known prefixes is used for Teredo?
2001:0000::/32
2002::/16
ff00::/8
2001:db8::/32
Question 9
Which of the following is an IPv4-mapped IPv6 address?
fe80::20c:dbff:fefb:232b
2001:db8::/32
::10.10.10.2
::ffff:10.10.10.2
Question 10
On operating systems that support it, IPv4-mapped IPv6 addresses are used to:
make it so that you have to write separate code for IPv6 socket calls and IPv4 socket calls
map IPv4 addresses to an IPv6 address to make it so that IPv6 socket system calls can be used with both IPv4 or IPv6 addresses
map IPv6 addresses to IPv4
Question 11
Which of the following is an IPv4-compatible IPv6 address?
fe80::20c:dbff:fefb:232b
::ffff:10.10.10.2
2001:db8::/32
::10.10.10.2
Question 12
IPv4-compatible IPv6 addresses are deprecated in RFC 4291.
True
False
Question 13
Should you ever see packets with IPv4-mapped IPv6 addresses on the wire (outside of a host)?
No
Yes
Question 14
Which version of OSPF supports IPv6?
OSPFv3
OSPFv6
OSPFv0
OSPFv1
Question 15
Which of the following can be used by an IPv6 host to learn the address of a default gateway?
stateless autoconfiguration
neighbor introduction protocol
neighbor discovery protocol
international autoconfiguration
Question 16
Which of the following can be used by a host to learn its own IPv6 address?
neighbor discovery protocol
international autoconfiguration
neighbor introduction protocol
stateless autoconfiguration
Question 17
If you translate IPv4 packets to IPv6 or IPv6 packets to IPv4, this is called:
6in4
completely compatible with all protocols
nat64/dns64/ds-lite
not possible
Question 18
On many routers, what command shows IPv6 routes?
show ipv6 ospf summary
show ipv6 route
show ipv6 bgp summary
Question 19
On many routers, what command shows IPv6 BGP sessions?
show ipv6 ospf summary
show ipv6 bgp route
show ipv6 bgp summary
Question 20
On many routers, what command shows IPv6 BGP routes?
sh ipv6 ospf
sh ipv6 bgp
Jun 182011
 

http://ipv6.he.net/certification/

Covers technical knowledge of well known IPv6 prefixes and expands on your understanding of IPv6 related Linux and Windows commands.

1. What command shows IPv6 addresses configured on ethernet interfaces under UNIX (Linux, FreeBSD, etc.)?
ip -a
ifconfig /all
ip link show
ifconfig X
ipconfig

2. What command shows IPv6 addresses configured on ethernet interfaces under Microsoft Windows?
netsh interface show
ifconfig /all
netsh
ifconfig
ipconfig X

3. Under FreeBSD, what does the generic tunneling interface start with?
png
gif X
fxp
jif

4. Under Linux, what kernel module needs to be loaded to support IPv6 networking?
ip6tables
eepro1000
ipv6 X
sit

5. Are routers allowed to fragment IPv6 packets?
Yes
No X

6. How many bytes are in an IPv6 address?
1
128
16 X
8

7. How many /48 subnets are available in a /32 prefix?
256 XX
6
128 XX
65536 X

8. Which protocol is used for manually configured tunnels?
6to4
6in4 X
Teredo

9. Which of the following is the IPv6 documentation prefix?
::/8 XX
2002::/16 XX
2001:db8::/32 X
fe80::/10

10. Which of the following is the IPv6 link-local prefix?
2002::/16
fe80::/10 X
::/8
ff00::/8

11. Which of the following is the IPv6 multicast prefix?
::/8
ff00::/8 X
fe80::/10
2002::/16

12. Which of the following is the IPv6 ULA (unique local addresses) prefix?
fe80::/10
fc00::/7 X
2002::/16
ff00::/8

13. Which of the following is a subnet of 2001:db8::/32?
fe80::20c:dbff:fefb:232b
2001:db8:7fa5::/48 X
2001:db9::/32
2001:db8::/16

14. On Linux, how would you traceroute to the IPv6 address of he.net?
owamp he.net
traceroute6 he.net X
smokeping he.net
tracert6 he.net

15. On Windows Vista, how would you traceroute to the IPv6 address of he.net?
smokeping he.net
traceroute6 he.net
owamp he.net
tracert he.net X

16. On Linux, what is the IPv6 ping command?
pong
pingit
plonk!
ping6 x

17. Which command forces the UNIX command ssh to use IPv6 to connect to example.com (useful for domains with both A and AAAA records)?
ssh -4 example.com
ssh -6 example.com X
putty example.com
ssh6 example.com

18. You would force the UNIX command ssh to use IPv4 (useful if it had both A and AAAA records) to connect to example.com using which command?
ssh4 example.com
ssh -6 example.com
ssh -4 example.com X
putty example.com

19. Which command forces the UNIX command wget to use IPv6 to make a HTTP GET request to he.net (useful for domains with both A and AAAA records)?
http he.net
wget -4 he.net
wget -6 he.net X
wget6 he.net

20. Which command forces the UNIX command wget to use IPv4 to make a HTTP GET request to he.net (useful for domains with both A and AAAA records)?
wget -4 he.net X
http he.net
wget -6 he.net
wget4 he.net

21. Which command forces the UNIX command mtr to use IPv6 to traceroute to he.net (useful for domains with both A and AAAA records)?
mtr6
mtr -4 he.net
mtr -6 he.net X
ping6 he.net

22. Which command forces the UNIX command mtr to use IPv4 to traceroute to he.net (useful for domains with both A and AAAA records)?
mtr -4 he.net X
mtr -6 he.net
ping4 he.net
mtr4 he.net
Jun 182011
 

http://ipv6.he.net/certification/

Covers technical knowledge of DNS and general IPv6 topics.

1. On Redhat, CentOS, and Fedora Core systems that don't accept ::/0 as the IPv6 default route, which of the following should you use instead?
::1/128
fe80::/10
0.0.0.0
2000::/3 X

2. When configuring forward DNS entries for use with an IPv6 address, what record type do you use?
AAAA X
PTR
mysql
A

3. When configuring reverse DNS with BIND for addresses in the IPv6 allocation 2001:A:B:C::/64, what is the correct format for the zone?
2.0.0.1.0.0.0.A.0.0.0.B.0.0.0.C
C.0.0.0.B.0.0.0.A.0.0.0.1.0.0.2.ip6.arpa X
2.0.0.1.0.0.0.A.0.0.0.B.0.0.0.C.ip6.arpa
2.0.0.1.A.B.C
C.B.A.1.0.0.2.ip6.arpa

4.What is the IPv6 default route?
::/0 X
0.0.0.0
127.0.0.1
::1/128

5. What is the IPv6 localhost address?
::/0
::1/128 X
127.0.0.1
0.0.0.0

6. Which of the following is a link-local address?
::1 XX
::
fe80::20c:dbff:fefb:232b X
3ffe:3200::/32

7. Which of the following URLs specifies a literal IPv6 address correctly?
ipv6://2001:470:0:64::2
http://[2001:470:0:64::2] X
http:[2001:470:0:64::2]
http://2001:470:0:64::2

8. Which of the following URLs specifies a literal IPv6 address and port number correctly?
https://2001:0db8:85a3:08d3:1319:8a2e:0370:7344:443
https:[2001:0db8:85a3:08d3:1319:8a2e:0370:7344]:443
https://[2001:0db8:85a3:08d3:1319:8a2e:0370:7344].443
https://[2001:0db8:85a3:08d3:1319:8a2e:0370:7344]:443 X

9. If you run native IPv4 and IPv6 at the same time this is called:
6in4
6and4
NAT-PT
Dual stack X

10. How do you use the dig command to get the IPv6 address record for domain he.net?
dig he.net 6
dig he.net A
dig he.net AAAA X

11. How do you use the dig command to get the PTR record for the IPv6 address 2001:470:0:76::2?
dig 2001:470:0:76::2
dig 2001:470:0:76::2 PTR
dig -x 2001:470:0:76::2 X
Jun 182011
 

http://ipv6.he.net/certification/

Covers technical knowledge of ping and traceroute commands on Linux and Windows.

1. What command do you use to ping an IPv6 address on Free Open Source UNIX platforms such as Linux, FreeBSD, etc?

<em id="__mceDel"> ping -A inet6
ping --ipv6
ping6 X
pingsix</em>

2. What command do you use to traceroute to an IPv6 address on Free Open Source UNIX platforms such as Linux, FreeBSD, etc?
traceroute -A inet6
traceroute --inet6
traceroute6 X
traceroutesix

3. What command do you use to ping an IPv6 address on a Microsoft Windows platform?
pingsix
ping --inet6
ping X
ping --ipv6

4. What command do you use to traceroute to an IPv6 address on a Microsoft Windows platform?
traceroute
traceroute6
tracert --ipv6
tracert X

5. IPv6 addresses are written using what number base?
hexadecimal (base 16) X
octal (base 8)
binary (base 2)
decimal (base 10)

6. Hexadecimal digits are represented by:
0 to 9
0 to 9 and A to F X
0 to 7
0 and 1