Official TM UniFi High Speed Broadband Thread V41

Lowyat.NET forums

Lowyat.NET Kopitiam Garage Sales

Lowyat.NET Rules and Regulations FAQ Help Search Members

Welcome Guest ( Log In | Register )

Lowyat.NET -> Networks and Broadband

Bump Topic Topic Closed RSS Feed

456 Pages « < 449 450 451 452 453 > » Bottom

Outline · [ Standard ] · Linear+

Unifi Official TM UniFi High Speed Broadband Thread V41, READ 1ST PAGE FOR RELEVANT WIFI INFO

views

kwss	Nov 28 2023, 01:49 PM Show posts by this member only \| IPv6 \| Post #9001
Regular Senior Member 1,207 posts Joined: Aug 2018	QUOTE(BenYeeHua @ Nov 28 2023, 01:42 PM) Another nice troll by you, lol. Are we at /k? I am sure I am on "Networks and Broadband" Here is your result, safe mode + profiling. It did nothing, but showing it is DNS error, again, as F12 - networking. Based on bugzilla, they mention their profiling tools are greatly limited, lol. Anyways, I am here to learn based on Truth, not TROLL!! Fuck off if you do nothing to this thread!!! You obviously still blame Public Bank. I double checked it and there is nothing wrong. Come papa teach you. CODE dig pbebank.com +trace What you see is DNSSEC in action. In DNSSEC, all non-existance record must be signed, it's called NSEC3 Today papa good mood. Who is so kind to teach high ego people for free. Regards, Someone who don't know DNS
Card PM	Report Top Like Quote Reply

BenYeeHua	Nov 28 2023, 02:00 PM Show posts by this member only \| IPv6 \| Post #9002
Regular Senior Member 1,873 posts Joined: Nov 2010	QUOTE(kwss @ Nov 28 2023, 01:49 PM) You obviously still blame Public Bank. I double checked it and there is nothing wrong. Come papa teach you. CODE dig pbebank.com +trace What you see is DNSSEC in action. In DNSSEC, all non-existance record must be signed, it's called NSEC3 Today papa good mood. Who is so kind to teach high ego people for free. Regards, Someone who don't know DNS Me: "dig AAAA www.pbebank.com" is "status: SERVFAIL" You: Nah, IPv4 "dig pbebank.com +trace" is fine, so "dig AAAA www.pbebank.com" is fine!!! You still keep trolling, high ego people, hahaha.
Card PM	Report Top Like Quote Reply

BenYeeHua	Nov 28 2023, 02:07 PM Show posts by this member only \| IPv6 \| Post #9003
Regular Senior Member 1,873 posts Joined: Nov 2010	More here CODE dig aaaa pbebank.com @1.1.1.1 ; <<>> DiG 9.16.37 <<>> aaaa pbebank.com @1.1.1.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 7558 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; EDE: 6 (DNSSEC Bogus): (proof of non-existence of pbebank.com. AAAA) ;; QUESTION SECTION: ;pbebank.com. IN AAAA ;; Query time: 31 msec ;; SERVER: 1.1.1.1#53(1.1.1.1) ;; WHEN: Tue Nov 28 14:01:49 Malay Peninsula Standard Time 2023 ;; MSG SIZE rcvd: 89 QUOTE ; EDE: 6 (DNSSEC Bogus): (proof of non-existence of pbebank.com. AAAA) QUOTE This domain did not pass DNSSEC validation. The signatures for the target record, or the proof of non-existence of the target records, are invalid. Check your DNS configuration. https://developers.cloudflare.com/1.1.1.1/i...ns-error-codes/ CODE dig aaaa pbebank.com @8.8.8.8 ; <<>> DiG 9.16.37 <<>> aaaa pbebank.com @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 36087 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ; EDE: 12 (NSEC Missing): (No NSEC or NSEC3 records to validate non-existence of pbebank.com/aaaa) ;; QUESTION SECTION: ;pbebank.com. IN AAAA ;; Query time: 31 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Nov 28 14:04:19 Malay Peninsula Standard Time 2023 ;; MSG SIZE rcvd: 116 QUOTE ; EDE: 12 (NSEC Missing): (No NSEC or NSEC3 records to validate non-existence of pbebank.com/aaaa) QUOTE This domain did not pass DNSSEC validation. The upstream nameserver did not include a valid proof of non-existence for the target name. Make sure the zone is signed with DNSSEC and has valid NSEC/NSEC3 records. https://developers.cloudflare.com/1.1.1.1/i...ns-error-codes/ Compare with others IPv4 only website, but supported AAAA. CODE dig aaaa v4.ipv6test.app @1.1.1.1 ; <<>> DiG 9.16.37 <<>> aaaa v4.ipv6test.app @1.1.1.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35565 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;v4.ipv6test.app. IN AAAA ;; AUTHORITY SECTION: ipv6test.app. 900 IN SOA ns-1656.awsdns-15.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 ;; Query time: 109 msec ;; SERVER: 1.1.1.1#53(1.1.1.1) ;; WHEN: Tue Nov 28 14:03:23 Malay Peninsula Standard Time 2023 ;; MSG SIZE rcvd: 131 And you still change topic to another side, ignoring other's website AAAA record are FINE. Blame on user error.
Card PM	Report Top Like Quote Reply

BenYeeHua	Nov 28 2023, 02:09 PM Show posts by this member only \| IPv6 \| Post #9004
Regular Senior Member 1,873 posts Joined: Nov 2010	Here is maybank. CODE dig aaaa www.maybank2u.com.my @8.8.8.8 ; <<>> DiG 9.16.37 <<>> aaaa www.maybank2u.com.my @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26319 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;www.maybank2u.com.my. IN AAAA ;; ANSWER SECTION: www.maybank2u.com.my. 118 IN CNAME www.maybank2u.com.my.edgekey.net. www.maybank2u.com.my.edgekey.net. 12426 IN CNAME e25167.x.akamaiedge.net. ;; AUTHORITY SECTION: x.akamaiedge.net. 268 IN SOA n0x.akamaiedge.net. hostmaster.akamai.com. 1701150978 1000 1000 1000 1800 ;; Query time: 15 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Nov 28 14:08:30 Malay Peninsula Standard Time 2023 ;; MSG SIZE rcvd: 190 status: NOERROR But I think you still will saying, PBE do nothing wrong, hahahaha. --- Conclusion again, PBE did something wrong on AAAA, it seem like they are having issues on DNSSEC. As others like Maybank passed DNSSEC verification on Empty AAAA, it means PBE still need to fix it, even it is empty IPv6 address as result. This post has been edited by BenYeeHua: Nov 28 2023, 02:11 PM
Card PM	Report Top Like Quote Reply

kwss	Nov 28 2023, 02:12 PM Show posts by this member only \| IPv6 \| Post #9005
Regular Senior Member 1,207 posts Joined: Aug 2018	QUOTE(BenYeeHua @ Nov 28 2023, 02:07 PM) More here CODE dig aaaa pbebank.com @1.1.1.1 ; <<>> DiG 9.16.37 <<>> aaaa pbebank.com @1.1.1.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 7558 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ; EDE: 6 (DNSSEC Bogus): (proof of non-existence of pbebank.com. AAAA) ;; QUESTION SECTION: ;pbebank.com. IN AAAA ;; Query time: 31 msec ;; SERVER: 1.1.1.1#53(1.1.1.1) ;; WHEN: Tue Nov 28 14:01:49 Malay Peninsula Standard Time 2023 ;; MSG SIZE rcvd: 89 https://developers.cloudflare.com/1.1.1.1/i...ns-error-codes/ CODE dig aaaa pbebank.com @8.8.8.8 ; <<>> DiG 9.16.37 <<>> aaaa pbebank.com @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 36087 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ; EDE: 12 (NSEC Missing): (No NSEC or NSEC3 records to validate non-existence of pbebank.com/aaaa) ;; QUESTION SECTION: ;pbebank.com. IN AAAA ;; Query time: 31 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Tue Nov 28 14:04:19 Malay Peninsula Standard Time 2023 ;; MSG SIZE rcvd: 116 https://developers.cloudflare.com/1.1.1.1/i...ns-error-codes/ Compare with others IPv4 only website, but supported AAAA. CODE dig aaaa v4.ipv6test.app @1.1.1.1 ; <<>> DiG 9.16.37 <<>> aaaa v4.ipv6test.app @1.1.1.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35565 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;v4.ipv6test.app. IN AAAA ;; AUTHORITY SECTION: ipv6test.app. 900 IN SOA ns-1656.awsdns-15.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400 ;; Query time: 109 msec ;; SERVER: 1.1.1.1#53(1.1.1.1) ;; WHEN: Tue Nov 28 14:03:23 Malay Peninsula Standard Time 2023 ;; MSG SIZE rcvd: 131 And you still change topic to another side, ignoring other's website AAAA record are FINE. Blame on user error. CODE dig pbebank.com +trace ; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> pbebank.com +trace ;; global options: +cmd . 15357 IN NS a.root-servers.net. . 15357 IN NS b.root-servers.net. . 15357 IN NS c.root-servers.net. . 15357 IN NS d.root-servers.net. . 15357 IN NS e.root-servers.net. . 15357 IN NS f.root-servers.net. . 15357 IN NS g.root-servers.net. . 15357 IN NS h.root-servers.net. . 15357 IN NS i.root-servers.net. . 15357 IN NS j.root-servers.net. . 15357 IN NS k.root-servers.net. . 15357 IN NS l.root-servers.net. . 15357 IN NS m.root-servers.net. . 15357 IN RRSIG NS 8 0 518400 20231210050000 20231127040000 46780 . qzfQhxgaypARZKV79AZ7ZrThuOiQfEsJawcaJEJchmHfyz4/Cud+wllI 244xxeJQofKSmglOiONsse3i/CfmxassYgKQgMrzqa2SSvCCTPFjfWUm jPPzQFhcjITcpLmev5c84nG4j+dwUWkfXOlsaO360Gm8iQXVopQbZXoQ sMTaFNBo+e6UjndTa9/3pLeyuE9gElrrdr0GhCjA32yRyTwEbdcCM0pw uUyn6LFa22mfSfKA6EQc1XA0Z3DWs0pdbA6bzwdjZSBZpOhxSBKy2FwS 62Oqt7seOMtRfYhlqvzEUGmNazUr2YgV0nlDutaWNeoVh9TVXE3j1dm4 M2oF3w== ;; Received 717 bytes from 127.0.0.1#53(127.0.0.1) in 40 ms com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766 com. 86400 IN RRSIG DS 8 1 86400 20231211050000 20231128040000 46780 . AB0wxGUe/6J/3O1b+gX65q2tRpB/pTK2q2SwPcTMM+PJcz8mnjk7MuAv h6fS/ulTrSVZ8CffF8CFQTZVIaIWC9CV/jOjJhdCOcggKbGZnKhjegHq uGvYCEV32TvoLMIkoMZXF1dLOZM389pPOJEjMzZyK2jaFBcBRceYPfBK MCEXVDQ1utI5MOzwXy4xAC3jKEGpOH1aVHxj205XejjYO3gPnPjCB6kd /eViI0qDRlBtI3CfUxJ6A/d6Fgun+EzyiqMZ2ZVqOH8LTdRczz+FOL86 /vh5ZzlgY2zRmbl9RYsPr/XDbkdQ2nrVPCaUDSMMhY/AcDSvxC6yOUFv /TO1lg== ;; Received 1171 bytes from 192.58.128.30#53(j.root-servers.net) in 12 ms pbebank.com. 172800 IN NS ns1.a1.impervasecuredns.net. pbebank.com. 172800 IN NS ns1.a2.impervasecuredns.net. pbebank.com. 172800 IN NS ns1.a0.impervasecuredns.net. pbebank.com. 86400 IN DS 34567 8 2 A552CD4F0FF3299CBC0698DACD65FE7AAB2A6EE735770CE0854813A4 BD9B3650 pbebank.com. 86400 IN RRSIG DS 8 2 86400 20231202054645 20231125043645 63246 com. QQ0j7nRZL+oKGOhWtIq4Avdv4sgXVF9DJdBpHfVJK4SGiG7JCUtGzbVy Oqza+p+wkp048p7WXNkcxME5zq9pz/UCAKg8BpB83jTMuaj/lhSJonBD rUF4YZ2dZks1RU50ELJZho9Mtc/OE1AKtzrPuhQB6XC1r/ipiKj+ePuR cXNunJriKKL1sBOfma17CW46AVBhJA8OLFku2zuozuN/9Q== ;; Received 366 bytes from 2001:502:8cc::30#53(h.gtld-servers.net) in 16 ms pbebank.com. 30 IN A 203.115.208.218 pbebank.com. 30 IN RRSIG A 8 2 30 20231202171229 20231125161229 52614 pbebank.com. AH3Ta4kcJtg6oXS9+zRGxzcciedLVh8g7ycPDdSSf9R0Vnu0Z2f4CCCV GvvpVTQza776eZ0+ate+7ehmB2Enl2EhwxWI/nMDQi64f6yBIg2ThnQg JMnjxkEgBoGVPzWVxXNOGh5Zs0EvYPpYzyIIUamn2t8DsggEifwj0E2U eC90vSjXtOq3foeh1+hTT0xF+z8kpeVLiCaM3GmxjDzAnHwFy945Xn/Y Uey0IeNod9mSREFoEpcL+apsFHJQIKOIXvr2K6zU5mOU//ZkRf68CoIN tfp33zfpdGWwdVWoAUmtA6mnOfTJzDdxfE9qJQ1kac8Uh/JUF+FudR8T UY634A== ;; Received 355 bytes from 192.230.123.1#53(ns1.a2.impervasecuredns.net) in 20 ms You keep running dig with a router that chew up your packet. DNS Analyzer and DNSViz said Public Bank is fine.
Card PM	Report Top Like Quote Reply

BenYeeHua	Nov 28 2023, 02:15 PM Show posts by this member only \| IPv6 \| Post #9006
Regular Senior Member 1,873 posts Joined: Nov 2010	QUOTE(kwss @ Nov 28 2023, 02:12 PM) » Click to show Spoiler - click again to hide... « CODE dig pbebank.com +trace ; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> pbebank.com +trace ;; global options: +cmd . 15357 IN NS a.root-servers.net. . 15357 IN NS b.root-servers.net. . 15357 IN NS c.root-servers.net. . 15357 IN NS d.root-servers.net. . 15357 IN NS e.root-servers.net. . 15357 IN NS f.root-servers.net. . 15357 IN NS g.root-servers.net. . 15357 IN NS h.root-servers.net. . 15357 IN NS i.root-servers.net. . 15357 IN NS j.root-servers.net. . 15357 IN NS k.root-servers.net. . 15357 IN NS l.root-servers.net. . 15357 IN NS m.root-servers.net. . 15357 IN RRSIG NS 8 0 518400 20231210050000 20231127040000 46780 . qzfQhxgaypARZKV79AZ7ZrThuOiQfEsJawcaJEJchmHfyz4/Cud+wllI 244xxeJQofKSmglOiONsse3i/CfmxassYgKQgMrzqa2SSvCCTPFjfWUm jPPzQFhcjITcpLmev5c84nG4j+dwUWkfXOlsaO360Gm8iQXVopQbZXoQ sMTaFNBo+e6UjndTa9/3pLeyuE9gElrrdr0GhCjA32yRyTwEbdcCM0pw uUyn6LFa22mfSfKA6EQc1XA0Z3DWs0pdbA6bzwdjZSBZpOhxSBKy2FwS 62Oqt7seOMtRfYhlqvzEUGmNazUr2YgV0nlDutaWNeoVh9TVXE3j1dm4 M2oF3w== ;; Received 717 bytes from 127.0.0.1#53(127.0.0.1) in 40 ms com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766 com. 86400 IN RRSIG DS 8 1 86400 20231211050000 20231128040000 46780 . AB0wxGUe/6J/3O1b+gX65q2tRpB/pTK2q2SwPcTMM+PJcz8mnjk7MuAv h6fS/ulTrSVZ8CffF8CFQTZVIaIWC9CV/jOjJhdCOcggKbGZnKhjegHq uGvYCEV32TvoLMIkoMZXF1dLOZM389pPOJEjMzZyK2jaFBcBRceYPfBK MCEXVDQ1utI5MOzwXy4xAC3jKEGpOH1aVHxj205XejjYO3gPnPjCB6kd /eViI0qDRlBtI3CfUxJ6A/d6Fgun+EzyiqMZ2ZVqOH8LTdRczz+FOL86 /vh5ZzlgY2zRmbl9RYsPr/XDbkdQ2nrVPCaUDSMMhY/AcDSvxC6yOUFv /TO1lg== ;; Received 1171 bytes from 192.58.128.30#53(j.root-servers.net) in 12 ms pbebank.com. 172800 IN NS ns1.a1.impervasecuredns.net. pbebank.com. 172800 IN NS ns1.a2.impervasecuredns.net. pbebank.com. 172800 IN NS ns1.a0.impervasecuredns.net. pbebank.com. 86400 IN DS 34567 8 2 A552CD4F0FF3299CBC0698DACD65FE7AAB2A6EE735770CE0854813A4 BD9B3650 pbebank.com. 86400 IN RRSIG DS 8 2 86400 20231202054645 20231125043645 63246 com. QQ0j7nRZL+oKGOhWtIq4Avdv4sgXVF9DJdBpHfVJK4SGiG7JCUtGzbVy Oqza+p+wkp048p7WXNkcxME5zq9pz/UCAKg8BpB83jTMuaj/lhSJonBD rUF4YZ2dZks1RU50ELJZho9Mtc/OE1AKtzrPuhQB6XC1r/ipiKj+ePuR cXNunJriKKL1sBOfma17CW46AVBhJA8OLFku2zuozuN/9Q== ;; Received 366 bytes from 2001:502:8cc::30#53(h.gtld-servers.net) in 16 ms pbebank.com. 30 IN A 203.115.208.218 pbebank.com. 30 IN RRSIG A 8 2 30 20231202171229 20231125161229 52614 pbebank.com. AH3Ta4kcJtg6oXS9+zRGxzcciedLVh8g7ycPDdSSf9R0Vnu0Z2f4CCCV GvvpVTQza776eZ0+ate+7ehmB2Enl2EhwxWI/nMDQi64f6yBIg2ThnQg JMnjxkEgBoGVPzWVxXNOGh5Zs0EvYPpYzyIIUamn2t8DsggEifwj0E2U eC90vSjXtOq3foeh1+hTT0xF+z8kpeVLiCaM3GmxjDzAnHwFy945Xn/Y Uey0IeNod9mSREFoEpcL+apsFHJQIKOIXvr2K6zU5mOU//ZkRf68CoIN tfp33zfpdGWwdVWoAUmtA6mnOfTJzDdxfE9qJQ1kac8Uh/JUF+FudR8T UY634A== ;; Received 355 bytes from 192.230.123.1#53(ns1.a2.impervasecuredns.net) in 20 ms You keep running dig with a router that chew up your packet. DNS Analyzer and DNSViz said Public Bank is fine. Sure? You are changing topic. I run dig aaaa pbebank.com @8.8.8.8, you run dig aaaa pbebank.com +trace that showing no error. You dare to post your result at dig aaaa pbebank.com And proof it is not "status: SERVFAIL"? Also dig aaaa pbebank.com @8.8.8.8 pls. This post has been edited by BenYeeHua: Nov 28 2023, 02:16 PM
Card PM	Report Top Like Quote Reply

kwss	Nov 28 2023, 02:24 PM Show posts by this member only \| IPv6 \| Post #9007
Regular Senior Member 1,207 posts Joined: Aug 2018	QUOTE(BenYeeHua @ Nov 28 2023, 02:15 PM) Sure? You are changing topic. I run dig aaaa pbebank.com @8.8.8.8, you run dig aaaa pbebank.com +trace that showing no error. You dare to post your result at dig aaaa pbebank.com And proof it is not "status: SERVFAIL"? Also dig aaaa pbebank.com @8.8.8.8 pls. Ah okay I get what you mean. LMAO. Yes in this case Public Bank is non-compliant. Don't la so emo... Jeez
Card PM	Report Top Like Quote Reply

karenzayn	Nov 28 2023, 02:33 PM Show posts by this member only \| IPv6 \| Post #9008
Getting Started Junior Member 98 posts Joined: Sep 2019 From: Kuching	eating popcorns
Card PM	Report Top Like Quote Reply

kwss	Nov 28 2023, 02:38 PM Show posts by this member only \| IPv6 \| Post #9009
Regular Senior Member 1,207 posts Joined: Aug 2018	Tested other website with DNSSEC: cloudflare.com imi.gov.my imi.gov.my don't have AAAA but it does return NSEC3 Want to try with your Netis and see if it works?
Card PM	Report Top Like Quote Reply

BenYeeHua	Nov 28 2023, 02:43 PM Show posts by this member only \| IPv6 \| Post #9010
Regular Senior Member 1,873 posts Joined: Nov 2010	QUOTE(kwss @ Nov 28 2023, 02:24 PM) Ah okay I get what you mean. LMAO. Yes in this case Public Bank is non-compliant. Don't la so emo... Jeez Thanks, now you understand, I said again. PBE is doing business, like Firefox, like Chrome. When there is a bug on 99% of website, even it is out of spec, they will "FIX" it by allowing that bug keep running. Now, it is my router, the DNS relay got bug, or it is designed taking care too much, it should not drop the result at it own. For business, it is not: CUSTOMER ERROR!!! Change your router!!!! Stop using IE!!! Customer xN: But, I can't install Chrome on this business PC, I also can't change my router???It is expensive!!! But it is: Hei, it is bug on your router, thanks for discovering it out, because there is still many NETIS ROUTER as default TM router for TM customer out there, even it is not on our side, let us fix for you!!! (As nearby thread is AC1200, I am sure NETIS still a lot, lol) Argue with customer is not the correct method, seeking out why and solution it is. Even it is customer's router fault, you can fix on your server side, right? Anyways, I found out more deeper thanks to you, lol at PBE mistake on AAAA DNSSEC. And lucky, most browser don't break because this DNS relay, mostly result in slowdown, else gonna be many angry customer for them these past 4 years. ---- I also wonder will PBE "fix" it, it means 10s faster for NETIS customer, lol. --- QUOTE(Oltromen Ripot @ Nov 28 2023, 12:45 PM) you have IPv6 enabled on WAN's side? what if custom-DNSv6 in client device (i.e. skip resolving AAAA using router)? does it eliminate the time length? For your interest, here is latest info. While, well, you know. I found out this. https://blog.cloudflare.com/dig-through-servfails-with-ede/ So the result is, the DNS RELAY think they can save the processing cost, traffic or something. If they spoted status: SERVFAIL, they will drop it. So the browser: I asked A and AAAA query, I received A result, I gonna wait for my AAAA result that I asked for. 10s later.... Browser: Nothing? 1. Failed and loading based on A result. -60% 2. Failed and showing website failed to load(this happen a lot as well, lol) -40% Really, lol.
Card PM	Report Top Like Quote Reply

BenYeeHua	Nov 28 2023, 02:45 PM Show posts by this member only \| IPv6 \| Post #9011
Regular Senior Member 1,873 posts Joined: Nov 2010	QUOTE(karenzayn @ Nov 28 2023, 02:33 PM) eating popcorns QUOTE(kwss @ Nov 28 2023, 02:38 PM) Tested other website with DNSSEC: cloudflare.com imi.gov.my imi.gov.my don't have AAAA but it does return NSEC3 Want to try with your Netis and see if it works? Yes, it works, because it is "status: NOERROR" The router's DNS relay only drop on "status: SERVFAIL". CODE dig aaaa imi.gov.my ; <<>> DiG 9.16.37 <<>> aaaa imi.gov.my ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63776 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;imi.gov.my. IN AAAA ;; AUTHORITY SECTION: imi.gov.my. 29 IN SOA dns1.gitn.net.my. planning.gitn.com.my. 2023072840 10800 3600 604800 38400 ;; Query time: 20 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Tue Nov 28 14:43:58 Malay Peninsula Standard Time 2023 ;; MSG SIZE rcvd: 107 So, as long as no "status: SERVFAIL" with error on DNSSEC, it is fine.
Card PM	Report Top Like Quote Reply

BenYeeHua	Nov 28 2023, 02:47 PM Show posts by this member only \| IPv6 \| Post #9012
Regular Senior Member 1,873 posts Joined: Nov 2010	Fun fact, I open 192.168.1.1 and perform PING6 at those address, it also hang the whole router last 1 minute, lol. So, please avoid cheap router, at least use branded router la, only AC1200v2 is the random reboot king, lol. This post has been edited by BenYeeHua: Nov 28 2023, 02:48 PM
Card PM	Report Top Like Quote Reply

kwss	Nov 28 2023, 02:50 PM Show posts by this member only \| IPv6 \| Post #9013
Regular Senior Member 1,207 posts Joined: Aug 2018	QUOTE(BenYeeHua @ Nov 28 2023, 02:45 PM) Yes, it works, because it is "status: NOERROR" The router's DNS relay only drop on "status: SERVFAIL". CODE dig aaaa imi.gov.my ; <<>> DiG 9.16.37 <<>> aaaa imi.gov.my ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63776 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;imi.gov.my. IN AAAA ;; AUTHORITY SECTION: imi.gov.my. 29 IN SOA dns1.gitn.net.my. planning.gitn.com.my. 2023072840 10800 3600 604800 38400 ;; Query time: 20 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Tue Nov 28 14:43:58 Malay Peninsula Standard Time 2023 ;; MSG SIZE rcvd: 107 So, as long as no "status: SERVFAIL" with error on DNSSEC, it is fine. Alright. So if we test another one with: dnssec-failed.org Then it should fail too on Netis? If that's the case then it's confirmed the router drop packet solely based on SERVFAIL BenYeeHua liked this post
Card PM	Report Top Like Quote Reply

kwss	Nov 28 2023, 03:01 PM Show posts by this member only \| IPv6 \| Post #9014
Regular Senior Member 1,207 posts Joined: Aug 2018	It's clear now this happen because TM never catch this problem during hardware validation. Reason: TM DNS never validate DNSSEC CODE dig aaaa pbebank.com @1.9.1.9 ; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> aaaa pbebank.com @1.9.1.9 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23130 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;pbebank.com. IN AAAA ;; Query time: 20 msec ;; SERVER: 1.9.1.9#53(1.9.1.9) (UDP) ;; WHEN: Tue Nov 28 14:58:08 +08 2023 ;; MSG SIZE rcvd: 40 CODE dig aaaa dnssec-failed.org @1.9.1.9 ; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> aaaa dnssec-failed.org @1.9.1.9 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 645 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;dnssec-failed.org. IN AAAA ;; AUTHORITY SECTION: dnssec-failed.org. 900 IN SOA dns101.comcast.org. dnsadmin.comcast.net. 2010102371 900 180 604800 7200 ;; Query time: 356 msec ;; SERVER: 1.9.1.9#53(1.9.1.9) (UDP) ;; WHEN: Tue Nov 28 15:00:43 +08 2023 ;; MSG SIZE rcvd: 117
Card PM	Report Top Like Quote Reply

BenYeeHua	Nov 28 2023, 03:03 PM Show posts by this member only \| IPv6 \| Post #9015
Regular Senior Member 1,873 posts Joined: Nov 2010	QUOTE(kwss @ Nov 28 2023, 02:50 PM) Alright. So if we test another one with: dnssec-failed.org Then it should fail too on Netis? If that's the case then it's confirmed the router drop packet solely based on SERVFAIL Yes, unsure who did that to save the processing cost, lol. IF status = "SERVFAIL"; return; Else redirect the result; Who did that, lol!!!! PS: I double confirmed, my router's Firewall and SPI for IPv4 and IPv6 are disabled, so it is not Firewall, but DNS relay. --- Anyways, another lesson, don't trust your router and DNS over UDP, it can be spoofed by MITM, specially public WiFi that don't block traffic in between clients. Enable your Windows 11(shitty Microsoft, only support it on Windows 11 lol), Browser and Android/iOS secure DNS for the best. But... Doing this caused another bug, lol. Yes, the "captive portal" will stop working for many Android phone, so you can't login to those public WiFi, because they need to based on DNS over UDP on their router to redirect you, they don't support hijacking http, they only modify the DNS result, lol. PS: Same to TM, you know la. QUOTE Since Android 5.0 (API level 21), Android devices have detected captive portals and notified the user that they need to sign in to the network to access the internet. Captive portals were detected using cleartext HTTP probes to known destinations (such as connectivitycheck.gstatic.com), and if the probe received an HTTP redirect, the device assumed that the network was a captive portal. This technique can be unreliable because there is no standard URL to probe, and such probes could be mistakenly allowed or blocked (instead of redirected) by captive portal networks. The API allows portals to provide a positive signal that login is required, along with a URL to log in to. https://developer.android.com/about/version.../captive-portal --- Anyways, I hope we are happy living in this buggy world, lol.
Card PM	Report Top Like Quote Reply

BenYeeHua	Nov 28 2023, 03:05 PM Show posts by this member only \| IPv6 \| Post #9016
Regular Senior Member 1,873 posts Joined: Nov 2010	QUOTE(kwss @ Nov 28 2023, 03:01 PM) It's clear now this happen because TM never catch this problem during hardware validation. Reason: TM DNS never validate DNSSEC CODE dig aaaa pbebank.com @1.9.1.9 ; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> aaaa pbebank.com @1.9.1.9 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23130 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;pbebank.com. IN AAAA ;; Query time: 20 msec ;; SERVER: 1.9.1.9#53(1.9.1.9) (UDP) ;; WHEN: Tue Nov 28 14:58:08 +08 2023 ;; MSG SIZE rcvd: 40 CODE dig aaaa dnssec-failed.org @1.9.1.9 ; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> aaaa dnssec-failed.org @1.9.1.9 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 645 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;dnssec-failed.org. IN AAAA ;; AUTHORITY SECTION: dnssec-failed.org. 900 IN SOA dns101.comcast.org. dnsadmin.comcast.net. 2010102371 900 180 604800 7200 ;; Query time: 356 msec ;; SERVER: 1.9.1.9#53(1.9.1.9) (UDP) ;; WHEN: Tue Nov 28 15:00:43 +08 2023 ;; MSG SIZE rcvd: 117 Well, never forgot BGP outage... https://www.digitalnewsasia.com/digital-eco...ternet-slowdown NETIS + TM = great result. This is also mean that, default is the best... For compatibly, not for safety!!! Bug + Bug = Fine Bug + Safety = Broken As always... --- Ah shit!! It means PBE not gonna fix it!!! Because by default, NETIS customer will not facing this bug. BUG(UniFi's DNS) + BUG(NETIS) + BUG(PBE) = Fine Triple the bug, triple the fun!!! wonderful world!!! LOL!!!!! This post has been edited by BenYeeHua: Nov 28 2023, 03:11 PM
Card PM	Report Top Like Quote Reply

kwss	Nov 28 2023, 03:11 PM Show posts by this member only \| IPv6 \| Post #9017
Regular Senior Member 1,207 posts Joined: Aug 2018	Since you mention BGP, TM failed RPKI test https://rpkitest.nlnetlabs.net/ Pass on Celcom.
Card PM	Report Top Like Quote Reply

beverlykho	Nov 28 2023, 03:14 PM Show posts by this member only \| Post #9018
On my way Junior Member 500 posts Joined: Dec 2007	QUOTE(karenzayn @ Nov 28 2023, 02:33 PM) eating popcorns Want some chocolates to trade for your popcorn?
Card PM	Report Top Like Quote Reply

BenYeeHua	Nov 28 2023, 03:16 PM Show posts by this member only \| IPv6 \| Post #9019
Regular Senior Member 1,873 posts Joined: Nov 2010	QUOTE(kwss @ Nov 28 2023, 03:11 PM) Since you mention BGP, TM failed RPKI test https://rpkitest.nlnetlabs.net/ Pass on Celcom. But no choice, just like most bank is operating on COBOL, Malaysia also working on TM backbone. Zero escape, unless you move out to other country, then you will facing another COBOL, lol. Better stick with the bug you know, easyfix. --- Bug! Bug everywhere! https://knowyourmeme.com/memes/x-x-everywhere --- QUOTE(beverlykho @ Nov 28 2023, 03:14 PM) Want some chocolates to trade for your popcorn? Aiya, the fight is done. Only NETIS router's customer and default DNS customer is hurt/in danger, if you use your own expensive router, you can leave now. This post has been edited by BenYeeHua: Nov 28 2023, 03:17 PM
Card PM	Report Top Like Quote Reply

ycs	Nov 28 2023, 03:23 PM Show posts by this member only \| Post #9020
MEMBER Senior Member 4,221 posts Joined: Jan 2003 From: Selangor	» Click to show Spoiler - click again to hide... « QUOTE(BenYeeHua @ Nov 28 2023, 03:16 PM) But no choice, just like most bank is operating on COBOL, Malaysia also working on TM backbone. Zero escape, unless you move out to other country, then you will facing another COBOL, lol. Better stick with the bug you know, easyfix. --- Bug! Bug everywhere! https://knowyourmeme.com/memes/x-x-everywhere --- Aiya, the fight is done. Only NETIS router's customer and default DNS customer is hurt/in danger, if you use your own expensive router, you can leave now. tolong kasi tldr for layman pbe user
Card PM	Report Top Like Quote Reply

« Next Oldest · Networks and Broadband · Next Newest »

456 Pages « < 449 450 451 452 453 > » Top

Topic ClosedOptions

Change to:

0.0232sec

0.35

6 queries

GZIP Disabled
Time is now: 30th November 2025 - 05:47 AM

All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)

Removal Request

Powered by Invision Power Board © 2025 IPS, Inc.