[Unbound-users] C-root IPv6 patch
Leen Besselink
leen at consolejunkie.net
Sun Mar 30 22:05:27 UTC 2014
On Sun, Mar 30, 2014 at 11:28:29PM +0200, Anand Buddhdev wrote:
> On 30/03/2014 22:31, Stephan Lagerholm wrote:
>
> >> Well, not applying the patch won't prevent your cache from trying C-
> >> root's IPv6 address, because a priming query will give you the IPv6
> >> address. The patch just makes unbound's internal hints consistent with
> >> the published root hints and the priming query.
> >
> > Good point, I guess the right thing to do is to add
> > do-not-query-address: 2001:500:2::c
> > to unbound's configuration file until the issues are resolved.
>
> I just queried all IPv6-enabled root name servers from 51 RIPE Atlas
> anchors (it will take a few days to update DNSMON). The numbers below
> show how many probes successfully got responses:
>
> A 51
> C 48
> D 51
> F 51
> H 51
> I 49
> J 51
> K 51
> L 47
> M 50
>
> As you can see, it's not just C-root that's not widely reachable. Some
> other root name servers also show some reachability issues. Have you
> tested all the other root name servers from your location? If they are
> unreachable, will you also blacklist them?
>
Those numbers look really low to me.
Did you query that from only IPv6-enabled RIPE Atlas anchors ?
Or is there are large number in that pool that don't have any IPv6 connectifity ?
> However, this discussion is diverging from unbound to general roor name
> server reachability, so bringing this back to unbound, I still think its
> hints should be kept up to date. And I know that unbound will remember
> unreachable name servers, and make fewer queries towards them. I don't
> think the occasional timeout is worth worrying about.
>
> Regards,
>
> Anand Buddhdev
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
More information about the Unbound-users
mailing list