Maintained by: NLnet Labs

[Unbound-users] C-root IPv6 patch

Anand Buddhdev
Sun Mar 30 21:18:01 CEST 2014


On 30/03/2014 20:34, Stephan Lagerholm wrote:

Hi Stephan,

> There are still peering issues with that particular operator over
> IPv6. At least from where I try:
> 
> stephan at pi:~$ dig -6 @a.root-servers.net . SOA +short
> a.root-servers.net. nstld.verisign-grs.com. 2014033001 1800 900 604800 86400
> 
> stephan at pi:~$ dig -6 @c.root-servers.net . SOA +short
> ; <<>> DiG 9.9.2-rpz+rl.094.21-P2 <<>> -6 @c.root-servers.net . SOA +short
> ; (1 server found)
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
> 
> stephan at pi:~$ dig -4 @c.root-servers.net . SOA +short
> a.root-servers.net. nstld.verisign-grs.com. 2014033001 1800 900 604800 86400
> 
> So before you apply the patch or change your roots-hints file,
> please check that you have v6 connectivity.

Well, not applying the patch won't prevent your cache from trying
C-root's IPv6 address, because a priming query will give you the IPv6
address. The patch just makes unbound's internal hints consistent with
the published root hints and the priming query.

> It is unfortunate that the v6 address of c-root is not reachable
> everywhere on the internet. Maybe you or somebody else can check
> connectivity via the atlas probes?

We'll add C-root's IPv6 address to DNSMON soon, and that should reveal
routing problems. However, I will also notify my contacts at Cogent
(C-root operator) about this issue. Thanks for alerting us to it.

Regards,

Anand