Maintained by: NLnet Labs

[Unbound-users] C-root IPv6 patch

Leen Besselink
Mon Mar 31 00:05:27 CEST 2014


On Sun, Mar 30, 2014 at 11:28:29PM +0200, Anand Buddhdev wrote:
> On 30/03/2014 22:31, Stephan Lagerholm wrote:
> 
> >> Well, not applying the patch won't prevent your cache from trying C-
> >> root's IPv6 address, because a priming query will give you the IPv6
> >> address. The patch just makes unbound's internal hints consistent with
> >> the published root hints and the priming query.
> > 
> > Good point, I guess the right thing to do is to add 
> > do-not-query-address: 2001:500:2::c
> > to unbound's configuration file until the issues are resolved.
> 
> I just queried all IPv6-enabled root name servers from 51 RIPE Atlas
> anchors (it will take a few days to update DNSMON). The numbers below
> show how many probes successfully got responses:
> 
> A  51
> C  48
> D  51
> F  51
> H  51
> I  49
> J  51
> K  51
> L  47
> M  50
> 
> As you can see, it's not just C-root that's not widely reachable. Some
> other root name servers also show some reachability issues. Have you
> tested all the other root name servers from your location? If they are
> unreachable, will you also blacklist them?
> 

Those numbers look really low to me.

Did you query that from only IPv6-enabled RIPE Atlas anchors ?

Or is there are large number in that pool that don't have any IPv6 connectifity ?

> However, this discussion is diverging from unbound to general roor name
> server reachability, so bringing this back to unbound, I still think its
> hints should be kept up to date. And I know that unbound will remember
> unreachable name servers, and make fewer queries towards them. I don't
> think the occasional timeout is worth worrying about.
> 
> Regards,
> 
> Anand Buddhdev
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users