[dns-operations] Enabling the IPv6-only Internet: the Final TLDs
bert hubert
bert.hubert at netherlabs.nl
Sat Sep 5 17:18:29 UTC 2015
On Sat, Sep 05, 2015 at 03:50:09PM +0200, Anand Buddhdev wrote:
> On 05/09/15 14:50, bert hubert wrote:
>
> > Ok - I did the test which SOA records don't actually resolve on an IPv6-only network, and
> > the only difference is CM, which does have some IPv6 glue, but it servfails:
>
> Yep. We operate an IPv6-capable secondary name server for CM. Or try to
> anyway. We haven't been able to AXFR the CM zone for quite a while now,
> and our emails to various known contacts have not been answered.
Got it - I did not expect RIPE to be at fault here.
For posterity, to repeat this measurement:
1) Retrieve the root.zone in a file called root.zone
2) iptables -I OUTPUT -p tcp --dport 53 -j DROP
iptables -I OUTPUT -p udp --dport 53 -j DROP
3) Launch nameserver
4) for a in $(grep "IN\\s*NS\\s" root.zone | cut -f1 | cut -f1 -d" " | sort -u )
do
echo -en "$a\t"
dig -t soa $a +short @127.0.0.1 -p 5300; echo MARKER
done | tee results
5) grep \\sMARKER results | sed s/MARKER/BROKEN/
This gets you the exact list I posted earlier. I realizes this script won't
win any beauty contests (and contains a GNUism), but it does work.
Bert
More information about the dns-operations
mailing list