[dns-operations] Enabling the IPv6-only Internet: the Final TLDs

bert hubert bert.hubert at netherlabs.nl
Sat Sep 5 17:18:29 UTC 2015

On Sat, Sep 05, 2015 at 03:50:09PM +0200, Anand Buddhdev wrote:
> On 05/09/15 14:50, bert hubert wrote:
> > Ok - I did the test which SOA records don't actually resolve on an IPv6-only network, and
> > the only difference is CM, which does have some IPv6 glue, but it servfails:
> Yep. We operate an IPv6-capable secondary name server for CM. Or try to
> anyway. We haven't been able to AXFR the CM zone for quite a while now,
> and our emails to various known contacts have not been answered.

Got it - I did not expect RIPE to be at fault here.

For posterity, to repeat this measurement:

1) Retrieve the root.zone in a file called root.zone
2) iptables -I OUTPUT -p tcp --dport 53 -j DROP
   iptables -I OUTPUT -p udp --dport 53 -j DROP
3) Launch nameserver
4) for a in $(grep "IN\\s*NS\\s" root.zone  | cut -f1 | cut -f1 -d" " | sort -u )
      echo -en "$a\t" 
      dig -t soa $a +short @ -p 5300; echo MARKER 
   done | tee results
5) grep \\sMARKER results  | sed s/MARKER/BROKEN/

This gets you the exact list I posted earlier. I realizes this script won't
win any beauty contests (and contains a GNUism), but it does work.


More information about the dns-operations mailing list