[dns-operations] glitch on [ip6|in-addr].arpa?
Paul Vixie
paul at redbarn.org
Fri Oct 11 18:21:56 UTC 2019
Viktor Dukhovni wrote on 2019-10-10 17:51:
> ...
>
> It has perhaps not been as well known as it deserves to be. Perhaps
> additional publicity here (and any other relevant fora), might nudge
> the parties closer to a resolution. The non-reachability of the
> IPv6 C root from a significant portion of IPv6 space is not a healthy
> situation.
i think there are 13 names each having an A and an AAAA. so, 26
candidate addresses. most resolvers will try them all and home in on the
one with the lowest RTT. if one of the 13 it tries via IPv6 doesn't
answer, it won't affect operations. in fact, one or more are unreachable
from random places almost always, and the system is designed with that
in mind. (for example, the use of UDP means unreliability is in-scope.)
> The error is immediately apparent via DNSViz:
>
> https://dnsviz.net/d/root/dnssec/
in the earlier days of DNS-OARC (where dnsviz migrated to recently),
there was a server at cogent, which was not reachable over IPv6 from
users are hurricane. i don't remember anybody blaming hurricane for
this, which is why it seems odd to blame cogent today when DNS-OARC is
hosted at hurricane. hurricane has transit for their IPv4 network but
not for their IPv6 network. cogent's peering policy isn't fully "open."
it's hard for me to see that either of them is "in the wrong."
--
P Vixie
More information about the dns-operations
mailing list