[dns-operations] G root servers unreachable via ICMP(v6)
sthaug at nethelp.no
sthaug at nethelp.no
Wed May 17 07:31:57 UTC 2023
> DNS speaking, I can query G root servers; at least, that's the most
> important.
>
> However, from several sites, either on IPv4 or IPv6, I cannot ping(6)
> them. Is it by design, or it's an issue?
>
> Side question: even if it was by design, is it a good practice to
> completely restrict ICMP(v6)?
As others have pointed out, we don't *know* if they completely
restrict ICMP(v6). All we can say is that they restrict ICMP Echo
Request.
Speaking purely for myself - I run a number of name servers, some
recursive, some authoritative. The function of these name servers
is to answer DNS queries, *not* to answer ICMP(v6) Echo requests.
I happen to allow ICMP(v6) Echo requests to these name servers (so
they will reply to ping and traceroute) - however, this type of
traffic is heavily rate limited (again, because the purpose of
these servers is to handle DNS traffic). I feel absolutely zero
moral obligation to allow unlimited ping.
Steinar Haug, AS 2116
More information about the dns-operations
mailing list