Viktor Dukhovni wrote on 2019-10-10 17:51:
...
It has perhaps not been as well known as it deserves to be. Perhaps
additional publicity here (and any other relevant fora), might nudge
the parties closer to a resolution. The non-reachability of the
IPv6 C root from a significant portion of IPv6 space is not a healthy
situation.
i think there are 13 names each having an A and an AAAA. so, 26
candidate addresses. most resolvers will try them all and home in on the
one with the lowest RTT. if one of the 13 it tries via IPv6 doesn't
answer, it won't affect operations. in fact, one or more are unreachable
from random places almost always, and the system is designed with that
in mind. (for example, the use of UDP means unreliability is in-scope.)
The error is immediately apparent via DNSViz:
https://dnsviz.net/d/root/dnssec/
in the earlier days of DNS-OARC (where dnsviz migrated to recently),
there was a server at cogent, which was not reachable over IPv6 from
users are hurricane. i don't remember anybody blaming hurricane for
this, which is why it seems odd to blame cogent today when DNS-OARC is
hosted at hurricane. hurricane has transit for their IPv4 network but
not for their IPv6 network. cogent's peering policy isn't fully "open."
it's hard for me to see that either of them is "in the wrong."
--
P Vixie
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
