Hi Anand, > Hi Stephan, > > > There are still peering issues with that particular operator over > > IPv6. At least from where I try: > > > > stephan@pi:~$ dig -6 @a.root-servers.net . SOA +short > > a.root-servers.net. nstld.verisign-grs.com. 2014033001 1800 900 > 604800 > > 86400 > > > > stephan@pi:~$ dig -6 @c.root-servers.net . SOA +short ; <<>> DiG > > 9.9.2-rpz+rl.094.21-P2 <<>> -6 @c.root-servers.net . SOA +short ; (1 > > server found) ;; global options: +cmd ;; connection timed out; no > > servers could be reached > > > > stephan@pi:~$ dig -4 @c.root-servers.net . SOA +short > > a.root-servers.net. nstld.verisign-grs.com. 2014033001 1800 900 > 604800 > > 86400 > > > > So before you apply the patch or change your roots-hints file, please > > check that you have v6 connectivity. > > Well, not applying the patch won't prevent your cache from trying C- > root's IPv6 address, because a priming query will give you the IPv6 > address. The patch just makes unbound's internal hints consistent with > the published root hints and the priming query.
Good point, I guess the right thing to do is to add do-not-query-address: 2001:500:2::c to unbound's configuration file until the issues are resolved. > > It is unfortunate that the v6 address of c-root is not reachable > > everywhere on the internet. Maybe you or somebody else can check > > connectivity via the atlas probes? > > We'll add C-root's IPv6 address to DNSMON soon, and that should reveal > routing problems. Let me know your findings. I'm very interested in knowing that critical infrastructure such as root servers are globally reachable. > However, I will also notify my contacts at Cogent (C- > root operator) about this issue. Thanks for alerting us to it. Bake them another cake, http://tech.slashdot.org/story/09/10/23/1715235/peering-disputes-migrate -to-ipv6 /S _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
