On 30/03/2014 22:31, Stephan Lagerholm wrote: >> Well, not applying the patch won't prevent your cache from trying C- >> root's IPv6 address, because a priming query will give you the IPv6 >> address. The patch just makes unbound's internal hints consistent with >> the published root hints and the priming query. > > Good point, I guess the right thing to do is to add > do-not-query-address: 2001:500:2::c > to unbound's configuration file until the issues are resolved.
I just queried all IPv6-enabled root name servers from 51 RIPE Atlas anchors (it will take a few days to update DNSMON). The numbers below show how many probes successfully got responses: A 51 C 48 D 51 F 51 H 51 I 49 J 51 K 51 L 47 M 50 As you can see, it's not just C-root that's not widely reachable. Some other root name servers also show some reachability issues. Have you tested all the other root name servers from your location? If they are unreachable, will you also blacklist them? However, this discussion is diverging from unbound to general roor name server reachability, so bringing this back to unbound, I still think its hints should be kept up to date. And I know that unbound will remember unreachable name servers, and make fewer queries towards them. I don't think the occasional timeout is worth worrying about. Regards, Anand Buddhdev _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
