On Sun, Mar 30, 2014 at 11:28:29PM +0200, Anand Buddhdev wrote: > On 30/03/2014 22:31, Stephan Lagerholm wrote: > > >> Well, not applying the patch won't prevent your cache from trying C- > >> root's IPv6 address, because a priming query will give you the IPv6 > >> address. The patch just makes unbound's internal hints consistent with > >> the published root hints and the priming query. > > > > Good point, I guess the right thing to do is to add > > do-not-query-address: 2001:500:2::c > > to unbound's configuration file until the issues are resolved. > > I just queried all IPv6-enabled root name servers from 51 RIPE Atlas > anchors (it will take a few days to update DNSMON). The numbers below > show how many probes successfully got responses: > > A 51 > C 48 > D 51 > F 51 > H 51 > I 49 > J 51 > K 51 > L 47 > M 50 > > As you can see, it's not just C-root that's not widely reachable. Some > other root name servers also show some reachability issues. Have you > tested all the other root name servers from your location? If they are > unreachable, will you also blacklist them? >
Those numbers look really low to me. Did you query that from only IPv6-enabled RIPE Atlas anchors ? Or is there are large number in that pool that don't have any IPv6 connectifity ? > However, this discussion is diverging from unbound to general roor name > server reachability, so bringing this back to unbound, I still think its > hints should be kept up to date. And I know that unbound will remember > unreachable name servers, and make fewer queries towards them. I don't > think the occasional timeout is worth worrying about. > > Regards, > > Anand Buddhdev > _______________________________________________ > Unbound-users mailing list > [email protected] > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
