> DNS speaking, I can query G root servers; at least, that's the most > important. > > However, from several sites, either on IPv4 or IPv6, I cannot ping(6) > them. Is it by design, or it's an issue? > > Side question: even if it was by design, is it a good practice to > completely restrict ICMP(v6)?
As others have pointed out, we don't *know* if they completely restrict ICMP(v6). All we can say is that they restrict ICMP Echo Request. Speaking purely for myself - I run a number of name servers, some recursive, some authoritative. The function of these name servers is to answer DNS queries, *not* to answer ICMP(v6) Echo requests. I happen to allow ICMP(v6) Echo requests to these name servers (so they will reply to ping and traceroute) - however, this type of traffic is heavily rate limited (again, because the purpose of these servers is to handle DNS traffic). I feel absolutely zero moral obligation to allow unlimited ping. Steinar Haug, AS 2116 _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
