So, DoD does NOT have capacity to answer those little ICMP echo request packets? Heh.. Anyway, this is IMO terrible practice. Many many times I have to deal w/ "products" that do exacly the same because its so much "secure" to not respond to ping. Any basic network security researcher know that they are various more effective methods to poking around endpoint to check if its online. Cutting PING means you are hurting your basic troubleshooting. Is that thing even plugged in? Maybe Firewall misconfiguration? If you are just user internet endpoint not serving anything, that method might be useful, but you need to drop pretty much anything. ---------- Original message ---------- From: Willy Manga <mangawilly@gmail.com> To: nanog@nanog.org Subject: G root servers unreachable via ICMP(v6) Date: Tue, 16 May 2023 07:38:24 +0400 Hi, DNS speaking, I can query G root servers; at least, that's the most important. However, from several sites, either on IPv4 or IPv6, I cannot ping(6) them. Is it by design, or it's an issue? Side question: even if it was by design, is it a good practice to completely restrict ICMP(v6)? Thanks. P.S: I sent the same email to dns-operations@lists.dns-oarc.net since 12 May 2023 but it's still in moderation.. If one admin is around .. :) -- Willy Manga @ongolaboy https://ongola.blogspot.com/