On Mon, 1 Apr 2013 19:40:03 +0100 Tony Finch <dot@dotat.at> wrote:
You should be able to get a reasonable sample of IPv6 resolvers from the query logs of a popular authoritative server.
When I tried this in the past for IPv4, I missed the majority of potential open resolvers / open forwarders on the net compared to just searching the entire address space. And I was examining this from the perspective of what a very large TLD was seeing. I think it is likely that there are going to be a significant number of IPv6-based resolvers that are aren't as easily knowable. This of course is potentially good too, since if they are really that hard to find, then it makes them less likely to be as easily abused. So, in addition to BCP 38 (and don't forget to mention BCP 84 in the same breath), RRL for auth servers and hardening/closing resolvers... we should be advocating the migration to DNS over IPv6-only? :-) John