Valdis.Kletnieks@vt.edu writes:
Ours are currently intentionally configured to not issue queries over IPv6, because at one time, there were *so many* sites that listed unreachable quad-A NS records. Our DNS guy is more than willing to revisit that config switch.
Anybody have some statistics on what the current situation is?
I just dredged a list of 570 one, two, and three-dot domains from a mailing list (a bunch of recent messages on debian-user). Digging them gave 919 unique nameserver domain names, and digging those gave 119 AAAA addresses. Of these, 106 responded to a DNS query (for the nameserver's own AAAA address) in some fashion, and 13 didn't. Of the 13, 5 were cogentco.com DNS servers and unreachable over my HE tunnel thanks to ongoing peering disputes. In all cases, the nameservers with AAAA addresses had A addresses as well. (I got similar results with a list of domains taken from recent NANOG postings, but then decided to look at the debian-user results in case NANOG was unrepresentative.) Anyway, it looks like bad IPv6 nameserver addresses are the exception rather than the rule. Whether to flip on IPv6 queries will sort of depend on how your resolvers behave when they receive a typical "bad" response with 2 broken IPv6 addresses and 2 working IPv4 addresses. -- Kevin <buhr+nanog@asaurus.net>