Re: G root servers unreachable via ICMP(v6)

[Christopher Morrow <morrowc.lists () gmail com>]

On Tue, May 16, 2023 at 2:35 PM William Herrin <bill () herrin us> wrote:
> On Tue, May 16, 2023 at 11:00 AM Christopher Morrow
> <morrowc.lists () gmail com> wrote:
> > On Tue, May 16, 2023 at 4:37 AM <borg () uu3 net> wrote:
> > > Cutting PING means you are hurting your basic troubleshooting.
> > > Is that thing even plugged in? Maybe Firewall misconfiguration?
> >
> > it means you need to use the tool (dig, host, nslookup) that talks to
> > the service being offered.
> > ping is basically meaningless as a test for 'is the service working'
> > on a dns server.
>
> Ping is used by some versions of traceroute which can help the

I think you mean 'icmp' here. yes. I contend that traceroute (udp or
icmp or tcp)
TOWARDS a destination can be sometimes useful, sure.

This is different from: "i can ping g.root-servers.net so internet is up!"
if you care about how / when g.root-servers.net is working, dns packet
sending is the answer (and ideally listening to the replies!)

> When working, it also lets the diagnostician know that the site's
> firewall administrator didn't ignorantly decide to block all ICMP.
> Which so very many ignorant firewall administrators do.

sure, but... 'ignorantly' seems to imply that their ideas of their best
practice(s) are different from yours. They may have a valid reason
to block icmp, even all icmp.