jelu
commented
3 years ago The RPKI check is about the traffic between the client's resolver and the authority, not the client.
Closed jkldgoefgkljefogeg closed 3 years ago
jelu
commented
3 years ago The RPKI check is about the traffic between the client's resolver and the authority, not the client.
florisbrunet
commented
3 years ago I noticed this too. I am using Google DNS over HTTPS inside Google Chrome and am getting different results for IPv4-only and IPv4+IPv6 dual-stack. The results should be exactly the same as the resolver did not change, however, they are different for IPv4 and IPv6
jelu
commented
3 years ago The results should be exactly the same as the resolver did not change
That is kinda incorrect. Google has large resolver clusters doing the querying that can come from many different IPs and possibly many different networks also.
Screenshots doesn't help if you want me to look closer on the result.
I need the ID of the check.
florisbrunet
commented
3 years ago Here are the IDs:
v5agk8tc1h2mp5c0fbqaql97bs RPKI IPv4 Failure
rcvfaaca150lj5ksnpkqm13ve0 RPKI IPv6 Success
8lgh7leq9t5sh8d2un4ktt7hto IPv6 Failuref6lpe0qja51jn9uchh9hfrkkls RPKI IPv4 Failure
6bu0637hf569lf5p91kvd26jcc RPKI IPv6 Failure
0lmb4664j53290j44qa5plcin8 IPv6 SuccessPerfect, thanks! Will look at this late next week.
jelu
commented
3 years ago @debrunet You're reported issue has been fixed now, but it was not really related to the original issue because client IPv6 capabilities does not affect RPKI checks.
In a sense, what's misleading is marking IPv6 check failed if client is missing capabilities as it should only show what the resolver is capable at.
RPKI IPv6 should not be marked as success if the client fails IPv6 transport, this is misleading