Closed bortzmeyer closed 2 years ago
It's not your networks ROA that is checked.
It checks that your network verifies ROAs to where it sends traffic.
It means that your network or your upstream actually sends traffic to a network with an invalid ROA.
OK, that was not clear. So, it means that Free/Proxad checks ROA for IPv4 but not for IPv6?
I suggest that, while the test is OK, the way it is communicated to the user could be improved.
OK, that was not clear. So, it means that Free/Proxad checks ROA for IPv4 but not for IPv6?
I am not a network guy but that would be the case, or if there is an upstream somewhere doing the filtering.
I suggest that, while the test is OK, the way it is communicated to the user could be improved.
While the UI gives very little option to explain checks in details there is an about page which links to a blog post that explains it more.
If that is not enough maybe you can submit a text I can use on the about page?
CheckMyDNS claims that the RPKI IPv6 test failed for my resolver. Checking the IP address in the test, I find "Result Message: No RPKI origin validation between resolver and auth, or a default route is pointed to destination AS Description: Check if RPKI origin validation is enabled between resolver and authority DNS." but the IPv6 address does have a ROA and it works (here, seen on BGPmon):