In message <5F907BC1-9344-4187-BA12-CEAF7E1C3E73@bjencks.net>, Ben Jencks write s:
On Jun 6, 2012, at 10:05 AM, Frank Bulk wrote:
I started monitoring IPv6 access to www.netflix.com after seeing this posting = (http://www.personal.psu.edu/dvm105/blogs/ipv6/2012/06/netflix-is-back.htm= l) and what I found, over the week, was that access was coming and going (www.premieronline.net/~fbulk/netflix.png). But not because of IPv6 connectivity, but because the AAAA's were coming and going. Netflix's = DNS TTL is pretty short. =20 =20 I assume Netflix has some global DNS load balancing so my perspective = may not be complete. Has anyone else been seeing this? =20 I contacted a Netflix employee (he's well known on this list) and he responded once but I haven't heard back since Saturday. =20
UltraDNS is doing something strange with its CNAME responses. = www.netflix.com is a CNAME to a name with both A and AAAA, but the = authoritative server for netflix.com only returns that CNAME for A = queries, not AAAA.
It's not strange. IT IS BROKEN. There is zero, nada, none, no excuse for not returning a CNAME to the AAAA in this situation.
So, if you do an A query first, your resolver will = cache the CNAME and use it for the subsequent AAAA query (returning an = AAAA), but if you do an AAAA query first, it will cache the no-records = response and return no AAAA record.
$ dig ns netflix.com ;; QUESTION SECTION: ;netflix.com. IN NS ;; ANSWER SECTION: netflix.com. 162 IN NS pdns5.ultradns.info. netflix.com. 162 IN NS pdns6.ultradns.co.uk. netflix.com. 162 IN NS pdns4.ultradns.org. netflix.com. 162 IN NS pdns2.ultradns.net. netflix.com. 162 IN NS pdns1.ultradns.net. netflix.com. 162 IN NS pdns3.ultradns.org.
$ dig @pdns1.ultradns.net. www.netflix.com ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61357 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.netflix.com. IN A ;; ANSWER SECTION: www.netflix.com. 300 IN CNAME = dualstack.wwwservice--frontend-313423742.us-east-1.elb.amazonaws.com.
$ dig @pdns1.ultradns.net. aaaa www.netflix.com ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34855 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.netflix.com. IN AAAA ;; AUTHORITY SECTION: netflix.com. 1800 IN SOA dns.netflix.com. = nicadmin.netflix.com. 2012060120 900 600 1209600 1800
-Ben=
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org