Stephen Sprunk wrote:
Thus spake "Jeroen Massar" <jeroen@unfix.org>
But for the rest it all seems pretty fine to me...
or do you mean that those ibahn things see "NOERROR" and then no answers, thus wrongly cache that as label has 0 answers at all? or what I mention above with the redirect?
They do the same thing for requests that don't involve a CNAME, so they're either choking on the AAAA query or a NOERROR response in general; it's hard to tell which since I can only see one side of their box. I also don't know how they react when you try to contact a site that _does_ have AAAA records, since no major content site has them (which is a whole 'nother discussion).
Wellps, we have www.ipv6experiment.com of course where the actual content site soon will point to 2001:4978:0:0:0:0:B00:B1E5 :) /me wonders how many spam/corpfirewalls etc will like that sentence, but hotels won't have much of an issue with that I guess, it's one of the reasons for their existence...
What's weird is that they don't just return a 0-record NOERROR when you do the follow-up A query, which would be the most logical failure mode -- they return an authoritative answer of 0.0.0.1 instead.
Ick. These folks really need a clue batting don't they?
Of course, dealing with idiot consumers on a regular basis, their tech support folks insist the problem is on the user's machine and that it's a bug in their v6 stack, despite Ethereal captures showing the bad DNS response packets coming from their box...
Argh, I can sort-of understand their way of handling it, but still, they should have fixed this by now, and their clear broken DNS is simply a real reason to avoid those hotels at all. Can somebody please sponsor a trip to any of these hotels for either two or both of the Pauls, that is Mockapetris or Vixie, and let THEM call techsupport on this!? :) At least the "eh dude, I kinda like (invented DNS|coded BIND) and I really do think I sort of know what I am talking about" discussion would be worth a "extremely priceless" rating and a good laugh for the coming years for most of the Ops community :) Remember kids: never leave home without a well known IP address where all kinds of obvious ports run your favorite tunneling mechanism :) [443 seems to be very popular for that nowadays it seems...] Long live tunnels and own infra! Greets, Jeroen -- Have broken DNS = $10 Room for a Paul = $500 Letting Paul expain DNS problem to L1 "Tech" = Priceless