Anyone have a contact at DOT or FRA that can solve this? It would be really nice if they remove the DNS AAAA record on www.fra.dot.gov until it works correctly, customers are complaining wget -6 -T 5 www.fra.dot.gov converted 'http://www.fra.dot.gov' (ANSI_X3.4-1968) -> ' http://www.fra.dot.gov' (UTF-8) --2017-02-02 13:20:39-- http://www.fra.dot.gov/ Resolving www.fra.dot.gov (www.fra.dot.gov)... 2001:19e8:d:0:204:68:194:250 Connecting to www.fra.dot.gov (www.fra.dot.gov)|2001:19e8:d:0:204:68:194:250|:80... failed: No route to host. traceroute www.fra.dot.gov traceroute to www.fra.dot.gov (204.68.194.250), 30 hops max, 60 byte packets^C cbyrne@uranus:~$ traceroute6 www.fra.dot.gov traceroute to www.fra.dot.gov (2001:19e8:d:0:204:68:194:250), 30 hops max, 80 byte packets 1 * * * 2 xe-0-1-0-17.r04.atlnga05.us.bb.gin.ntt.net (2001:418:0:5000::622) 0.865 ms 1.043 ms 1.382 ms 3 verio-gw.attga.ipv6.att.net (2001:1890:1fff:506:192:205:36:157) 1.601 ms 1.619 ms 3.665 ms 4 attga21crs.ipv6.att.net (2001:1890:ff:ffff:12:122:141:234) 22.223 ms 22.139 ms 22.151 ms 5 nsvtn22crs.ipv6.att.net (2001:1890:ff:ffff:12:122:2:6) 20.928 ms 20.931 ms 20.934 ms 6 cl2oh21crs.ipv6.att.net (2001:1890:ff:ffff:12:122:28:74) 24.414 ms 23.878 ms 23.638 ms 7 cgcil21crs.ipv6.att.net (2001:1890:ff:ffff:12:122:2:225) 22.245 ms 22.051 ms 21.976 ms 8 2001:1890:ff:ffff:12:122:120:179 (2001:1890:ff:ffff:12:122:120:179) 20.694 ms 20.201 ms 21.323 ms 9 2001:1890:c00:2407::113f:b38f (2001:1890:c00:2407::113f:b38f) 20.340 ms 20.145 ms 20.014 ms 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * *
In message <CAD6AjGRoZh+SJ8tDCMSbp3wsvPDFFn3ZO5JiAbw2j4Ea9VmVcg@mail.gmail.com>, Ca By writes:
Anyone have a contact at DOT or FRA that can solve this? It would be really nice if they remove the DNS AAAA record on www.fra.dot.gov until it works correctly, customers are complaining
While the web site should be fixed / made reachable it shouldn't matter if a single path to a site is down. This is basically due to crappy multi-home support in clients. You don't have to wait minutes to start to fallover to alternate addresses. Tell your clients to install modern browsers that do happy eyeballs. Fast failover should be in every application. It is trivial to do for TCP based applications. https://users.isc.org/~marka/ has sample code showing how to do it. Don't choose DNS64/NAT64 as your IPv6-only solution as it removes the ability to fallback to IPv4 on IPv6 failure. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Thu, 2017-02-02 at 10:22 -0800, Ca By wrote:
Anyone have a contact at DOT or FRA that can solve this? It would be really nice if they remove the DNS AAAA record on www.fra.dot.gov until it works correctly, customers are complaining
Their SOA record suggests hostmaster@dot.gov. You could temporarily (ab)use a bind rpz zone to override that. www.fra.dot.gov A 204.68.194.250 That rpz A record will suppress the real AAAA record. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAliWaigACgkQL6j7milTFsFnagCcD8Cxq6rW9fmP4yREA2Vbt4FU XQQAniIhLcnUUmsfzkyY9mZzsBto2wKm =ePCp -----END PGP SIGNATURE-----
participants (3)
-
Ca By -
Carl Byington -
Mark Andrews