nanog mailing list archives
Re: AAAA's for www.netflix.com
From: Mark Andrews <marka () isc org>
Date: Thu, 07 Jun 2012 11:19:48 +1000
In message <5F907BC1-9344-4187-BA12-CEAF7E1C3E73 () bjencks net>, Ben Jencks write s:
On Jun 6, 2012, at 10:05 AM, Frank Bulk wrote:I started monitoring IPv6 access to www.netflix.com after seeing this posting =(http://www.personal.psu.edu/dvm105/blogs/ipv6/2012/06/netflix-is-back.htm= l)and what I found, over the week, was that access was coming and going (www.premieronline.net/~fbulk/netflix.png). But not because of IPv6 connectivity, but because the AAAA's were coming and going. Netflix's =DNSTTL is pretty short. =20 =20 I assume Netflix has some global DNS load balancing so my perspective =maynot be complete. Has anyone else been seeing this? =20 I contacted a Netflix employee (he's well known on this list) and he responded once but I haven't heard back since Saturday. =20UltraDNS is doing something strange with its CNAME responses. = www.netflix.com is a CNAME to a name with both A and AAAA, but the = authoritative server for netflix.com only returns that CNAME for A = queries, not AAAA.
It's not strange. IT IS BROKEN. There is zero, nada, none, no excuse for not returning a CNAME to the AAAA in this situation.
So, if you do an A query first, your resolver will = cache the CNAME and use it for the subsequent AAAA query (returning an = AAAA), but if you do an AAAA query first, it will cache the no-records = response and return no AAAA record. $ dig ns netflix.com ;; QUESTION SECTION: ;netflix.com. IN NS ;; ANSWER SECTION: netflix.com. 162 IN NS pdns5.ultradns.info. netflix.com. 162 IN NS pdns6.ultradns.co.uk. netflix.com. 162 IN NS pdns4.ultradns.org. netflix.com. 162 IN NS pdns2.ultradns.net. netflix.com. 162 IN NS pdns1.ultradns.net. netflix.com. 162 IN NS pdns3.ultradns.org. $ dig @pdns1.ultradns.net. www.netflix.com ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61357 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.netflix.com. IN A ;; ANSWER SECTION: www.netflix.com. 300 IN CNAME = dualstack.wwwservice--frontend-313423742.us-east-1.elb.amazonaws.com. $ dig @pdns1.ultradns.net. aaaa www.netflix.com ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34855 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.netflix.com. IN AAAA ;; AUTHORITY SECTION: netflix.com. 1800 IN SOA dns.netflix.com. = nicadmin.netflix.com. 2012060120 900 600 1209600 1800 -Ben=
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- AAAA's for www.netflix.com Frank Bulk (Jun 06)
- Re: AAAA's for www.netflix.com Ben Jencks (Jun 06)
- Re: AAAA's for www.netflix.com Mark Andrews (Jun 06)
- Re: AAAA's for www.netflix.com Dave Temkin (Jun 07)
- Re: AAAA's for www.netflix.com Daniel Roesen (Jun 07)
- Re: AAAA's for www.netflix.com Mark Andrews (Jun 07)
- Re: AAAA's for www.netflix.com Joly MacFie (Jun 07)
- Re: AAAA's for www.netflix.com David Temkin (Jun 07)
- Re: AAAA's for www.netflix.com Daniel Roesen (Jun 07)
- Re: AAAA's for www.netflix.com Daniel Roesen (Jun 07)
- Re: AAAA's for www.netflix.com Mark Andrews (Jun 07)
- Re: AAAA's for www.netflix.com Daniel Roesen (Jun 07)
- Re: AAAA's for www.netflix.com David Temkin (Jun 07)
- Re: AAAA's for www.netflix.com Daniel Roesen (Jun 07)
- Re: AAAA's for www.netflix.com Ben Jencks (Jun 06)