nanog mailing list archives

GTLD inconsistency, was: Re: AAAAs in the Root and /48 Filtering

From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Tue, 5 Feb 2008 10:53:07 +0100


On 1 feb 2008, at 20:22, Scalzo, Frank wrote:

If you are having IPv6 reachability problems to the V6 IP addressesfor

a.root-servers.net and j.root-servers.net (2001:503:BA3e::2:30 and
2001:503:C27::2:30) please feel free to contact us. We may be able to
assist in getting filters updated or working around any connectivity
issues.

Well, that part works ok. But I'm seeing significant slowdowns whendepending on an IPv6-only nameserver, and it could be that this is theculprit:


# dig B.GTLD-SERVERS.net. aaaa

; <<>> DiG 9.4.1-P1 <<>> B.GTLD-SERVERS.net. aaaa
;; global options:  printcmd
;; connection timed out; no servers could be reached

Now the A and B GTLD servers do have AAAA glue in the root responses:

# dig @h.root-servers.net GTLD-SERVERS.net. ns

; <<>> DiG 9.4.1-P1 <<>> @h.root-servers.net GTLD-SERVERS.net. ns
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25901
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 15
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;GTLD-SERVERS.net.              IN      NS

;; AUTHORITY SECTION:
net.                    172800  IN      NS      a.GTLD-SERVERS.net.
net.                    172800  IN      NS      b.GTLD-SERVERS.net.
net.                    172800  IN      NS      c.GTLD-SERVERS.net.
net.                    172800  IN      NS      d.GTLD-SERVERS.net.
net.                    172800  IN      NS      e.GTLD-SERVERS.net.
net.                    172800  IN      NS      f.GTLD-SERVERS.net.
net.                    172800  IN      NS      g.GTLD-SERVERS.net.
net.                    172800  IN      NS      h.GTLD-SERVERS.net.
net.                    172800  IN      NS      i.GTLD-SERVERS.net.
net.                    172800  IN      NS      j.GTLD-SERVERS.net.
net.                    172800  IN      NS      k.GTLD-SERVERS.net.
net.                    172800  IN      NS      l.GTLD-SERVERS.net.
net.                    172800  IN      NS      m.GTLD-SERVERS.net.

;; ADDITIONAL SECTION:
a.GTLD-SERVERS.net.     172800  IN      A       192.5.6.30
b.GTLD-SERVERS.net.     172800  IN      A       192.33.14.30
c.GTLD-SERVERS.net.     172800  IN      A       192.26.92.30
d.GTLD-SERVERS.net.     172800  IN      A       192.31.80.30
e.GTLD-SERVERS.net.     172800  IN      A       192.12.94.30
f.GTLD-SERVERS.net.     172800  IN      A       192.35.51.30
g.GTLD-SERVERS.net.     172800  IN      A       192.42.93.30
h.GTLD-SERVERS.net.     172800  IN      A       192.54.112.30
i.GTLD-SERVERS.net.     172800  IN      A       192.43.172.30
j.GTLD-SERVERS.net.     172800  IN      A       192.48.79.30
k.GTLD-SERVERS.net.     172800  IN      A       192.52.178.30
l.GTLD-SERVERS.net.     172800  IN      A       192.41.162.30
m.GTLD-SERVERS.net.     172800  IN      A       192.55.83.30
a.GTLD-SERVERS.net.     172800  IN      AAAA    2001:503:a83e::2:30
b.GTLD-SERVERS.net.     172800  IN      AAAA    2001:503:231d::2:30

;; Query time: 324 msec
;; SERVER: 2001:500:1::803f:235#53(2001:500:1::803f:235)
;; WHEN: Tue Feb  5 10:47:51 2008
;; MSG SIZE  rcvd: 506


However, I'm thinking this is the reason why BIND isn't using that glue:

# dig @2001:503:a83e::2:30 GTLD-SERVERS.net. ns

; <<>> DiG 9.4.1-P1 <<>> @2001:503:a83e::2:30 GTLD-SERVERS.net. ns
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48256
;; flags: qr rd; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 8
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;GTLD-SERVERS.net.              IN      NS

;; ANSWER SECTION:
GTLD-SERVERS.net.       172800  IN      NS      a2.nstld.com.
GTLD-SERVERS.net.       172800  IN      NS      c2.nstld.com.
GTLD-SERVERS.net.       172800  IN      NS      d2.nstld.com.
GTLD-SERVERS.net.       172800  IN      NS      e2.nstld.com.
GTLD-SERVERS.net.       172800  IN      NS      f2.nstld.com.
GTLD-SERVERS.net.       172800  IN      NS      g2.nstld.com.
GTLD-SERVERS.net.       172800  IN      NS      h2.nstld.com.
GTLD-SERVERS.net.       172800  IN      NS      l2.nstld.com.

;; ADDITIONAL SECTION:
a2.nstld.com.           172800  IN      A       192.5.6.31
c2.nstld.com.           172800  IN      A       192.26.92.31
d2.nstld.com.           172800  IN      A       192.31.80.31
e2.nstld.com.           172800  IN      A       192.12.94.31
f2.nstld.com.           172800  IN      A       192.35.51.31
g2.nstld.com.           172800  IN      A       192.42.93.31
h2.nstld.com.           172800  IN      A       192.54.112.31
l2.nstld.com.           172800  IN      A       192.41.162.31

;; Query time: 204 msec
;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
;; WHEN: Tue Feb  5 10:49:39 2008
;; MSG SIZE  rcvd: 307

I.e., the roots and the GTLD servers disagree on who is authorativefor gtld-servers.net. It would be good if this can be fixed.

Current thread:

AAAAs in the Root and /48 Filtering Scalzo, Frank (Feb 01)
- Re: AAAAs in the Root and /48 Filtering Iljitsch van Beijnum (Feb 01)
- GTLD inconsistency, was: Re: AAAAs in the Root and /48 Filtering Iljitsch van Beijnum (Feb 05)
  - No GTLD inconsistency (was Re: GTLD inconsistency, was: Re: AAAAs in the Root and /48 Filtering) Larson, Matt (Feb 05)