nanog mailing list archives

Re: About.com/NYTimes admins about?

From: Brendan Cleary <cleary () nytimes com>
Date: Tue, 30 Sep 2008 17:04:48 -0400

I worked with Chris on this outside of the list. Replying here just toclose the loop in case anyone else was interested.


This situation is explained in this Case Study:
http://support.citrix.com/article/CTX117947

The key sentence being:

"In NetScaler software release 7.0, when the DNS server looks up AAAArecords, the response was “0” and errors “0”. However, in NetScalersoftware release 8.0, with standard response “0”, the NetScalerappliance sends the delegation records to root. "

To summarize, if you don't have your NS records in place on theNetscalers, you will see a loop for AAAA queries(root>auth>netscaler>root....), eventually resulting in a SERVFAIL.



Christopher Morrow wrote:

On Sat, Sep 27, 2008 at 3:12 AM, Robert Manning <riches () about com> wrote:

Hey Chris, I'll reply to you off list.


awesome, thanks!

Thanks for the heads up.

-rjb


On 9/26/08 10:13 PM, "Christopher Morrow" <morrowc.lists () gmail com> wrote:

Is there perhaps an about.com/nytimes.com admin around? I was
wondering if they perhaps knew that their loadbalancer for
www.nytimes.com is fairly broken wrt answering AAAA queries:

(who's NS for nytimes.com)
dig  NS nytimes.com  +short
ns1t.nytimes.com.
nydns2.about.com.
nydns1.about.com.

(who do they think is the NS for www.nytimes.com)
dig   www.nytimes.com   @ns1t.nytimes.com. NS
;; QUESTION SECTION:
;www.nytimes.com.               IN      NS

;; AUTHORITY SECTION:
www.nytimes.com.        60      IN      NS      nss1.sea1.nytimes.com.
www.nytimes.com.        60      IN      NS      nss1.lga2.nytimes.com.

(what is the AAAA for www.nytimes.com ?? )
dig   www.nytimes.com   @nss1.sea1.nytimes.com. AAAA
;www.nytimes.com.               IN      AAAA

;; AUTHORITY SECTION:
.                       3600000 IN      NS      k.root-servers.net.
.                       3600000 IN      NS      l.root-servers.net.
.                       3600000 IN      NS      m.root-servers.net.
.                       3600000 IN      NS      a.root-servers.net.
.                       3600000 IN      NS      b.root-servers.net.
.                       3600000 IN      NS      c.root-servers.net.
.                       3600000 IN      NS      d.root-servers.net.
.                       3600000 IN      NS      e.root-servers.net.
.                       3600000 IN      NS      f.root-servers.net.
.                       3600000 IN      NS      g.root-servers.net.
.                       3600000 IN      NS      h.root-servers.net.
.                       3600000 IN      NS      i.root-servers.net.
.                       3600000 IN      NS      j.root-servers.net.

;; ADDITIONAL SECTION:
k.root-servers.net.     3600000 IN      A       193.0.14.129
l.root-servers.net.     3600000 IN      A       198.32.64.12
m.root-servers.net.     3600000 IN      A       202.12.27.33

;; Query time: 89 msec
;; SERVER: 170.149.172.35#53(170.149.172.35)


wha??? <ricky voice>Lucy, your loadbalancer is foobar'd</ricky voice>

In an effort to make v6 things work a tad better in this hostile
world, could the NYTimes folks let us know what sort of LB that is?
and why it wants to not be a good Intenet Citizen??

-Chris


--
-Brendan Cleary

Senior Network Engineer
NYTIMES.COM
212.556.8041

Current thread:

About.com/NYTimes admins about? Christopher Morrow (Sep 26)
- Re: About.com/NYTimes admins about? Christopher Morrow (Sep 26)
- Re: About.com/NYTimes admins about? Robert Manning (Sep 27)
  - Re: About.com/NYTimes admins about? Christopher Morrow (Sep 27)
    - Re: About.com/NYTimes admins about? Brendan Cleary (Sep 30)
- Re: About.com/NYTimes admins about? Florian Weimer (Sep 27)