Re: AAAA's for www.netflix.com

[Ben Jencks]

On Jun 6, 2012, at 10:05 AM, Frank Bulk wrote:

> I started monitoring IPv6 access to www.netflix.com after seeing this
> posting
> (http://www.personal.psu.edu/dvm105/blogs/ipv6/2012/06/netflix-is-back.html)
> and what I found, over the week, was that access was coming and going
> (www.premieronline.net/~fbulk/netflix.png).  But not because of IPv6
> connectivity, but because the AAAA's were coming and going.  Netflix's DNS
> TTL is pretty short.  
> 
> I assume Netflix has some global DNS load balancing so my perspective may
> not be complete.  Has anyone else been seeing this?
> 
> I contacted a Netflix employee (he's well known on this list) and he
> responded once but I haven't heard back since Saturday.  

UltraDNS is doing something strange with its CNAME responses. www.netflix.com 
is a CNAME to a name with both A and AAAA, but the authoritative server for 
netflix.com only returns that CNAME for A queries, not AAAA. So, if you do an A 
query first, your resolver will cache the CNAME and use it for the subsequent 
AAAA query (returning an AAAA), but if you do an AAAA query first, it will 
cache the no-records response and return no AAAA record.

$ dig ns netflix.com
;; QUESTION SECTION:
;netflix.com.                   IN      NS
;; ANSWER SECTION:
netflix.com.            162     IN      NS      pdns5.ultradns.info.
netflix.com.            162     IN      NS      pdns6.ultradns.co.uk.
netflix.com.            162     IN      NS      pdns4.ultradns.org.
netflix.com.            162     IN      NS      pdns2.ultradns.net.
netflix.com.            162     IN      NS      pdns1.ultradns.net.
netflix.com.            162     IN      NS      pdns3.ultradns.org.

$ dig @pdns1.ultradns.net. www.netflix.com
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61357
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.netflix.com.               IN      A
;; ANSWER SECTION:
www.netflix.com.        300     IN      CNAME   
dualstack.wwwservice--frontend-313423742.us-east-1.elb.amazonaws.com.

$ dig @pdns1.ultradns.net. aaaa www.netflix.com
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34855
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.netflix.com.               IN      AAAA
;; AUTHORITY SECTION:
netflix.com.            1800    IN      SOA     dns.netflix.com. 
nicadmin.netflix.com. 2012060120 900 600 1209600 1800

-Ben