In message <5f907bc1-9344-4187-ba12-ceaf7e1c3...@bjencks.net>, Ben Jencks write s: > On Jun 6, 2012, at 10:05 AM, Frank Bulk wrote: > > > I started monitoring IPv6 access to www.netflix.com after seeing this > > posting > > = > (http://www.personal.psu.edu/dvm105/blogs/ipv6/2012/06/netflix-is-back.htm= > l) > > and what I found, over the week, was that access was coming and going > > (www.premieronline.net/~fbulk/netflix.png). But not because of IPv6 > > connectivity, but because the AAAA's were coming and going. Netflix's = > DNS > > TTL is pretty short. =20 > >=20 > > I assume Netflix has some global DNS load balancing so my perspective = > may > > not be complete. Has anyone else been seeing this? > >=20 > > I contacted a Netflix employee (he's well known on this list) and he > > responded once but I haven't heard back since Saturday. =20 > > UltraDNS is doing something strange with its CNAME responses. = > www.netflix.com is a CNAME to a name with both A and AAAA, but the = > authoritative server for netflix.com only returns that CNAME for A = > queries, not AAAA.
It's not strange. IT IS BROKEN. There is zero, nada, none, no excuse for not returning a CNAME to the AAAA in this situation. > So, if you do an A query first, your resolver will = > cache the CNAME and use it for the subsequent AAAA query (returning an = > AAAA), but if you do an AAAA query first, it will cache the no-records = > response and return no AAAA record. > > $ dig ns netflix.com > ;; QUESTION SECTION: > ;netflix.com. IN NS > ;; ANSWER SECTION: > netflix.com. 162 IN NS pdns5.ultradns.info. > netflix.com. 162 IN NS pdns6.ultradns.co.uk. > netflix.com. 162 IN NS pdns4.ultradns.org. > netflix.com. 162 IN NS pdns2.ultradns.net. > netflix.com. 162 IN NS pdns1.ultradns.net. > netflix.com. 162 IN NS pdns3.ultradns.org. > > $ dig @pdns1.ultradns.net. www.netflix.com > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61357 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > ;; QUESTION SECTION: > ;www.netflix.com. IN A > ;; ANSWER SECTION: > www.netflix.com. 300 IN CNAME = > dualstack.wwwservice--frontend-313423742.us-east-1.elb.amazonaws.com. > > $ dig @pdns1.ultradns.net. aaaa www.netflix.com > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34855 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > ;; QUESTION SECTION: > ;www.netflix.com. IN AAAA > ;; AUTHORITY SECTION: > netflix.com. 1800 IN SOA dns.netflix.com. = > nicadmin.netflix.com. 2012060120 900 600 1209600 1800 > > -Ben= > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org