AAAA/A6 lookups

Chimento, Douglas Douglas.Chimento at FMR.COM
Tue Jan 7 21:24:47 UTC 2003

Thanks, just out of curiosity , which bind 8 version can't see negative

-----Original Message-----
From: Mark.Andrews at [mailto:Mark.Andrews at] 
Sent: Tuesday, January 07, 2003 4:05 PM
To: Chimento, Douglas
Cc: comp-protocols-dns-bind at
Subject: Re: AAAA/A6 lookups 

> All,
> 	I was going through query logs and I notice a couple things that 
> maybe one could help. is one of two name servers.
> I see 45,000 requests in a 24 hour period. Of those 45,000 requests only
> are A records the rest our AAAA or A6.
> So my questions are 
> 1) Why so many ipv6 requests?

	Because nameservers are looking up missing glue when handing out
	answers and / or they are looking up the address to be able to
	answer a query.

	89 to 1 is not bad considering you have a 1 week TTL for the A
	records and a 1 hour ttl on the negative response.

	There is also a bug in some BIND 8 releases which prevents the
	nameserver seeing the cached negative responses resulting in a
	glue lookup on every response returned to the client.

> 2) Is there any way to black whole these requests? Like maybe creating 
> 	false A6 records with a high TTL ?

	Get yourself IPv6 connected and give the nameservers IPv6
	addresses.  Note you can tunnel in the IPv6 connections
	over a IPv4 net if your upstream does not yet support IPv6.

> 3) Does bind , by default , make A6 queries before ipv4 requests?

	BIND 9 does if the nameserver host OS is IPv6 capable (which
	most are these days).

Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at

