Unable to get AAAA for www.revk.uk from some of our servers

Mark Andrews marka at isc.org
Wed Dec 24 00:37:44 UTC 2014 

In message <001e01d01f0e$980b6070$c8222150$@iname.com>, "Frank Bulk" writes:
> Thanks, Mark.
> 
> When I queried for the AAAA of ghs.l.google.com from ns[1-4].google.com the
> Google servers reported they don't do recursive queries.

Why would you expect them to offer recursion?  They don't need to for
the role they are performing.

> Which Google namserver does in fact carry the authoritative records
> for ghs.l.google.com?

l.google.com.		86400	IN	NS	ns3.google.com.
l.google.com.		86400	IN	NS	ns1.google.com.
l.google.com.		86400	IN	NS	ns4.google.com.
l.google.com.		86400	IN	NS	ns2.google.com.

> On a side note, I thought that Google's DNS servers were dual-stacked, but
> that does not seem to be the case.  None of the ns[1-4].google.com servers
> return an AAAA for me.  When I query the IPv6 interface of our recursive DNS
> servers using "dig AAAA ghs.l.google.com +trace @[IPv6_address]" they all
> return "connection timed out; no servers could be reached.  Here's an
> example:

Google hasn't yet made their DNS servers dual stacked though lots
of their other servers are dual stacked.  It would be nice of them
to do so as it is forcing clients behind IPv6 only connections to
use transition mechanisms to get to the legacy IPv4 only servers.

> ============================================
> DNS server: 2607:fe28:0:1000::8
> 
> ; <<>> DiG 9.7.3 <<>> -6 AAAA ghs.l.google.com +trace @2607:fe28:0:1000::8
> ;; global options: +cmd
> .                       420917  IN      NS      c.root-servers.net.
> .                       420917  IN      NS      k.root-servers.net.
> .                       420917  IN      NS      f.root-servers.net.
> .                       420917  IN      NS      b.root-servers.net.
> .                       420917  IN      NS      g.root-servers.net.
> .                       420917  IN      NS      a.root-servers.net.
> .                       420917  IN      NS      d.root-servers.net.
> .                       420917  IN      NS      j.root-servers.net.
> .                       420917  IN      NS      i.root-servers.net.
> .                       420917  IN      NS      h.root-servers.net.
> .                       420917  IN      NS      l.root-servers.net.
> .                       420917  IN      NS      e.root-servers.net.
> .                       420917  IN      NS      m.root-servers.net.
> ;; Received 496 bytes from 2607:fe28:0:1000::8#53(2607:fe28:0:1000::8) in 0
> ms
> 
> com.                    172800  IN      NS      e.gtld-servers.net.
> com.                    172800  IN      NS      f.gtld-servers.net.
> com.                    172800  IN      NS      k.gtld-servers.net.
> com.                    172800  IN      NS      a.gtld-servers.net.
> com.                    172800  IN      NS      l.gtld-servers.net.
> com.                    172800  IN      NS      i.gtld-servers.net.
> com.                    172800  IN      NS      g.gtld-servers.net.
> com.                    172800  IN      NS      b.gtld-servers.net.
> com.                    172800  IN      NS      h.gtld-servers.net.
> com.                    172800  IN      NS      d.gtld-servers.net.
> com.                    172800  IN      NS      c.gtld-servers.net.
> com.                    172800  IN      NS      j.gtld-servers.net.
> com.                    172800  IN      NS      m.gtld-servers.net.
> ;; Received 506 bytes from 2001:7fe::53#53(i.root-servers.net) in 113 ms
> 
> google.com.             172800  IN      NS      ns2.google.com.
> google.com.             172800  IN      NS      ns1.google.com.
> google.com.             172800  IN      NS      ns3.google.com.
> google.com.             172800  IN      NS      ns4.google.com.
> ;; Received 170 bytes from 2001:503:a83e::2:30#53(a.gtld-servers.net) in 150
> ms
> 
> ;; connection timed out; no servers could be reached
> ============================================
> 
> -----Original Message-----
> From: Mark Andrews [mailto:marka at isc.org] 
> Sent: Tuesday, December 23, 2014 6:01 PM
> To: Frank Bulk
> Cc: bind-users at isc.org
> Subject: Re: Unable to get AAAA for www.revk.uk from some of our servers
> 
> 
> In message <001301d01f06$aa1c7180$fe555480$@iname.com>, "Frank Bulk" writes:
> > I dumped the database of one failing server and found this entry:
> > 
> > ; authauthority
> > ghs.l.google.com.       331     \-AAAA  ;-$NXRRSET
> > ; l.google.com. SOA ns4.google.com. dns-admin.google.com. 1577084 900 900
> > 1800 60
> > ; authanswer
> >                         289     A       74.125.201.121
> > ;
> > 
> > What does the "\-AAAA   ;-$NXRRSET" mean?
> 
> It means that there is a negative cache entry for AAAA lookup.  The
> SOA record that will be returned is in the comment.  For responses
> from signed zones you will also see NSEC / NSEC3 records in the
> comments as well as RRSIG.
> 
> NXRRSET (No Such RRset).
> NXDOMAIN (No Such Domain).
> 
> > Working server shows this in the dump:
> > ; authanswer
> > ghs.l.google.com.       287     AAAA    2607:f8b0:4001:c08::79
> > ;
> > 
> > Regards,
> > 
> > Frank Bulk
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list