Unable to get AAAA for www.revk.uk from some of our servers
Frank Bulk
frnkblk at iname.com
Wed Dec 24 00:14:33 UTC 2014
Thanks, Mark.
When I queried for the AAAA of ghs.l.google.com from ns[1-4].google.com the
Google servers reported they don't do recursive queries. Which Google
namserver does in fact carry the authoritative records for ghs.l.google.com?
On a side note, I thought that Google's DNS servers were dual-stacked, but
that does not seem to be the case. None of the ns[1-4].google.com servers
return an AAAA for me. When I query the IPv6 interface of our recursive DNS
servers using "dig AAAA ghs.l.google.com +trace @[IPv6_address]" they all
return "connection timed out; no servers could be reached. Here's an
example:
============================================
DNS server: 2607:fe28:0:1000::8
; <<>> DiG 9.7.3 <<>> -6 AAAA ghs.l.google.com +trace @2607:fe28:0:1000::8
;; global options: +cmd
. 420917 IN NS c.root-servers.net.
. 420917 IN NS k.root-servers.net.
. 420917 IN NS f.root-servers.net.
. 420917 IN NS b.root-servers.net.
. 420917 IN NS g.root-servers.net.
. 420917 IN NS a.root-servers.net.
. 420917 IN NS d.root-servers.net.
. 420917 IN NS j.root-servers.net.
. 420917 IN NS i.root-servers.net.
. 420917 IN NS h.root-servers.net.
. 420917 IN NS l.root-servers.net.
. 420917 IN NS e.root-servers.net.
. 420917 IN NS m.root-servers.net.
;; Received 496 bytes from 2607:fe28:0:1000::8#53(2607:fe28:0:1000::8) in 0
ms
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
;; Received 506 bytes from 2001:7fe::53#53(i.root-servers.net) in 113 ms
google.com. 172800 IN NS ns2.google.com.
google.com. 172800 IN NS ns1.google.com.
google.com. 172800 IN NS ns3.google.com.
google.com. 172800 IN NS ns4.google.com.
;; Received 170 bytes from 2001:503:a83e::2:30#53(a.gtld-servers.net) in 150
ms
;; connection timed out; no servers could be reached
============================================
-----Original Message-----
From: Mark Andrews [mailto:marka at isc.org]
Sent: Tuesday, December 23, 2014 6:01 PM
To: Frank Bulk
Cc: bind-users at isc.org
Subject: Re: Unable to get AAAA for www.revk.uk from some of our servers
In message <001301d01f06$aa1c7180$fe555480$@iname.com>, "Frank Bulk" writes:
> I dumped the database of one failing server and found this entry:
>
> ; authauthority
> ghs.l.google.com. 331 \-AAAA ;-$NXRRSET
> ; l.google.com. SOA ns4.google.com. dns-admin.google.com. 1577084 900 900
> 1800 60
> ; authanswer
> 289 A 74.125.201.121
> ;
>
> What does the "\-AAAA ;-$NXRRSET" mean?
It means that there is a negative cache entry for AAAA lookup. The
SOA record that will be returned is in the comment. For responses
from signed zones you will also see NSEC / NSEC3 records in the
comments as well as RRSIG.
NXRRSET (No Such RRset).
NXDOMAIN (No Such Domain).
> Working server shows this in the dump:
> ; authanswer
> ghs.l.google.com. 287 AAAA 2607:f8b0:4001:c08::79
> ;
>
> Regards,
>
> Frank Bulk
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list