Unable to get AAAA for www.revk.uk from some of our servers
Frank Bulk
frnkblk at iname.com
Mon Jan 5 20:33:04 UTC 2015
Phil,
I'm embarrassed that I didn't check that file earlier. Yes, those four DNS
resolvers sitting behind the load-balancer use 96.31.0.20:
mail1:~# dig -t txt o-o.myaddr.l.google.com +short
"96.31.0.20"
mail1:~#
It's been many moons since that backlist has been brought up, and when I
opened a "ticket" with Google regarding the issue their own staff didn't say
anything about that blacklist. And when those four resolvers did get the
AAAA I assumed the issue was resolved. But I just checked now and they're
not resolving again. I will revisit that "ticket".
At a minimum, I wish one could request de-listing from Google's AAAA
blacklist.
Frank
-----Original Message-----
From: bind-users-bounces at lists.isc.org
[mailto:bind-users-bounces at lists.isc.org] On Behalf Of Phil Mayers
Sent: Monday, January 05, 2015 5:52 AM
To: bind-users at lists.isc.org
Subject: Re: Unable to get AAAA for www.revk.uk from some of our servers
On 24/12/14 17:08, Frank Bulk wrote:
> Except queries from 96.31.0.5 and 199.120.69.24 reliably return the AAAA
> while queries from 96.31.0.20 do not. And we're all the same ISP, and in
> the one case, from the same /24. I don't think Google is that granular.
And
> we do have good IPv6 connectivity.
Yes, Google are that granular. See:
http://www.google.com/intl/en_ALL/ipv6/statistics/data/no_aaaa.txt
...which currently lists:
96.31.0.20/32 # AS53347 United States
96.31.0.31/32 # AS53347 United States
Google have been, AFAICT, silent on the specifics of how they generate
their blacklisting. Presumably it's the fairly standard approach of
correlating a web-bug to a unique hostname embedded in the google search
page, received http requests, and received DNS queries. Google
undoubtedly then do some stats magic - that is their thing, after all -
and down-score resolvers which make the AAAA query but whose clients
don't finish the HTTP request, above some threshold.
We had persistent problems in the past with our resolvers appearing in
the Google blacklist, despite having excellent IPv6 connectivity. Google
were unwilling to provide us any details that would have allowed us to
identify the cause(s).
We eventually stopped paying any attention to it, and the problem went
away by itself.
Possibly there are one or more clients with broken IPv6 using your
resolvers, but without Google specifying the criteria which gets a
resolver blacklisted, it's hard to know.
Frankly, I wish Google would ditch the AAAA blacklist. It is hiding
problems that responsible operators would like to see and fix, just so
that Google don't lose eyeballs (and ad revenue) :o/
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list