Unable to get AAAA for www.revk.uk from some of our servers

Frank Bulk frnkblk at iname.com
Mon Jan 5 20:33:04 UTC 2015 

Phil,

I'm embarrassed that I didn't check that file earlier.  Yes, those four DNS
resolvers sitting behind the load-balancer use 96.31.0.20:

mail1:~# dig -t txt o-o.myaddr.l.google.com +short
"96.31.0.20"
mail1:~#

It's been many moons since that backlist has been brought up, and when I
opened a "ticket" with Google regarding the issue their own staff didn't say
anything about that blacklist.  And when those four resolvers did get the
AAAA I assumed the issue was resolved.  But I just checked now and they're
not resolving again.  I will revisit that "ticket".

At a minimum, I wish one could request de-listing from Google's AAAA
blacklist.

Frank

-----Original Message-----
From: bind-users-bounces at lists.isc.org
[mailto:bind-users-bounces at lists.isc.org] On Behalf Of Phil Mayers
Sent: Monday, January 05, 2015 5:52 AM
To: bind-users at lists.isc.org
Subject: Re: Unable to get AAAA for www.revk.uk from some of our servers

On 24/12/14 17:08, Frank Bulk wrote:
> Except queries from 96.31.0.5 and 199.120.69.24 reliably return the AAAA
> while queries from 96.31.0.20 do not.  And we're all the same ISP, and in
> the one case, from the same /24.  I don't think Google is that granular.
And
> we do have good IPv6 connectivity.

Yes, Google are that granular. See:

http://www.google.com/intl/en_ALL/ipv6/statistics/data/no_aaaa.txt

...which currently lists:

96.31.0.20/32            # AS53347 United States
96.31.0.31/32            # AS53347 United States

Google have been, AFAICT, silent on the specifics of how they generate 
their blacklisting. Presumably it's the fairly standard approach of 
correlating a web-bug to a unique hostname embedded in the google search 
page, received http requests, and received DNS queries. Google 
undoubtedly then do some stats magic - that is their thing, after all - 
and down-score resolvers which make the AAAA query but whose clients 
don't finish the HTTP request, above some threshold.

We had persistent problems in the past with our resolvers appearing in 
the Google blacklist, despite having excellent IPv6 connectivity. Google 
were unwilling to provide us any details that would have allowed us to 
identify the cause(s).

We eventually stopped paying any attention to it, and the problem went 
away by itself.

Possibly there are one or more clients with broken IPv6 using your 
resolvers, but without Google specifying the criteria which gets a 
resolver blacklisted, it's hard to know.

Frankly, I wish Google would ditch the AAAA blacklist. It is hiding 
problems that responsible operators would like to see and fix, just so 
that Google don't lose eyeballs (and ad revenue) :o/
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list