Name resolution problems with IPv6?
Mark Andrews
Mark_Andrews at isc.org
Fri Jul 21 01:00:09 UTC 2006
> Hi all,
> I am in over my head trying to troubleshoot a network problem and I
> would greatly appreciate any help.
>
> I have a Python app that has connected perfectly well via HTTP to
> thousands of servers but has encountered one (floridasbestmortgages.com)
> where the connection consistently fails after a long delay. I've traced
> the delay and error as far as a call to getaddrinfo(), and I've noted
> three things that may be helpful in diagnosis:
> 1) My Python is compiled with IPv6 support
> 2) When IPv6 support is enabled at compile time, Python's getaddrinfo()
> code makes this call:
> getipnodebyname(hostname, AF_INET6, AI_ADDRCONFIG|AI_ALL|AI_V4MAPPED,
> &h_error);
> whereas when it is disabled the Python library calls this:
> gethostbyname(hostname);
> 3) Calling gethostbyname("floridasbestmortgages.com") directly (it's
> exposed by Python's socket library) always returns the correct IP
> address immediately.
>
> Experiments on several machines (FeeeBSD, RHEL and OS X) in different
> locations give fairly consistent results: if I tell Python to use IPv4
> (AF_INET), getaddrinfo() returns a correct result almost instantly. If I
> tell it to use IPv6 (AF_INET6), I get a delay (consistent over time but
> varies from machine to machine) and then an error. If I pass AF_UNSPEC,
> I first get the delay and then a correct result, so I guess Python falls
> back to IPv4 after IPv6 fails.
>
> I have a strong hunch that the problem is related to IPv4/v6 address
> resolution via getaddrinfo() as described in section 3 of this document:
> http://www.v6fix.net/docs/wide-draft-v6fix.en
Not in this case. This case is a simple broken delegation.
DNS1.ARELLINC.COM and DNS2.ARELLINC.COM only exist as glue
records. When you query these servers for their A or AAAA
records they claim they do not exist.
You need to contact the administrators of ARELLINC.COM and
get them to fix there broken configutation by adding the
A records for DNS1.ARELLINC.COM and DNS2.ARELLINC.COM to
the ARELLINC.COM zone.
The reason you have problems is that named, on a dual stack
machine, looks for the AAAA records for DNS1.ARELLINC.COM and
DNS2.ARELLINC.COM and gets told they don't exist. This,
correctly, wipes out the glue records, as the zone is more
authoritative than glue. The fact that the names don't
exist is cached. Named then has a set for NS records for
which it has been told there are no associates A, AAAA or
any other type of record so it fails the lookup.
> Naturally, the v6 delay is worst (~ 2 minutes) on my most important
> machine; it averages about 10 seconds on the other machines. Since the
> delay varies depending on the machine, I'm guessing that it is the name
> resolution process that each machine follows which causes the delay. I
> don't know how to expose that process and that's where I could really
> use some help. How do I find out why my connection takes ~2 minutes to
> time out? If someone's DNS is broken, I'd like to resolve the problem
> there rather than by disabling IPv6 support on my end.
>
> I could duck this whole problem by recompiling Python without IPv6
> support, but that seems like using dynamite to kill a mosquito.
>
> In case anyone is interested in the Python code I've been using to test
> with, here's the crucial bits to paste into an interactive session:
>
> import socket
> print socket.has_ipv6
> socket.getaddrinfo("floridasbestmortgages.com", "http", socket.AF_INET)
> socket.getaddrinfo("floridasbestmortgages.com", "http", socket.AF_INET6)
> socket.getaddrinfo("floridasbestmortgages.com", "http", socket.AF_UNSPEC)
>
> Thanks very much in advance for any help.
> --
> Philip Semanchuk
> email: first name @ last name.com
floridasbestmortgages.com is served by:
floridasbestmortgages.com. 172800 IN NS dns1.arellinc.com.
floridasbestmortgages.com. 172800 IN NS dns2.arellinc.com.
;; Received 122 bytes from 192.31.80.30#53(D.GTLD-SERVERS.NET) in 238 ms
dns1.arellinc.com. 172800 IN A 209.25.195.243
arellinc.com. 172800 IN NS dns1.arellinc.com.
arellinc.com. 172800 IN NS dns2.arellinc.com.
;; Received 116 bytes from 192.42.93.30#53(g.gtld-servers.net) in 170 ms
; <<>> DiG 9.3.2 <<>> dns1.arellinc.com @209.25.195.243
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32401
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;dns1.arellinc.com. IN A
;; AUTHORITY SECTION:
arellinc.com. 14440 IN SOA dns1.arellinc.com.arellinc.com. cpanel.amln.net. 2006030402 86400 7200 3600000 86400
;; Query time: 169 msec
;; SERVER: 209.25.195.243#53(209.25.195.243)
;; WHEN: Fri Jul 21 10:45:09 2006
;; MSG SIZE rcvd: 104
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list