[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

it appears that this whole "ask for AAAA before A" will be painful

To: namedroppers@ops.ietf.org
Subject: it appears that this whole "ask for AAAA before A" will be painful
From: Paul Vixie <paul@vix.com>
Date: Sun, 08 Dec 2002 22:27:37 +0000

warning: this is another installment of my long running series of diatribe
against "stupid dns tricks" used by almost every form of load balancing
product or service i've ever seen.

-------- first let me show you who the nameservers are for "united.com"

;; ANSWER SECTION:
united.com.             2D IN NS        DC1LBS1.ULS-PROD.com.
united.com.             2D IN NS        DC2LBS1.ULS-PROD.com.

;; ADDITIONAL SECTION:
DC1LBS1.ULS-PROD.com.   2D IN A         64.95.89.4
DC2LBS1.ULS-PROD.com.   2D IN A         64.95.88.4

;; Total query time: 40 msec
;; FROM: ww.vix.com to SERVER: f.gtld-servers.com  192.35.51.30

-------- now let's ask it for the AAAA RR for www.united.com

;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      www.united.com, type = AAAA, class = IN

;; Total query time: 78 msec
;; FROM: ww.vix.com to SERVER: 64.95.89.4

-------- to show you that it's not AAAA prejudice, let's look for an RT RR:

;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      www.united.com, type = RT, class = IN

;; Total query time: 73 msec
;; FROM: ww.vix.com to SERVER: 64.95.89.4

-------- now let's let the load balancer do what it thinks its job is:

;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      www.united.com, type = A, class = IN

;; ANSWER SECTION:
www.united.com.         5S IN A         64.95.89.8

;; Total query time: 66 msec
;; FROM: ww.vix.com to SERVER: 64.95.89.4

--------

SERVFAIL is the wrong answer.  SERVFAIL is an indication, not that the type
isn't known, but that the zone is invalid at that server.  recursive servers
are within their rights to cache SERVFAIL at <ZONE,CLASS>, rather than at
<NAME,CLASS,TYPE>.  the proper answer to a AAAA or RT question, if there are
no RR's of that type at that name, is NOERROR/ANCOUNT=0.

do we need a BCP draft recommending that SERVFAIL be ignored, in case it came
from a load balancer?  or shall we call the load balancers faulty, and let
web sites like united.com be stranded in the new IPv6 era?

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: it appears that this whole "ask for AAAA before A" will be painful
  - From: Bill Manning <bmanning@ISI.EDU>
- Re: it appears that this whole "ask for AAAA before A" will be painful
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
- Re: it appears that this whole "ask for AAAA before A" will be painful
  - From: "D. J. Bernstein" <djb@cr.yp.to>
- Re: it appears that this whole "ask for AAAA before A" will be painful
  - From: Peter Koch <pk@TechFak.Uni-Bielefeld.DE>

Prev by Date: Re: SRV RR Questions
Next by Date: RE: namedroppers, continued
Previous by thread: namedroppers mismanagement: it never ends
Next by thread: Re: it appears that this whole "ask for AAAA before A" will be painful
Index(es):
- Date
- Thread