[140339] in North American Network Operators' Group
Banks and IPv6 (was Re: Yahoo and IPv6)
daemon@ATHENA.MIT.EDU (Jared Mauch)
Tue May 10 08:44:10 2011
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <A2CF645C-A565-494A-AE3E-8D0C1D9BA814@muada.com>
Date: Tue, 10 May 2011 08:43:09 -0400
To: Iljitsch van Beijnum <iljitsch@muada.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On May 10, 2011, at 6:03 AM, Iljitsch van Beijnum wrote:
> On 9 mei 2011, at 21:40, Tony Hain wrote:
>=20
>>> Publicly held corporations are responsible to their shareholders to =
get
>>> eyeballs on their content. *That* is their job, not promoting cool =
new
>>> network tech. When you have millions of users hitting your site =
every
>>> day losing 1/2000 is a large chunk of revenue.
>=20
> Nonsense. 0.05% is well below the noise margin for anything that =
involves humans.
I think it will be interesting when people start to look at the results. =
Following the delegation of someplace like a bank that has a financial =
interest in
a) security (ie: modern software)
b) people reaching their site
There's a lot of IPv6 brokeness in their services.
do "dig +trace aaaa www.citibank.co.uk"
You will eventually reach their load balancer dns servers that start =
giving out bad referrals/authority.
www.citibank.co.uk. 3600 IN NS =
ldefdc-egsl01-7000.nsroot2.com.
www.citibank.co.uk. 3600 IN NS =
lgbrdc-egsl01-7000.nsroot1.com.
;; Received 153 bytes from 192.193.214.2#53(192.193.214.2) in 36 ms
[trimmed]
. 3600000 IN NS m.root-servers.net.
;; BAD REFERRAL
;; Received 500 bytes from 199.67.203.246#53(199.67.203.246) in 100 ms
When you look at the top "25" broken sites, it quickly starts to look =
like something interesting. The temporary failure shows some error in =
the resolver library looking for an AAAA record. If you ask a non-bind =
nameserver you may have better luck as they seem to have relaxed SOA =
tracking.
www.capitalone.com.|208.80.48.112|OK|Temporary failure in name =
resolution
www.priceline.com.|64.6.17.1|OK|Temporary failure in name resolution
www.kitco.com.|66.38.218.33|OK|Temporary failure in name resolution
www.dmm.co.jp.|203.209.147.15|OK|Temporary failure in name resolution
www.lg.com.|174.35.24.66,174.35.24.81|OK|Temporary failure in name =
resolution
www.theweathernetwork.com.|207.96.160.181|OK|Temporary failure in name =
resolution
www.ovguide.com.|64.94.88.21|OK|Temporary failure in name resolution
www.alipay.com.|110.75.132.21|OK|Temporary failure in name resolution
www.sznews.com.|210.21.197.161|OK|Temporary failure in name resolution
www.ryanair.com.|193.95.148.90|OK|Temporary failure in name resolution
www.kbb.com.|209.67.183.100|OK|Temporary failure in name resolution
www.royalbank.com.|142.245.1.203|OK|Temporary failure in name resolution
www.opentable.com.|66.151.130.32|OK|Temporary failure in name resolution
www.bookryanair.com.|193.95.148.91|OK|Temporary failure in name =
resolution
aleadpay.com.|121.14.17.41|OK|Temporary failure in name resolution
www.20minutos.es.|85.62.13.190|OK|Temporary failure in name resolution
www.nzherald.co.nz.|184.154.158.58|OK|Temporary failure in name =
resolution
www.rbcroyalbank.com.|142.245.1.15|OK|Temporary failure in name =
resolution
www.hangzhou.com.cn.|218.108.127.43|OK|Temporary failure in name =
resolution
www.klikbca.com.|202.6.208.8|OK|Temporary failure in name resolution
www.uk.to.|195.144.11.40|OK|Temporary failure in name resolution
www.atdmt.com.|65.203.229.39,65.242.27.40|OK|Temporary failure in name =
resolution
www.hc360.com.|221.233.134.141,221.233.134.143|OK|Temporary failure in =
name resolution
www.dmm.com.|203.209.147.53|OK|Temporary failure in name resolution
www.businesswire.com.|204.8.173.52|OK|Temporary failure in name =
resolution
Aside from the above, it does seem that there are a fair number of sites =
that have enabled IPv6 and gone without notice.
take www.informationweek.com which (from my view) sits behind AS209 with =
their IPv6 space, very similar to their v4 address.
I'm optimistic that more people will 'just enable' ipv6. Hopefully =
other technical websites will do it as well, perhaps anyone that matches =
a regex of "ars" can influence the powers that be. If they can get =
people to disable adblock, maybe they can serve up some AAAA as well. :)
- Jared=
