[153453] in North American Network Operators' Group
Re: AAAA's for www.netflix.com
daemon@ATHENA.MIT.EDU (Ben Jencks)
Wed Jun 6 16:25:24 2012
From: Ben Jencks <ben@bjencks.net>
In-Reply-To: <00a501cd43ed$5ee99950$1cbccbf0$@iname.com>
Date: Wed, 6 Jun 2012 16:24:17 -0400
To: frnkblk@iname.com
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jun 6, 2012, at 10:05 AM, Frank Bulk wrote:
> I started monitoring IPv6 access to www.netflix.com after seeing this
> posting
> =
(http://www.personal.psu.edu/dvm105/blogs/ipv6/2012/06/netflix-is-back.htm=
l)
> and what I found, over the week, was that access was coming and going
> (www.premieronline.net/~fbulk/netflix.png). But not because of IPv6
> connectivity, but because the AAAA's were coming and going. Netflix's =
DNS
> TTL is pretty short. =20
>=20
> I assume Netflix has some global DNS load balancing so my perspective =
may
> not be complete. Has anyone else been seeing this?
>=20
> I contacted a Netflix employee (he's well known on this list) and he
> responded once but I haven't heard back since Saturday. =20
UltraDNS is doing something strange with its CNAME responses. =
www.netflix.com is a CNAME to a name with both A and AAAA, but the =
authoritative server for netflix.com only returns that CNAME for A =
queries, not AAAA. So, if you do an A query first, your resolver will =
cache the CNAME and use it for the subsequent AAAA query (returning an =
AAAA), but if you do an AAAA query first, it will cache the no-records =
response and return no AAAA record.
$ dig ns netflix.com
;; QUESTION SECTION:
;netflix.com. IN NS
;; ANSWER SECTION:
netflix.com. 162 IN NS pdns5.ultradns.info.
netflix.com. 162 IN NS pdns6.ultradns.co.uk.
netflix.com. 162 IN NS pdns4.ultradns.org.
netflix.com. 162 IN NS pdns2.ultradns.net.
netflix.com. 162 IN NS pdns1.ultradns.net.
netflix.com. 162 IN NS pdns3.ultradns.org.
$ dig @pdns1.ultradns.net. www.netflix.com
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61357
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.netflix.com. IN A
;; ANSWER SECTION:
www.netflix.com. 300 IN CNAME =
dualstack.wwwservice--frontend-313423742.us-east-1.elb.amazonaws.com.
$ dig @pdns1.ultradns.net. aaaa www.netflix.com
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34855
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.netflix.com. IN AAAA
;; AUTHORITY SECTION:
netflix.com. 1800 IN SOA dns.netflix.com. =
nicadmin.netflix.com. 2012060120 900 600 1209600 1800
-Ben=
