Google public ipv6 dns can not resolve the domains of Chinese aliyun
303 views
Skip to first unread message
bhzh...@gmail.com
Feb 22, 2018, 8:11:24 AM2/22/18
to public-dns-discuss
root@backup:/home/bhzhu# cat /etc/resolv.conf
#nameserver 8.8.8.8
#nameserver 8.8.4.4
nameserver 2001:4860:4860::6464
nameserver 2001:4860:4860::8888
#nameserver 8.8.8.8
#nameserver 8.8.4.4
root@backup:/home/bhzhu# ping www.landi.com
ping: unknown host www.landi.com
root@backup:/home/bhzhu# ping www.abc360.com
ping: unknown host www.abc360.com
root@backup:/home/bhzhu# ping release.abc360.cn
PING release.abc360.cn (114.55.16.86) 56(84) bytes of data.
64 bytes from 114.55.16.86: icmp_req=1 ttl=23 time=274 ms
64 bytes from 114.55.16.86: icmp_req=2 ttl=23 time=274 ms
^C
--- release.abc360.cn ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 274.410/274.413/274.416/0.003 ms
root@backup:/home/bhzhu# dig www.landi.com
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> www.landi.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 38213
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.landi.com. IN A
;; Query time: 5051 msec
;; SERVER: 2001:4860:4860::6464#53(2001:4860:4860::6464)
;; WHEN: Thu Feb 22 03:26:27 2018
;; MSG SIZE rcvd: 31
root@backup:/home/bhzhu# dig release.abc360.cn
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> release.abc360.cn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18528
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;release.abc360.cn. IN A
;; ANSWER SECTION:
release.abc360.cn. 599 IN A 114.55.16.86
;; Query time: 221 msec
;; SERVER: 2001:4860:4860::6464#53(2001:4860:4860::6464)
;; WHEN: Thu Feb 22 03:26:43 2018
;; MSG SIZE rcvd: 51
Google public ipv6 dns can not resolve the domains of Chinese aliyun,but DNSPOD successfully.And Chinese public ipv6 dns(240c::6666 240c::6644) can resolve aliyun domains sucessfully.What is the problem ?Please help. Thanks
#nameserver 8.8.8.8
#nameserver 8.8.4.4
nameserver 2001:4860:4860::6464
nameserver 2001:4860:4860::8888
#nameserver 8.8.8.8
#nameserver 8.8.4.4
root@backup:/home/bhzhu# ping www.landi.com
ping: unknown host www.landi.com
root@backup:/home/bhzhu# ping www.abc360.com
ping: unknown host www.abc360.com
root@backup:/home/bhzhu# ping release.abc360.cn
PING release.abc360.cn (114.55.16.86) 56(84) bytes of data.
64 bytes from 114.55.16.86: icmp_req=1 ttl=23 time=274 ms
64 bytes from 114.55.16.86: icmp_req=2 ttl=23 time=274 ms
^C
--- release.abc360.cn ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 274.410/274.413/274.416/0.003 ms
root@backup:/home/bhzhu# dig www.landi.com
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> www.landi.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 38213
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.landi.com. IN A
;; Query time: 5051 msec
;; SERVER: 2001:4860:4860::6464#53(2001:4860:4860::6464)
;; WHEN: Thu Feb 22 03:26:27 2018
;; MSG SIZE rcvd: 31
root@backup:/home/bhzhu# dig release.abc360.cn
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> release.abc360.cn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18528
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;release.abc360.cn. IN A
;; ANSWER SECTION:
release.abc360.cn. 599 IN A 114.55.16.86
;; Query time: 221 msec
;; SERVER: 2001:4860:4860::6464#53(2001:4860:4860::6464)
;; WHEN: Thu Feb 22 03:26:43 2018
;; MSG SIZE rcvd: 51
Google public ipv6 dns can not resolve the domains of Chinese aliyun,but DNSPOD successfully.And Chinese public ipv6 dns(240c::6666 240c::6644) can resolve aliyun domains sucessfully.What is the problem ?Please help. Thanks
Alex Dupuy
Feb 22, 2018, 8:27:53 AM2/22/18
to public-dns-discuss
Without looking into the details, this is very likely due to these domains being hosted on a service that "implements" EDNS Client Subnet (ECS) but is violating the 6th commandment listed at https://developers.google.com/speed/public-dns/docs/ecs, and doing so in the worst way—not only are they not including a valid IPv6 scope, they are not replying to the DNS request (or perhaps returning NXDOMAIN or an empty response).
As I wrote there, "Not returning a valid IPv6 ECS scope is the most frequent reason authoritative name servers do not get ECS data from Google Public DNS."
In this case, the small number of IPv6 clients for those domains means that infrequent dropped responses from the authoritative name server to IPv6 ECS queries are too few to cause the ECS auto-detection to mark the name servers as not supporting ECS (a small number of dropped responses is normal).
As the number of Google Public DNS users who send queries to the service via IPv6 increases, and more relevantly the subset of those users who query the domains you mention increases, eventually Google Public DNS would stop sending ECS, and it would start working on IPv6 again.
In the short term, you should complain to the websites and the DNS hosting services that they use, but probably you just need to route Google Public DNS queries over IPv4 if you care about these domains.
Reply all
Reply to author
Forward
0 new messages