From owner-freebsd-stable@FreeBSD.ORG Tue Mar 16 00:15:15 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5862716A4CE for ; Tue, 16 Mar 2004 00:15:15 -0800 (PST) Received: from farside.isc.org (farside.isc.org [204.152.187.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3A53F43D39 for ; Tue, 16 Mar 2004 00:15:15 -0800 (PST) (envelope-from Mark_Andrews@isc.org) Received: from drugs.dv.isc.org (localhost [IPv6:::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by farside.isc.org (Postfix) with ESMTP id 5A1DCA843 for ; Tue, 16 Mar 2004 08:15:14 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.12.10/8.12.10) with ESMTP id i2G8F4qW049162; Tue, 16 Mar 2004 19:15:04 +1100 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200403160815.i2G8F4qW049162@drugs.dv.isc.org> To: "Dave Hart" From: Mark Andrews In-reply-to: Your message of "Tue, 16 Mar 2004 07:55:57 -0000." <255A839665EA24408EB27A6AAE15518EAC1B@europa.ad.hartbrothers.com> Date: Tue, 16 Mar 2004 19:15:04 +1100 Sender: Mark_Andrews@isc.org cc: ask@develooper.com cc: freebsd-stable@freebsd.org cc: Rick Knospler Subject: Re: ftp.perl.org strangeness X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Mar 2004 08:15:15 -0000 > I've run across this issue with a few websites in the last 18 months. > It might help to ask if they're using a "load balancer" on > ddns5.develooper.com (the nameserver for ddns.develooper.com which is > the zone containing ftp.cpan.ddns.develooper.com which is CNAMEd from > ftp.perl.org). One DNS-based load balancing product exhibited this > broken behavior, though I don't know which product it was. When queried > for type A or any type, the correct responses are returned, but when > querying for AAAA, NXDOMAIN is returned, which is evil because it > communicates false information that there are no records of any type at > that name. Since IPv6-enabled clients query AAAA before A or any, they > tend to trip up 100% of the time. I've not yet heard of a > general-purpose DNS server getting this wrong, I assume any such > offenders were fixed earlier in the 8 years of AAAA. DNS-based load > balancers are on average greener. The general purpose servers *never* had this problem. > I ran across this first with a major computer reseller website and > complained to their admins. It took many months for them to get the fix > from their load-balancing vendor and convince themselves it was safe, > but they did eventually correct the fault. > > ask develooper.com is listed as the contact in the SOA for > ddns.develooper.com, hopefully including them on this email will get the > ball rolling. > > Dave Hart > davehart@davehart.com > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org