Have we been opted out of IPv6 AAAA resolution?

Phil Mayers p.mayers at imperial.ac.uk
Wed Jun 6 13:38:59 CEST 2012

Odd result today. We noticed that our recursive resolvers are not 
returning AAAA for www.google.com and www.facebook.com. Facebook was 
most certainly working earlier in the week (they seemed to serve a AAAA 
earlier than anyone else).

Further investigation using "dig @theremotedns" shows that other servers 
at our site are able to see AAAA, but our recursive DNS servers are not; 
that is, I don't think it is our DNS software.

It seems that the IP addresses of our DNS servers have made it into some 
kind of blacklist / greylist that is common to Google, Facebook and 
others. Indeed, I can confirm this by adding another IP alias to the box 
and using "dig -b":

[root at rdns1 ~]# dig +short -b @glb1.facebook.com. 
www.facebook.com aaaa
[root at rdns1 ~]#

[root at rdns1 ~]# dig +short -b @glb1.facebook.com. 
www.facebook.com aaaa
[root at rdns1 ~]#

I can't really imagine what's happening, unless the "big 5" (Google, 
Yahoo, Facebook, Bing, Youtube) are sharing some kind of automated data 
source, and for some reason that source believes we have "brokenness" 
(which we don't; our own website and email service are IPv6-enabled!)

Suggestions welcome.


More information about the ipv6-ops mailing list