resolve problem in particular environment

Phil Mayers p.mayers at imperial.ac.uk
Mon Sep 24 11:06:27 CEST 2012


On 09/24/2012 02:52 AM, sk.flyr wrote:
> 2012/9/24 Lyle Giese <lyle at lcrcomputer.net>:
>> On 09/23/12 19:14, sk.flyr wrote:
>>>
>>> Hello,
>>>
>>> I can resolve ok.example.org in the environment.
>>> also I can resolve www.example.org and ipv6.example.org.
>>> I cannot resolve ng.example.org in the environment.
>>> Is it normal?
>>>
>>> dual stack environment
>>>    ipv4 - configure pppoe on windows(vista,7,8) adopter
>>>    ipv6 - received RA on Ethernet
>>>
>>> DNS records
>>>    ok.example.org. CNAME www.example.org.
>>>    www.example.org. A 192.0.2.80
>>>    www.example.org. AAAA 2001:db8::80
>>>    ;
>>>    ng.example.org. CNAME ipv6.example.org.
>>>    ipv6.example.org. AAAA 2001:db8::80
>>>
>> Depends on the question you are asking.  Are you asking for the A record
>> (which there is none) or the AAAA record?  Dig defaults to asking for the A
>> record, not the AAAA record.  Telling dig to ask for ANY will give you the
>> answer I suspect you are looking for.

IMO this is something you need to be cautious with. ANY does not tunnel 
through caches - you'll just see what's in-cache at the time. In 
general, ANY is only useful against authoritative servers that you 
*know* reply honestly, or against a cache you *know* is not primed, and 
will correctly tunnel through to such an authoritatve server.

Generally it's no more difficult to just query A and AAAA separately, 
which also more closely approximates what the actual OSes do.

>
> at first query A RR Windows Vista 7,8 in pppoe(ipv4) environment
> of course CNAME response, at secondary  AAAA query in other environment.
> but received CNAME response to give up A only, did not fallback AAAA
> query in pppoe(ipv4) environment.
>

Sorry, I don't understand that.

You are aware that, usually, a host will only make a AAAA query if it 
has an IPv6 address?

Do the hosts *have* IPv6 addresses?

Test with "dig" on your platform of choice, which will query the type 
you tell it regardless. See if the names actually resolve i.e.

dig ng.example.org a
dig ng.example.org aaaa

...before going any further.

Are you sure there isn't some broken DNS load-balancer (e.g. GSLB) in 
play? These often fail to handle AAAA records and lead to brokenness of 
a similar sort.


More information about the ipv6-ops mailing list