Some very nice broken IPv6 networks at Google and Akamai

Jeroen Massar jeroen at massar.ch
Tue Nov 11 16:36:34 CET 2014


On 2014-11-11 16:00, Emanuel Popa wrote:
> Hi,
> 
> Is there anyway to intentionally and immediately get on Google's DNS
> blacklist in order to avoid similar outages in the future affecting
> only IPv6 traffic?
> http://www.google.com/intl/en_ALL/ipv6/statistics/data/no_aaaa.txt
> 
> Or maybe the smart thing to do is building another ISP controllable
> blacklist of broken domains and tell BIND on the caches to return only
> A records for blacklisted domains. Or the other way around: only AAAA
> records for IPv4 broken/blacklisted domains...

As most modern clients do Happy Eyeballs, you could just null route the
destination prefixes and see all clients fall back to IPv6.

But it is rather evil to do that especially at an ISP level. Could have
done that for SixXS and give people working stuff that way, but that
would not have actually resolved the problem, just hidden it.

If you expect that they have outages that they cannot quickly see or
not, then you should also expect a blacklist like to be broken or not
properly update. Hence, better to see the problems and to alert the
folks so that they can fix these issues properly (though Google is now
just hacking around with MSS clamping...).


They typically do not have these issues, they just did not notice it
this time around and thus it took a while for them to wake up (timezones
:) figure out what it is and fix the issue.

I am fairly confident though that Google is now monitoring their stuff
correctly. Lots of good folks there, stuff breaks, they fix it.

Greets,
 Jeroen




More information about the ipv6-ops mailing list