Some very nice broken IPv6 networks at Google and Akamai

Nick Hilliard nick at foobar.org
Tue Nov 11 16:53:18 CET 2014


On 11/11/2014 15:00, Emanuel Popa wrote:
> Is there anyway to intentionally and immediately get on Google's DNS
> blacklist in order to avoid similar outages in the future affecting
> only IPv6 traffic?
> http://www.google.com/intl/en_ALL/ipv6/statistics/data/no_aaaa.txt
> 
> Or maybe the smart thing to do is building another ISP controllable
> blacklist of broken domains and tell BIND on the caches to return only
> A records for blacklisted domains. Or the other way around: only AAAA
> records for IPv4 broken/blacklisted domains...

... or alternatively, depend on Google, Akamai and others not breaking.
This is what we do for ipv4 and it normally works well, but not always.

Bear it in mind that every time a hack is installed to work around a
potential future problem, that hack needs maintenance and if it breaks,
there's a chance that the resulting damage will be at least as bad as what
it was seeking to avoid in the first place.  Unless there are persistent
reliability problems, hacks tend not to be worth it.

Nick




More information about the ipv6-ops mailing list