<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Nah, I have tried both.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">When it gets a AAAA request for a vip that has only a v4 address, it either returns nothing or if there is a fallback cname, issues the cname.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">If the name is the same as the A record and there is no v6 address, it should simply return noerr and give the v4 IP. It doesn’t work in proxy mode and it
is working in a subdomain model, actually. I simplified it for that example.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Problem is that if you have an A record with a fallback cname, it will always hit the fallback cname when an AAAA record is asked for. In the case where you
have a client that is making its requests through a local dns server, that server will cache that result giving that fallback cname to all requesters of A records after that one client makes its AAAA request.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The problem isn’t so much the mishandling of the AAAA records, per se, as it is the fact that the mishandling of them messes up future v4 A record requests
by clients using the same DNS server due to the caching of the CNAME. I have even reduced the cname TTL to 10 seconds but you still end up with any v4 clients that make a request to the local DNS server getting scattered to the failover VIPs during that 10
second period after an AAAA request. That can be a substantial number of requests.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext"> ipv6-ops-bounces+gbonser=seven.com@lists.cluenet.de
[mailto:ipv6-ops-bounces+gbonser=seven.com@lists.cluenet.de] <b>On Behalf Of </b>
Jack Bates<br>
<b>Sent:</b> Sunday, October 23, 2011 7:13 PM<br>
<b>To:</b> ipv6-ops@lists.cluenet.de<br>
<b>Subject:</b> Re: Interesting A10 GSLB interop problem<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Perhaps that's why the website says, "<b><i>Note:</i></b> The AX is not recommended as a full DNS server replacement "<br>
<br>
I suspect using a subdomain model or proxy model would overcome these problems.<br>
<br>
On 10/23/2011 7:55 PM, George Bonser wrote: <o:p></o:p></p>
<pre>And just to add, the desired behavior would be:<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>If an AAAA request is received and if there is no IPv6 address for a VIP resource, if the VIP is up, return NOERR with the A record. If the VIP is down, return the as-replace cname record.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>If an AAAA request is received and if there is an IPv6 address for a VIP resource, if the VIP is up, return the IPv6 address. If the VIP is down, return the as-replace cname record.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<pre>-----Original Message-----<o:p></o:p></pre>
<pre>From: <a href="mailto:ipv6-ops-bounces+gbonser=seven.com@lists.cluenet.de">ipv6-ops-bounces+gbonser=seven.com@lists.cluenet.de</a> [<a href="mailto:ipv6">mailto:ipv6</a>-<o:p></o:p></pre>
<pre><a href="mailto:ops-bounces+gbonser=seven.com@lists.cluenet.de">ops-bounces+gbonser=seven.com@lists.cluenet.de</a>] On Behalf Of George<o:p></o:p></pre>
<pre>Bonser<o:p></o:p></pre>
<pre>Sent: Sunday, October 23, 2011 5:49 PM<o:p></o:p></pre>
<pre>To: <a href="mailto:ipv6-ops@lists.cluenet.de">ipv6-ops@lists.cluenet.de</a><o:p></o:p></pre>
<pre>Subject: Interesting A10 GSLB interop problem<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>I ran across an interesting problem when using an A10 for GSLB with<o:p></o:p></pre>
<pre>IPv4 only resources.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>So assume the following configuration:<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>gslb zone example.com<o:p></o:p></pre>
<pre> policy foo<o:p></o:p></pre>
<pre> ttl 7200<o:p></o:p></pre>
<pre> service http foo<o:p></o:p></pre>
<pre> dns-cname-record fail.example.com as-replace<o:p></o:p></pre>
<pre> dns-a-record foo-vip ttl 600<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>GSLB is operating in server mode, not proxy mode.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>The purpose if this config is that if a user requests foo.example.com<o:p></o:p></pre>
<pre>and it is down, it (and all other users using that DNS server) is<o:p></o:p></pre>
<pre>diverted to fail.example.com for a period of two hours. Foo-vip has<o:p></o:p></pre>
<pre>only an IPv4 address.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Assume a client makes a request for an A record. The local DNS server<o:p></o:p></pre>
<pre>will request an A record and get back the record for foo.example.com<o:p></o:p></pre>
<pre>and everything works as planned.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>The problem comes in when a client device makes a request for an AAAA<o:p></o:p></pre>
<pre>record. As there is no ipv6 address for foo-vip, the client's local<o:p></o:p></pre>
<pre>DNS server receives the fail.example.com CNAME which lives for two<o:p></o:p></pre>
<pre>hours.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>A subsequent client making an IPv4 request after the 600 second TTL of<o:p></o:p></pre>
<pre>the A record receives the "fail.example.com" CNAME (or the local DNS<o:p></o:p></pre>
<pre>server performs a recursive lookup on its behalf) and it gets the<o:p></o:p></pre>
<pre>failover address and will continue getting it for as long as clients<o:p></o:p></pre>
<pre>make AAAA requests to the GSLB.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>There is apparently no way to configure the A10 GSLB to say "if there<o:p></o:p></pre>
<pre>is no IPv6 record for a VIP but there is an IPv4 address, return NOERR<o:p></o:p></pre>
<pre>with the A record"<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
</blockquote>
<pre><o:p> </o:p></pre>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</body>
</html>