[dns-operations] RRL exposed: resolver issues with AAAA-only NS?

Phil Pennock dnsop+phil at spodhuis.org
Fri Jan 11 20:43:39 UTC 2013


On 2013-01-11 at 11:57 -0500, Matthew Pounsett wrote:
> On 2013/01/10, at 16:53, Phil Pennock wrote:
> 
> > Anyone know of any resolvers that suffer horribly and die when presented
> > with an NS host which is AAAA-only?
> 
> From the perspective of a v4-only resolver, that would look like a
> lame delegation.  Is the whole NS set v6-only, or just the one name
> server?  If it's the whole NS set it wouldn't surprise me to find a
> few implementations that become a bit pathological about trying to get
> the address records.  I'd expect those implementations to try
> resolving the whole NS set though, and give up once they found a v4
> address for any of them.

There exist a couple of domains for which the whole NS set is v6-only.
One (not mine) is a direct child of .org.  Your hypothesis is reasonable
and is close enough to mine, and is the reason I'm asking: if anyone
knows which those implementations are.

Tony: forgot about fpdns, but am apprehensive about the legal position
of sending out queries to a server that's not mine, just because they
sent resolution traffic to me.  I suspect that, if their behaviour is
such that they're abusive and I'm just trying to correlate causes and
pin down behaviour, for engineering diagnostics, I'll be okay, but I'm
still going to think about it a bit before I go that route.

-Phil



More information about the dns-operations mailing list