About.com/NYTimes admins about?

Brendan Cleary cleary at nytimes.com
Tue Sep 30 16:04:48 CDT 2008


I worked with Chris on this outside of the list. Replying here just to 
close the loop in case anyone else was interested.

This situation is explained in this Case Study:
http://support.citrix.com/article/CTX117947

The key sentence being:
"In NetScaler software release 7.0, when the DNS server looks up AAAA 
records, the response was “0” and errors “0”. However, in NetScaler 
software release 8.0, with standard response “0”, the NetScaler 
appliance sends the delegation records to root. "

To summarize, if you don't have your NS records in place on the 
Netscalers, you will see a loop for AAAA queries 
(root>auth>netscaler>root....), eventually resulting in a SERVFAIL.


Christopher Morrow wrote:
> On Sat, Sep 27, 2008 at 3:12 AM, Robert Manning <riches at about.com> wrote:
>   
>> Hey Chris, I'll reply to you off list.
>>
>>     
>
> awesome, thanks!
>
>   
>> Thanks for the heads up.
>>
>> -rjb
>>
>>
>> On 9/26/08 10:13 PM, "Christopher Morrow" <morrowc.lists at gmail.com> wrote:
>>
>>     
>>> Is there perhaps an about.com/nytimes.com admin around? I was
>>> wondering if they perhaps knew that their loadbalancer for
>>> www.nytimes.com is fairly broken wrt answering AAAA queries:
>>>
>>> (who's NS for nytimes.com)
>>> dig  NS nytimes.com  +short
>>> ns1t.nytimes.com.
>>> nydns2.about.com.
>>> nydns1.about.com.
>>>
>>> (who do they think is the NS for www.nytimes.com)
>>> dig   www.nytimes.com   @ns1t.nytimes.com. NS
>>> ;; QUESTION SECTION:
>>> ;www.nytimes.com.               IN      NS
>>>
>>> ;; AUTHORITY SECTION:
>>> www.nytimes.com.        60      IN      NS      nss1.sea1.nytimes.com.
>>> www.nytimes.com.        60      IN      NS      nss1.lga2.nytimes.com.
>>>
>>> (what is the AAAA for www.nytimes.com ?? )
>>> dig   www.nytimes.com   @nss1.sea1.nytimes.com. AAAA
>>> ;www.nytimes.com.               IN      AAAA
>>>
>>> ;; AUTHORITY SECTION:
>>> .                       3600000 IN      NS      k.root-servers.net.
>>> .                       3600000 IN      NS      l.root-servers.net.
>>> .                       3600000 IN      NS      m.root-servers.net.
>>> .                       3600000 IN      NS      a.root-servers.net.
>>> .                       3600000 IN      NS      b.root-servers.net.
>>> .                       3600000 IN      NS      c.root-servers.net.
>>> .                       3600000 IN      NS      d.root-servers.net.
>>> .                       3600000 IN      NS      e.root-servers.net.
>>> .                       3600000 IN      NS      f.root-servers.net.
>>> .                       3600000 IN      NS      g.root-servers.net.
>>> .                       3600000 IN      NS      h.root-servers.net.
>>> .                       3600000 IN      NS      i.root-servers.net.
>>> .                       3600000 IN      NS      j.root-servers.net.
>>>
>>> ;; ADDITIONAL SECTION:
>>> k.root-servers.net.     3600000 IN      A       193.0.14.129
>>> l.root-servers.net.     3600000 IN      A       198.32.64.12
>>> m.root-servers.net.     3600000 IN      A       202.12.27.33
>>>
>>> ;; Query time: 89 msec
>>> ;; SERVER: 170.149.172.35#53(170.149.172.35)
>>>
>>>
>>> wha??? <ricky voice>Lucy, your loadbalancer is foobar'd</ricky voice>
>>>
>>> In an effort to make v6 things work a tad better in this hostile
>>> world, could the NYTimes folks let us know what sort of LB that is?
>>> and why it wants to not be a good Intenet Citizen??
>>>
>>> -Chris
>>>
>>>       
>>
>>     
>
>   

-- 
-Brendan Cleary

Senior Network Engineer
NYTIMES.COM
212.556.8041







More information about the NANOG mailing list