AAAA's for www.netflix.com

Ben Jencks ben at bjencks.net
Wed Jun 6 20:24:17 UTC 2012


On Jun 6, 2012, at 10:05 AM, Frank Bulk wrote:

> I started monitoring IPv6 access to www.netflix.com after seeing this
> posting
> (http://www.personal.psu.edu/dvm105/blogs/ipv6/2012/06/netflix-is-back.html)
> and what I found, over the week, was that access was coming and going
> (www.premieronline.net/~fbulk/netflix.png).  But not because of IPv6
> connectivity, but because the AAAA's were coming and going.  Netflix's DNS
> TTL is pretty short.  
> 
> I assume Netflix has some global DNS load balancing so my perspective may
> not be complete.  Has anyone else been seeing this?
> 
> I contacted a Netflix employee (he's well known on this list) and he
> responded once but I haven't heard back since Saturday.  

UltraDNS is doing something strange with its CNAME responses. www.netflix.com is a CNAME to a name with both A and AAAA, but the authoritative server for netflix.com only returns that CNAME for A queries, not AAAA. So, if you do an A query first, your resolver will cache the CNAME and use it for the subsequent AAAA query (returning an AAAA), but if you do an AAAA query first, it will cache the no-records response and return no AAAA record.

$ dig ns netflix.com
;; QUESTION SECTION:
;netflix.com.			IN	NS
;; ANSWER SECTION:
netflix.com.		162	IN	NS	pdns5.ultradns.info.
netflix.com.		162	IN	NS	pdns6.ultradns.co.uk.
netflix.com.		162	IN	NS	pdns4.ultradns.org.
netflix.com.		162	IN	NS	pdns2.ultradns.net.
netflix.com.		162	IN	NS	pdns1.ultradns.net.
netflix.com.		162	IN	NS	pdns3.ultradns.org.

$ dig @pdns1.ultradns.net. www.netflix.com
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61357
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.netflix.com.		IN	A
;; ANSWER SECTION:
www.netflix.com.	300	IN	CNAME	dualstack.wwwservice--frontend-313423742.us-east-1.elb.amazonaws.com.

$ dig @pdns1.ultradns.net. aaaa www.netflix.com
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34855
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.netflix.com.		IN	AAAA
;; AUTHORITY SECTION:
netflix.com.		1800	IN	SOA	dns.netflix.com. nicadmin.netflix.com. 2012060120 900 600 1209600 1800

-Ben



More information about the NANOG mailing list