GTLD inconsistency, was: Re: AAAAs in the Root and /48 Filtering

Tue Feb 5 09:53:07 UTC 2008

On 1 feb 2008, at 20:22, Scalzo, Frank wrote:

> If you are having IPv6 reachability problems to the V6 IP addresses  
> for
> a.root-servers.net and j.root-servers.net (2001:503:BA3e::2:30 and
> 2001:503:C27::2:30) please feel free to contact us. We may be able to
> assist in getting filters updated or working around any connectivity
> issues.

Well, that part works ok. But I'm seeing significant slowdowns when  
depending on an IPv6-only nameserver, and it could be that this is the  
culprit:

# dig B.GTLD-SERVERS.net. aaaa

; <<>> DiG 9.4.1-P1 <<>> B.GTLD-SERVERS.net. aaaa
;; global options:  printcmd
;; connection timed out; no servers could be reached

Now the A and B GTLD servers do have AAAA glue in the root responses:

# dig @h.root-servers.net GTLD-SERVERS.net. ns

; <<>> DiG 9.4.1-P1 <<>> @h.root-servers.net GTLD-SERVERS.net. ns
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25901
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 15
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;GTLD-SERVERS.net.		IN	NS

;; AUTHORITY SECTION:
net.			172800	IN	NS	a.GTLD-SERVERS.net.
net.			172800	IN	NS	b.GTLD-SERVERS.net.
net.			172800	IN	NS	c.GTLD-SERVERS.net.
net.			172800	IN	NS	d.GTLD-SERVERS.net.
net.			172800	IN	NS	e.GTLD-SERVERS.net.
net.			172800	IN	NS	f.GTLD-SERVERS.net.
net.			172800	IN	NS	g.GTLD-SERVERS.net.
net.			172800	IN	NS	h.GTLD-SERVERS.net.
net.			172800	IN	NS	i.GTLD-SERVERS.net.
net.			172800	IN	NS	j.GTLD-SERVERS.net.
net.			172800	IN	NS	k.GTLD-SERVERS.net.
net.			172800	IN	NS	l.GTLD-SERVERS.net.
net.			172800	IN	NS	m.GTLD-SERVERS.net.

;; ADDITIONAL SECTION:
a.GTLD-SERVERS.net.	172800	IN	A	192.5.6.30
b.GTLD-SERVERS.net.	172800	IN	A	192.33.14.30
c.GTLD-SERVERS.net.	172800	IN	A	192.26.92.30
d.GTLD-SERVERS.net.	172800	IN	A	192.31.80.30
e.GTLD-SERVERS.net.	172800	IN	A	192.12.94.30
f.GTLD-SERVERS.net.	172800	IN	A	192.35.51.30
g.GTLD-SERVERS.net.	172800	IN	A	192.42.93.30
h.GTLD-SERVERS.net.	172800	IN	A	192.54.112.30
i.GTLD-SERVERS.net.	172800	IN	A	192.43.172.30
j.GTLD-SERVERS.net.	172800	IN	A	192.48.79.30
k.GTLD-SERVERS.net.	172800	IN	A	192.52.178.30
l.GTLD-SERVERS.net.	172800	IN	A	192.41.162.30
m.GTLD-SERVERS.net.	172800	IN	A	192.55.83.30
a.GTLD-SERVERS.net.	172800	IN	AAAA	2001:503:a83e::2:30
b.GTLD-SERVERS.net.	172800	IN	AAAA	2001:503:231d::2:30

;; Query time: 324 msec
;; SERVER: 2001:500:1::803f:235#53(2001:500:1::803f:235)
;; WHEN: Tue Feb  5 10:47:51 2008
;; MSG SIZE  rcvd: 506

However, I'm thinking this is the reason why BIND isn't using that glue:

# dig @2001:503:a83e::2:30 GTLD-SERVERS.net. ns

; <<>> DiG 9.4.1-P1 <<>> @2001:503:a83e::2:30 GTLD-SERVERS.net. ns
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48256
;; flags: qr rd; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 8
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;GTLD-SERVERS.net.		IN	NS

;; ANSWER SECTION:
GTLD-SERVERS.net.	172800	IN	NS	a2.nstld.com.
GTLD-SERVERS.net.	172800	IN	NS	c2.nstld.com.
GTLD-SERVERS.net.	172800	IN	NS	d2.nstld.com.
GTLD-SERVERS.net.	172800	IN	NS	e2.nstld.com.
GTLD-SERVERS.net.	172800	IN	NS	f2.nstld.com.
GTLD-SERVERS.net.	172800	IN	NS	g2.nstld.com.
GTLD-SERVERS.net.	172800	IN	NS	h2.nstld.com.
GTLD-SERVERS.net.	172800	IN	NS	l2.nstld.com.

;; ADDITIONAL SECTION:
a2.nstld.com.		172800	IN	A	192.5.6.31
c2.nstld.com.		172800	IN	A	192.26.92.31
d2.nstld.com.		172800	IN	A	192.31.80.31
e2.nstld.com.		172800	IN	A	192.12.94.31
f2.nstld.com.		172800	IN	A	192.35.51.31
g2.nstld.com.		172800	IN	A	192.42.93.31
h2.nstld.com.		172800	IN	A	192.54.112.31
l2.nstld.com.		172800	IN	A	192.41.162.31

;; Query time: 204 msec
;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
;; WHEN: Tue Feb  5 10:49:39 2008
;; MSG SIZE  rcvd: 307

I.e., the roots and the GTLD servers disagree on who is authorative  
for gtld-servers.net. It would be good if this can be fixed.