Stop IPv6 Google traffic
Owen DeLong
owen at delong.com
Mon Apr 11 21:44:50 UTC 2016
> On Apr 11, 2016, at 14:03 , Rubens Kuhl <rubensk at gmail.com> wrote:
>
> On Mon, Apr 11, 2016 at 5:56 PM, Ricky Beam <jfbeam at gmail.com> wrote:
>
>> On Sun, 10 Apr 2016 20:09:04 -0400, Rubens Kuhl <rubensk at gmail.com> wrote:
>>
>>> If your users are seeing captchas, one or a few or them are likely to be
>>> infected to the point of generating too much requests to Google.
>>>
>>
>> If that were the case, they'd be seeing the same via IPv4. And apparently,
>> they aren't.
>>
>
> Nope. If you have both A and AAAA IP addresses in DNS responses and have
> both IPv4 and IPv6 connectivity, IPv6 will be preferred, with even a bit of
> latency handicap favoring IPv6 in current Happy Eyeballs implementations.
> Remember that the symptom is not unresponsive website, but an answer with
> an inconvenience (the captcha), so the browser and the network stack won't
> deem it as IPv6 load failure.
Also, incorrect or non-existant PTR records are much more common in IPv6
than in IPv4, so that could also account for some difference in behavior.
Most res.ISPs, for example, synthesize PTR responses for their IPv4
addresses such as:
240.59.103.76.in-addr.arpa. 7200 IN PTR c-76-103-59-240.hsd1.ca.comcast.net.
vs.
; <<>> DiG 9.8.3-P1 <<>> -x 2601:1c1:1234:5678:b834:f36d:2bb9:285
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48639
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;5.8.2.0.9.b.b.2.d.6.3.f.4.3.8.b.8.7.6.5.4.3.2.1.1.c.1.0.1.0.6.2.ip6.arpa. IN PTR
;; AUTHORITY SECTION:
0.1.0.6.2.ip6.arpa. 3600 IN SOA dns101.comcast.net. dnsmaster.comcastonline.com. 2014093006 7200 300 604800 3600
;; Query time: 128 msec
;; SERVER: 172.22.186.6#53(172.22.186.6)
;; WHEN: Mon Apr 11 14:43:53 2016
;; MSG SIZE rcvd: 171
for example.
Owen
More information about the NANOG
mailing list