Google DNS Oddity

Fri Sep 6 20:08:19 UTC 2019

Unable to replicate this in London:

```
; <<>> DiG 9.11.5-P1-1ubuntu2.5-Ubuntu <<>> @ns1.google.com. www.google.com. aaaa
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61970
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.google.com. IN AAAA
;; ANSWER SECTION:
www.google.com. 300 IN AAAA 2a00:1450:4009:80d::2004
```

going by the latency, ns1.google.com (https://link.getmailspring.com/link/[email protected]/0?redirect=ns1.google.com&recipient=bmFub2dAbmFub2cub3Jn) travels to NL from our UK PoPs though:
```
Host Loss% Snt Last Avg Best Wrst StDev
1. ???
2. ???
3. ae26-0.ebr01.lon3.uk.globalone 0.0% 13 2.1 6.2 1.0 45.7 12.9
4. 2001:7f8:4::3b41:1 0.0% 13 0.7 0.8 0.6 1.7 0.4
5. 2001:4860:0:1101::10 0.0% 13 0.7 2.7 0.7 14.2 4.2
6. 2001:4860::c:4000:cf5b 0.0% 13 1.8 2.1 1.5 4.0 0.7
7. 2001:4860::8:4000:d325 0.0% 13 8.6 7.3 6.6 9.5 0.9
8. 2001:4860::22:4001:70b 0.0% 13 6.4 9.5 6.4 36.9 8.3
9. 2001:4860:0:1::be7 23.1% 13 7.3 7.5 7.3 7.7 0.1
10. ???
11. ???
12. ???
13. ???
14. ???
15. ???
16. ???
17. ???
18. ???
19. ns1.google.com 0.0% 12 6.4 6.4 6.3 6.5 0.0
```
On Sep. 6 2019, at 9:49 pm, Stephen Stuart <stuart at tech.org> wrote:
> Do you see the same behavior when you execute your dig query without
> the trailing dot?
>
> Thanks,
> Stephen
>
> > > On Sep 6, 2019, at 3:11 PM, Chip Marshall via NANOG <nanog at nanog.org> wrote:
> > > Hello, I'm seeing an oddity when doing DNS lookups for www.google.com from our
> > > London datacenter, and I'm curious if other people are seeing the same
> > > behavior.
> > >
> > > It appears that when we ask for www.google.com. we sometimes get an answer
> > > that only contains records for www-anycast.google.com., which our resolver
> > > ignores as they don't match the query.
> > >
> > > As seen with dig:
> > > ```
> > > # dig @ns1.google.com. www.google.com. aaaa
> > >
> > > ; <<>> DiG 9.10.3-P4-Ubuntu <<>> @ns1.google.com. www.google.com. aaaa
> > > ; (2 servers found)
> > > ;; global options: +cmd
> > > ;; Got answer:
> > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42641
> > > ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
> > > ;; WARNING: recursion requested but not available
> > >
> > > ;; OPT PSEUDOSECTION:
> > > ; EDNS: version: 0, flags:; udp: 512
> > > ;; QUESTION SECTION:
> > > ;www.google.com. IN AAAA
> > >
> > > ;; ANSWER SECTION:
> > > www-anycast.google.com. 300 IN AAAA 2001:4860:4802:34::75
> > > www-anycast.google.com. 300 IN AAAA 2001:4860:4802:38::75
> > > www-anycast.google.com. 300 IN AAAA 2001:4860:4802:36::75
> > > www-anycast.google.com. 300 IN AAAA 2001:4860:4802:32::75
> > >
> > > ;; Query time: 7 msec
> > > ;; SERVER: 216.239.32.10#53(216.239.32.10)
> > > ;; WHEN: Fri Sep 06 19:05:32 UTC 2019
> > > ;; MSG SIZE rcvd: 167
> > > ```
> > >
> > > So far I've observed this with A and AAAA queries. It's my understanding that
> > > without a CNAME record in the answer, the resolver is doing the right thing by
> > > ignoring the answer, as there's no linkage between www and www-anycast.
> > >
> > > Is this broken, or is this just some weird DNS trick I've not come across
> > > before?
> >
> >
> > You may want to post on dns-operations instead.
> > Can you do a dig +trace www.google.com instead, that would be more instructive about whatт€™s happening at each layer o
> f the delegation.
> >
> > - Jared
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190906/56982c47/attachment.html>