• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Will we still need to forward Google queries after World IPv6 Launch?

Started by rchandra, June 05, 2012, 10:32:19 AM

Previous topic - Next topic

rchandra

I have BIND9 set up on my (Linux) router such that a number of Google properties (google.com, blogspot.com, blogger.com, youtube.com, etc.) as forwarded zones to HE's nameservers (this is the only way one will get AAAA responses, as HE are a Google partner for that).  I'm thinking of removing some of those forward zone declarations tomorrow, which is World IPv6 Launch http://www.worldipv6day.org/.  I'm just wondering if the Google folks have said anything about your arrangement of providing AAAA responses.

I'm kind of excited that at least some of the major Internet participants are making a commitment to IPv6 deployment.

kasperd

If I understand your question correctly, you are running your own recursive nameserver. But for Google domain names you are not letting your own nameserver recurse, but instead forward the queries to HE because their nameserver is on the whitelist.

In that case you should no longer need such forwarding after tomorrow. Google have promised to hand out AAAA records to everybody.

There is still the question about how you get optimal load-balancing behaviour. If you use any random nameserver that can give you AAAA records for Google, you are not going to get good performance, as those are load-balanced for the nameserver in question. The only reason such a method works at all, is that usually users of a nameserver are located in proximity with the nameserver and thus also in proximity with each other. Thus users of the same nameserver can be directed to the same datacenter and get good roundtrip times. If you use a nameserver far away from your own computer, this will no longer work. But in your case you are talking about a nameserver that only serves your own network. All the clients of that nameserver will be using the same tunnel for IPv6 connectivity, and all of them will be using the same Internet connection for IPv4 connectivity. Thus Google should be able to figure out what are good responses to provide to your nameserver, which will be suitable for all the clients using that nameserver. In other words, you don't need to worry about load-balancing in your setup.

The queries from your nameserver to the Google authoritative servers will still go over IPv4. Google do not provide AAAA records for their authoritative DNS servers. It will be interesting to see when they will start supporting that. It was only a couple of months ago that Google's public DNS resolvers finally got IPv6 support. They can now send queries over IPv6 to authoritative DNS servers.

This was a quite long answer in order to explain why everything should be very simple for you. Putting your DNS server back to the old configuration without forwarding should just work.

rchandra

nonono....not too long at all.  Thanks for the response.  You're still way under the TMI point for me.  The more data we have, the better informed decisions we can make w/r/t configuration.

Yes, you understood that quite right, I'm running a recursive NS for my network, with the (ICANN) root hints, and forwarding only certain queries to HE for recursive resolution.

I had forgotten that they do some response optimization based on the source IP address in order for my network's clients to contact potentially closer servers, network-wise.  It does have implications.  Since my v6 tunnel exits through the HE network, it may be advantageous to continue to recurse the Google queries through HE's DNS.  I'll just have to try it both ways for a while each, and see if there is much difference.  What'll be more normal is if Time-Warner ever gets their act in gear and starts handing out customer v6 addresses, and as you say, Google starts allowing resolution using v6.

kasperd

Quote from: rchandra on June 05, 2012, 06:12:19 PMIt does have implications.  Since my v6 tunnel exits through the HE network, it may be advantageous to continue to recurse the Google queries through HE's DNS.
Google should be able to figure out that whenever they send a AAAA record to the DNS server on your IPv4 address, that they get an IPv6 query through HE.

Quote from: rchandra on June 05, 2012, 06:12:19 PMI'll just have to try it both ways for a while each, and see if there is much difference.
One way to go about that is as follows. Run your DNS server without the forwarding for a week, and use it for your actual access to Google. Once per day try to do a AAAA lookup of the same Google domain using both your own resolver and the HE resolver. Ping each of the two IPs that you got to see which has the shortest roundtrip time.

If Google figured things out correctly, you should find that the IPv6 address you got using your own resolver gives a roundtrip time that is at least as fast as what you got using the HE resolver. If you got the exact same IPv6 address using both resolvers, then probably that is the optimal one, and Google managed to give a good reply to both DNS servers.

matth1187

from an ipv4 only machine  ;D ;D

C:\Windows\System32>nslookup
Default Server:  google-public-dns-a.google.com
Address:  8.8.8.8

> google.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    google.com
Addresses:  2001:4860:800a::64
         74.125.139.101
         74.125.139.113
         74.125.139.102
         74.125.139.138
         74.125.139.139
         74.125.139.100

>



EDIT - i probably shouldnt have used a google public DNS to show that LOL

> google.com
Server:  dns-comm-cac-lb-01.tampflrdc.rr.com
Address:  65.32.1.65

Non-authoritative answer:
Name:    google.com
Addresses:  2607:f8b0:4002:801::1007
          173.194.37.35
          173.194.37.36
          173.194.37.37
          173.194.37.38
          173.194.37.39
          173.194.37.40
          173.194.37.41
          173.194.37.46
          173.194.37.32
          173.194.37.33
          173.194.37.34

>







matth1187

this is interesting

> youtube.com
Server:  dns-comm-cac-lb-01.tampflrdc.rr.com
Address:  65.32.1.65

DNS request timed out.
    timeout was 2 seconds.
Name:    youtube.com
Address:  2001:4860:800a::5d

> www.youtube.com
Server:  dns-comm-cac-lb-01.tampflrdc.rr.com
Address:  65.32.1.65

Non-authoritative answer:
DNS request timed out.
    timeout was 2 seconds.
Name:    youtube-ui.l.google.com
Addresses:  173.194.37.35
          173.194.37.36
          173.194.37.37
          173.194.37.38
          173.194.37.39
          173.194.37.40
          173.194.37.41
          173.194.37.46
          173.194.37.32
          173.194.37.33
          173.194.37.34
Aliases:  www.youtube.com

>







cholzhauer

You may want to have a talk with where ever you're getting DNS from



[carl@ipv6router ~]$ host youtube.com
youtube.com has address 74.125.225.102
youtube.com has address 74.125.225.103
youtube.com has address 74.125.225.104
youtube.com has address 74.125.225.105
youtube.com has address 74.125.225.110
youtube.com has address 74.125.225.96
youtube.com has address 74.125.225.97
youtube.com has address 74.125.225.98
youtube.com has address 74.125.225.99
youtube.com has address 74.125.225.100
youtube.com has address 74.125.225.101
youtube.com has IPv6 address 2001:4860:b007::88
youtube.com mail is handled by 50 alt4.aspmx.l.google.com.
youtube.com mail is handled by 10 aspmx.l.google.com.
youtube.com mail is handled by 20 alt1.aspmx.l.google.com.
youtube.com mail is handled by 30 alt2.aspmx.l.google.com.
youtube.com mail is handled by 40 alt3.aspmx.l.google.com.

[carl@ipv6router ~]$ host www.youtube.com
www.youtube.com is an alias for youtube-ui.l.google.com.
youtube-ui.l.google.com has address 74.125.225.100
youtube-ui.l.google.com has address 74.125.225.101
youtube-ui.l.google.com has address 74.125.225.102
youtube-ui.l.google.com has address 74.125.225.103
youtube-ui.l.google.com has address 74.125.225.104
youtube-ui.l.google.com has address 74.125.225.105
youtube-ui.l.google.com has address 74.125.225.110
youtube-ui.l.google.com has address 74.125.225.96
youtube-ui.l.google.com has address 74.125.225.97
youtube-ui.l.google.com has address 74.125.225.98
youtube-ui.l.google.com has address 74.125.225.99
youtube-ui.l.google.com has IPv6 address 2001:4860:b007::5d

rchandra

It will take some time before caches' TTLs expire.  Also, some programs (and even system resolvers) will choose to resolve things in a certain order.  Take the host command on my system for example.  It will fetch and display A, AAAA, and MX records by default:

4 11:09:39 rchandra@sal9000:~ 0> host -v www.youtube.com
Trying "www.youtube.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13478
;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;www.youtube.com.               IN      A

;; ANSWER SECTION:
www.youtube.com.        86400   IN      CNAME   youtube-ui.l.google.com.
youtube-ui.l.google.com. 300    IN      A       173.194.43.9
youtube-ui.l.google.com. 300    IN      A       173.194.43.14
youtube-ui.l.google.com. 300    IN      A       173.194.43.0
youtube-ui.l.google.com. 300    IN      A       173.194.43.1
youtube-ui.l.google.com. 300    IN      A       173.194.43.2
youtube-ui.l.google.com. 300    IN      A       173.194.43.3
youtube-ui.l.google.com. 300    IN      A       173.194.43.4
youtube-ui.l.google.com. 300    IN      A       173.194.43.5
youtube-ui.l.google.com. 300    IN      A       173.194.43.6
youtube-ui.l.google.com. 300    IN      A       173.194.43.7
youtube-ui.l.google.com. 300    IN      A       173.194.43.8

;; AUTHORITY SECTION:
google.com.             172186  IN      NS      ns2.google.com.
google.com.             172186  IN      NS      ns3.google.com.
google.com.             172186  IN      NS      ns4.google.com.
google.com.             172186  IN      NS      ns1.google.com.

Received 315 bytes from 2001:470:e107:2001::21#53 in 199 ms
Trying "youtube-ui.l.google.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52138
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;youtube-ui.l.google.com.       IN      AAAA

;; ANSWER SECTION:
youtube-ui.l.google.com. 300    IN      AAAA    2001:4860:800a::5b

;; AUTHORITY SECTION:
google.com.             172186  IN      NS      ns1.google.com.
google.com.             172186  IN      NS      ns2.google.com.
google.com.             172186  IN      NS      ns3.google.com.
google.com.             172186  IN      NS      ns4.google.com.

Received 141 bytes from 2001:470:e107:2001::21#53 in 60 ms
Trying "youtube-ui.l.google.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39651
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;youtube-ui.l.google.com.       IN      MX

;; AUTHORITY SECTION:
l.google.com.           15      IN      SOA     ns1.google.com. dns-admin.google.com. 1487772 900 900 1800 60

Received 91 bytes from 2001:470:e107:2001::21#53 in 78 ms
4 11:09:46 rchandra@sal9000:~ 0>


It is a little weird that there is that discrepancy though.  As you can see though, I happened to have gotten an AAAA reply for www.youtube.com.

broquea