Thanks, Mark. When I queried for the AAAA of ghs.l.google.com from ns[1-4].google.com the Google servers reported they don't do recursive queries. Which Google namserver does in fact carry the authoritative records for ghs.l.google.com?
On a side note, I thought that Google's DNS servers were dual-stacked, but that does not seem to be the case. None of the ns[1-4].google.com servers return an AAAA for me. When I query the IPv6 interface of our recursive DNS servers using "dig AAAA ghs.l.google.com +trace @[IPv6_address]" they all return "connection timed out; no servers could be reached. Here's an example: ============================================ DNS server: 2607:fe28:0:1000::8 ; <<>> DiG 9.7.3 <<>> -6 AAAA ghs.l.google.com +trace @2607:fe28:0:1000::8 ;; global options: +cmd . 420917 IN NS c.root-servers.net. . 420917 IN NS k.root-servers.net. . 420917 IN NS f.root-servers.net. . 420917 IN NS b.root-servers.net. . 420917 IN NS g.root-servers.net. . 420917 IN NS a.root-servers.net. . 420917 IN NS d.root-servers.net. . 420917 IN NS j.root-servers.net. . 420917 IN NS i.root-servers.net. . 420917 IN NS h.root-servers.net. . 420917 IN NS l.root-servers.net. . 420917 IN NS e.root-servers.net. . 420917 IN NS m.root-servers.net. ;; Received 496 bytes from 2607:fe28:0:1000::8#53(2607:fe28:0:1000::8) in 0 ms com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. ;; Received 506 bytes from 2001:7fe::53#53(i.root-servers.net) in 113 ms google.com. 172800 IN NS ns2.google.com. google.com. 172800 IN NS ns1.google.com. google.com. 172800 IN NS ns3.google.com. google.com. 172800 IN NS ns4.google.com. ;; Received 170 bytes from 2001:503:a83e::2:30#53(a.gtld-servers.net) in 150 ms ;; connection timed out; no servers could be reached ============================================ -----Original Message----- From: Mark Andrews [mailto:[email protected]] Sent: Tuesday, December 23, 2014 6:01 PM To: Frank Bulk Cc: [email protected] Subject: Re: Unable to get AAAA for www.revk.uk from some of our servers In message <[email protected]>, "Frank Bulk" writes: > I dumped the database of one failing server and found this entry: > > ; authauthority > ghs.l.google.com. 331 \-AAAA ;-$NXRRSET > ; l.google.com. SOA ns4.google.com. dns-admin.google.com. 1577084 900 900 > 1800 60 > ; authanswer > 289 A 74.125.201.121 > ; > > What does the "\-AAAA ;-$NXRRSET" mean? It means that there is a negative cache entry for AAAA lookup. The SOA record that will be returned is in the comment. For responses from signed zones you will also see NSEC / NSEC3 records in the comments as well as RRSIG. NXRRSET (No Such RRset). NXDOMAIN (No Such Domain). > Working server shows this in the dump: > ; authanswer > ghs.l.google.com. 287 AAAA 2607:f8b0:4001:c08::79 > ; > > Regards, > > Frank Bulk -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users

