Phil, I'm embarrassed that I didn't check that file earlier. Yes, those four DNS resolvers sitting behind the load-balancer use 96.31.0.20:
mail1:~# dig -t txt o-o.myaddr.l.google.com +short "96.31.0.20" mail1:~# It's been many moons since that backlist has been brought up, and when I opened a "ticket" with Google regarding the issue their own staff didn't say anything about that blacklist. And when those four resolvers did get the AAAA I assumed the issue was resolved. But I just checked now and they're not resolving again. I will revisit that "ticket". At a minimum, I wish one could request de-listing from Google's AAAA blacklist. Frank -----Original Message----- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Phil Mayers Sent: Monday, January 05, 2015 5:52 AM To: bind-users@lists.isc.org Subject: Re: Unable to get AAAA for www.revk.uk from some of our servers On 24/12/14 17:08, Frank Bulk wrote: > Except queries from 96.31.0.5 and 199.120.69.24 reliably return the AAAA > while queries from 96.31.0.20 do not. And we're all the same ISP, and in > the one case, from the same /24. I don't think Google is that granular. And > we do have good IPv6 connectivity. Yes, Google are that granular. See: http://www.google.com/intl/en_ALL/ipv6/statistics/data/no_aaaa.txt ...which currently lists: 96.31.0.20/32 # AS53347 United States 96.31.0.31/32 # AS53347 United States Google have been, AFAICT, silent on the specifics of how they generate their blacklisting. Presumably it's the fairly standard approach of correlating a web-bug to a unique hostname embedded in the google search page, received http requests, and received DNS queries. Google undoubtedly then do some stats magic - that is their thing, after all - and down-score resolvers which make the AAAA query but whose clients don't finish the HTTP request, above some threshold. We had persistent problems in the past with our resolvers appearing in the Google blacklist, despite having excellent IPv6 connectivity. Google were unwilling to provide us any details that would have allowed us to identify the cause(s). We eventually stopped paying any attention to it, and the problem went away by itself. Possibly there are one or more clients with broken IPv6 using your resolvers, but without Google specifying the criteria which gets a resolver blacklisted, it's hard to know. Frankly, I wish Google would ditch the AAAA blacklist. It is hiding problems that responsible operators would like to see and fix, just so that Google don't lose eyeballs (and ad revenue) :o/ _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
