Rookie

IPv6 reverse DNS *still* broken after nearly two years

[ Edited ]

A forum post nearly two years ago described this problem, Amazingly, it still hasn't been fixed.

 

At this point, one can only assume TW no longer has a viable ipv6 implementation and engineering team and will rely on Charter in the future.

 

Here's basic failure (which will result in long delays constantly or every 60s or so for recursive servers that negatively cache bad referrals).

 

; <<>> DiG <<>> -4 -x 2606:a000:4748:3909:20e:cff:fea8:6892
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 11527
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
 
;; QUESTION SECTION:
;2.9.8.6.8.a.e.f.f.f.c.0.e.0.2.0.9.0.9.3.8.4.7.4.0.0.0.a.6.0.6.2.ip6.arpa. IN PTR
 
;; Query time: 277 msec
;; SERVER: 192.168.70.10#53(192.168.70.10)
;; WHEN: Fri Jan 22 16:09:45 2016
;; MSG SIZE  rcvd: 90 

Here's a trace from the root servers to the authoritative RR servers:

 

; <<>> DiG <<>> @8.8.8.8 -4 +trace 2.9.8.6.8.a.e.f.f.f.c.0.e.0.2.0.9.0.9.3.8.4.7.4.0.0.0.a.6.0.6.2.ip6.arpa. IN PTR
; (1 server found)
;; global options: +cmd
.			2749	IN	NS	a.root-servers.net.
.			2749	IN	NS	b.root-servers.net.
.			2749	IN	NS	c.root-servers.net.
.			2749	IN	NS	d.root-servers.net.
.			2749	IN	NS	e.root-servers.net.
.			2749	IN	NS	f.root-servers.net.
.			2749	IN	NS	g.root-servers.net.
.			2749	IN	NS	h.root-servers.net.
.			2749	IN	NS	i.root-servers.net.
.			2749	IN	NS	j.root-servers.net.
.			2749	IN	NS	k.root-servers.net.
.			2749	IN	NS	l.root-servers.net.
.			2749	IN	NS	m.root-servers.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 28 ms

ip6.arpa.		172800	IN	NS	a.ip6-servers.arpa.
ip6.arpa.		172800	IN	NS	b.ip6-servers.arpa.
ip6.arpa.		172800	IN	NS	c.ip6-servers.arpa.
ip6.arpa.		172800	IN	NS	d.ip6-servers.arpa.
ip6.arpa.		172800	IN	NS	e.ip6-servers.arpa.
ip6.arpa.		172800	IN	NS	f.ip6-servers.arpa.
;; Received 462 bytes from 198.97.190.53#53(198.97.190.53) in 51 ms

0.0.0.a.6.0.6.2.ip6.arpa. 86400	IN	NS	dns3.rr.com.
0.0.0.a.6.0.6.2.ip6.arpa. 86400	IN	NS	dns5.rr.com.
0.0.0.a.6.0.6.2.ip6.arpa. 86400	IN	NS	dns2.rr.com.
0.0.0.a.6.0.6.2.ip6.arpa. 86400	IN	NS	dns6.rr.com.
0.0.0.a.6.0.6.2.ip6.arpa. 86400	IN	NS	dns1.rr.com.
;; Received 191 bytes from 202.12.29.59#53(202.12.29.59) in 295 ms

0.0.0.a.6.0.6.2.ip6.arpa. 36379	IN	NS	dns5.rr.com.
0.0.0.a.6.0.6.2.ip6.arpa. 36379	IN	NS	dns6.rr.com.
0.0.0.a.6.0.6.2.ip6.arpa. 36379	IN	NS	dns1.rr.com.
0.0.0.a.6.0.6.2.ip6.arpa. 36379	IN	NS	dns2.rr.com.
0.0.0.a.6.0.6.2.ip6.arpa. 36379	IN	NS	dns3.rr.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 271 bytes from 69.134.147.5#53(69.134.147.5) in 62 ms

0.0.0.a.6.0.6.2.ip6.arpa. 36379	IN	NS	dns2.rr.com.
0.0.0.a.6.0.6.2.ip6.arpa. 36379	IN	NS	dns6.rr.com.
0.0.0.a.6.0.6.2.ip6.arpa. 36379	IN	NS	dns1.rr.com.
0.0.0.a.6.0.6.2.ip6.arpa. 36379	IN	NS	dns5.rr.com.
0.0.0.a.6.0.6.2.ip6.arpa. 36379	IN	NS	dns3.rr.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 271 bytes from 69.134.147.5#53(69.134.147.5) in 62 ms

0.0.0.a.6.0.6.2.ip6.arpa. 36379	IN	NS	dns3.rr.com.
0.0.0.a.6.0.6.2.ip6.arpa. 36379	IN	NS	dns1.rr.com.
0.0.0.a.6.0.6.2.ip6.arpa. 36379	IN	NS	dns5.rr.com.
0.0.0.a.6.0.6.2.ip6.arpa. 36379	IN	NS	dns6.rr.com.
0.0.0.a.6.0.6.2.ip6.arpa. 36379	IN	NS	dns2.rr.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 271 bytes from 69.134.147.5#53(69.134.147.5) in 66 ms

.			511882	IN	NS	D.ROOT-SERVERS.NET.
.			511882	IN	NS	A.ROOT-SERVERS.NET.
.			511882	IN	NS	E.ROOT-SERVERS.NET.
.			511882	IN	NS	M.ROOT-SERVERS.NET.
.			511882	IN	NS	J.ROOT-SERVERS.NET.
.			511882	IN	NS	L.ROOT-SERVERS.NET.
.			511882	IN	NS	H.ROOT-SERVERS.NET.
.			511882	IN	NS	K.ROOT-SERVERS.NET.
.			511882	IN	NS	C.ROOT-SERVERS.NET.
.			511882	IN	NS	I.ROOT-SERVERS.NET.
.			511882	IN	NS	B.ROOT-SERVERS.NET.
.			511882	IN	NS	F.ROOT-SERVERS.NET.
.			511882	IN	NS	G.ROOT-SERVERS.NET.
;; BAD REFERRAL
;; Received 463 bytes from 69.134.147.7#53(69.134.147.7) in 60 ms

And finally, here's querying one of the supposedly authoritative RR servers directly for the ip6.arpa zone arin has delegated to TWC:

 

; <<>> DiG <<>> @dns1.rr.com +norecurse 0.0.0.a.6.0.6.2.ip6.arpa. SOA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27372
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 5

;; QUESTION SECTION:
;0.0.0.a.6.0.6.2.ip6.arpa.	IN	SOA

;; AUTHORITY SECTION:
0.0.0.a.6.0.6.2.ip6.arpa. 34893	IN	NS	dns5.rr.com.
0.0.0.a.6.0.6.2.ip6.arpa. 34893	IN	NS	dns3.rr.com.
0.0.0.a.6.0.6.2.ip6.arpa. 34893	IN	NS	dns1.rr.com.
0.0.0.a.6.0.6.2.ip6.arpa. 34893	IN	NS	dns2.rr.com.
0.0.0.a.6.0.6.2.ip6.arpa. 34893	IN	NS	dns6.rr.com.

;; ADDITIONAL SECTION:
dns1.rr.com.		14400	IN	A	69.134.7.5
dns2.rr.com.		14400	IN	A	69.134.147.5
dns3.rr.com.		14400	IN	A	69.134.7.6
dns5.rr.com.		14400	IN	A	69.134.7.7
dns6.rr.com.		14400	IN	A	69.134.147.7

;; Query time: 38 msec
;; SERVER: 69.134.7.5#53(69.134.7.5)
;; WHEN: Fri Jan 22 16:48:23 2016
;; MSG SIZE  rcvd: 223
15 REPLIES
Moderator

Re: IPv6 reverse DNS *still* broken after nearly two years

Sorry to hear about the IPv6 issues you are experiencing.  If you should still need assistance in getting this addressed, we can be reached a number of ways:

 

Email: TWCable.Help@twcable.com
Twitter: @TWC_Help
Facebook: https://www.facebook.com/messages/twc
Live chat: http://www.timewarnercable.com/en/support/contact-?us.html#
by phone 1-888-TWC-ABLE
Live chat via My TWC® App
or even request a callback via the My TWC® App


Thank you for your participation in the Forums!

 

Regards,
Jeremiah S.
TWC-Social Media Customer Care
Moderator - TWC Community Forums

Check out the community guidelines here
Rookie

Re: IPv6 reverse DNS *still* broken after nearly two years

Jeremiah, I appreciate your response and in the interest of good faith, I'll go ahead and forward this information to the support email address you indicated.

 

However, I want to make it clear that this is not in any way an issue specific to me or to any given TWC subscriber. It's an issue for "Time Warner Cable Internet LLC,US" ipv6 in entirety, or at least whatever TWC network topology publically routes traffic sourced from the 2606:a000::/32 prefix.

 

The root (and/or ARIN) nameservers are delegating all reverse dns for 2606:a000::/32 to dns1.rr.com, dns2.rr.com, dns3.rr.com, dns5.rr.com and dns6.rr.com however none of those servers (or server clusters, more likely) is returning authoritative responses. This causes most resolvers to continue trying other dnsX.rr.com queries looking for a valid referral.

 

In order for reverse DNS to function quickly, even when there are no actual PTR records, each delegated referral must return either (a) another more specific referral, (b) one or more records in the Answer section or (c) NXDOMAIN (which tells the querying resolver that they have reached an authoritative server for a zone but nothing in the zone matched the query -- and thus the resolver will immediately give up).

Expert

Re: IPv6 reverse DNS *still* broken after nearly two years

Is this a timeout issue?

All ipv6 dns traffic is passed extremely slowly and times out (10 to 30 seconds). It's routed to Witchita whereas IPv4 goes to a regional data center and gets a quick return usually under 3 seconds

.

Community Manager

Re: IPv6 reverse DNS *still* broken after nearly two years

Good morning.  We have been informed that this issue should be resolved.  If you still have concerns, please post them here.

 

Thanks

Spectrum-PhilB
Community Manager
Rookie

Re: IPv6 reverse DNS *still* broken after nearly two years

Thanks for the update. I'm happy to report that I'm now seeing NXDOMAIN responses for reverse ipv6 lookups! Smiley Happy

 

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46834
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;9.c.d.e.4.7.e.f.f.f.5.3.0.b.a.5.9.0.9.3.8.4.7.4.0.0.0.a.6.0.6.2.ip6.arpa. IN PTR

;; AUTHORITY SECTION:
0.0.0.a.6.0.6.2.ip6.arpa. 10735	IN	SOA	dns1.rr.com. dnsadmin.rr.com. 2000000000 10800 3600 604800 86400
Community Manager

Re: IPv6 reverse DNS *still* broken after nearly two years

Great!  Let us know if you have any other issues, and thank you for your patience! 

Spectrum-PhilB
Community Manager
Spectator

Re: IPv6 reverse DNS *still* broken after nearly two years

It's still broken here in San Diego:

 

dig -x 2606:6000:ce44:2d01:20c:29ff:fe41:5503 @dns1.rr.com

; <<>> DiG 9.9.5-3ubuntu0.7-Ubuntu <<>> -x 2606:6000:ce44:2d01:20c:29ff:fe41:5503 @dns1.rr.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57953
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;3.0.5.5.1.4.e.f.f.f.9.2.c.0.2.0.1.0.d.2.4.4.e.c.0.0.0.6.6.0.6.2.ip6.arpa. IN PTR

;; Query time: 249 msec
;; SERVER: 69.134.7.5#53(69.134.7.5)
;; WHEN: Sat Feb 27 11:28:25 PST 2016
;; MSG SIZE rcvd: 101

Seasoned Contributor

Re: IPv6 reverse DNS *still* broken after nearly two years

[ Edited ]

TWC-PhilB wrote:

Great!  Let us know if you have any other issues, and thank you for your patience! 


The problem is not completely resolved.  It's not regional it just depends on what address you try to resolve.  Will more progress be made on this?

Community Manager

Re: IPv6 reverse DNS *still* broken after nearly two years


bodosom wrote:
The problem is not completely resolved.  It's not regional it just depends on what address you try to resolve.  Will more progress be made on this?

Could you post some examples?  Or, if you prefer, email them to me at phil.blum@twcable.com?

Spectrum-PhilB
Community Manager