DNS A records from google DNS server not consistent
Shadow Hawkins on Monday, 09 March 2015 20:09:58
Hi,
I'm having SiXXS / DNS resolution problem. I'm using SiXXS to create an IPv6 tunnel over my ISP that is IPv4 only. I'm using Google DNS servers on IPv4 and IPv6. IPv4 is NATed, and IPv6 is built on a Ubuntu server behind the NAT. On a windows PC inside my home network, a browser queries a DNS resolution for support.apple.com over IPv6, and receives from 2001:4860:4860::8888 (Google IPv6 DNS) as response an A record (no IPv6 support, AAAA has no address) with the address: 23.196.234.23. This is an Akamai CDN address, and Google DNS responds with the tunnel endpoint "best" address to reach the Akamai CDN. But this address is by far not the best for me, as it reflects the "best" for my tunnel endpoint provider. It is around 200ms far away, 50% packet loss. From a Linux server inside my home network using Google IPv4 8.8.8.8 DNS server, the whole procedure is IPv4 only, meaning, that the query is not going via SiXXS. In this case I get as an answer 2.19.56.63 for support.apple.com, with 30ms and no packet loss. Any idea how to fix this? All CDN providers that have IPv4 content should experience the same. Changing: Google, Microsoft, Apple, Akamai and two ISPs, wow that's a challenge.
DNS A records from google DNS server not consistent
Jeroen Massar on Monday, 09 March 2015 20:51:16 IPv6 is built on a Ubuntu server behind the NAT.
You mean "An IPv6 tunnel is terminated on a Ubuntu...."
But this address is by far not the best for me, as it reflects the "best" for my tunnel endpoint provider.
There is nothing that can be done about these kind of situations.
GeoDNS and such distributed setups are pure magic, and if you do a tunnel or VPN then things fail.
It is around 200ms far away, 50% packet loss.
50% packet loss is quite a bit. You might want to debug that path.
Any idea how to fix this?
You could use IPv4-only DNS servers. Then they focus on your IPv4?
Instead of using Google Public DNS, it is typically also better to either use your own DNS recursor or those of your ISP.
All CDN providers that have IPv4 content should experience the same. Changing: Google, Microsoft, Apple, Akamai and two ISPs, wow that's a challenge.
They will not change anything for your setup, which they will consider a "Hacky VPN".
Your better bet: get native IPv6.
See also: What about geolocation?
Posting is only allowed when you are logged in. |