Most IPv6 DNS queries sent to Chinese resolvers fail • The Register

According to a group of Chinese academics, Chinese DNS resolvers fail two-thirds of the time when processing queries for IPv6 addresses and botch one in eight queries for IPv4.

As explained in a paper titled “A Deep Dive into DNS Behavior and Query Failures” and abstract in a blog post on APNIC (the Asia-Pacific Regional Internet Address Registry), the authors worked with log files describing 2.8 billion anonymized DNS queries processed at Chinese ISPs.

Among the conclusions of the article:

  • 86.2% of requests were for A records – the record of a resource with an IPv4 address;
  • 10.4% were for AAAA records pointing to resources with an IPv6 address;
  • 93.1% of requests for A records were successful;
  • 35.8% of AAAA registration requests were successful.

The researchers – led by Professor Zhenyu Li and Donghui Yang, both from the Chinese Academy of Sciences’ Institute of Computing Technology – suggest that the reason for the low success rate of AAAA registration queries is the poor performance of some Chinese actors.

One outfit, 114DNS, succeeded with only 14.5% of AAAA requests. Alibaba Group’s AliDNS succeeded 54.3% of the time, more than Google or Cisco’s OpenDNS, which resolved 43.4% and 49.2% of AAAA queries, respectively.

A fifth of DNS resolvers never successfully handle IPv6 AAAA requests.

“Overall, A and MX queries are successfully resolved most often, while AAAA and PTR have lower success rates,” the summary says. “Specifically, the failure rate for AAAA requests is an astonishingly higher 64.2% – two out of three AAAA requests fail.”

“We also found that the success rates of new generic top-level domains (gTLDs) and internationalized domain names (IDNs) were lower than those of well-established domains, primarily due to the prevalence of malicious domains,” said writes Professor Li.

However, researchers have not identified why DNS resolve rates are so low, especially for AAAA queries. They also don’t mention what low IPv6 resolution rates mean for China’s plans for mass IPv6 adoption by 2030.

The blog post recommends users adopt “a larger negative caching lifetime for AAAA records associated with domains that only reliably match IPv4 addresses.” It is also suggested to check the success rates of DNS resolvers before choosing a DNS provider. ®

OpenDNS mess

In other DNS-related news, Cisco’s OpenDNS service faltered for a few hours in North America today.

The WeWork offices, where some of our vultures work, have experienced network issues, as has at least one university. We’ve also heard reports that the incident impacted email security guard Spamhaus.

The issue has been resolved without Cisco offering an explanation for the incident.

Previous What is an SPF record in DNS?
Next Embracer Group acquires Hobbit, Lord of the Rings IPs and more