Maintained by: NLnet Labs

[Unbound-users] Can't resolve m.facebook.com

Olafur Gudmundsson
Sat Feb 11 19:41:58 CET 2012


On 10/02/2012 08:54, W.C.A. Wijngaards wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Stephane,
>
> On 02/10/2012 02:42 PM, Stephane Bortzmeyer wrote:
>> On Thu, Feb 09, 2012 at 08:29:42AM +0100,
>>   Attila Nagy<bra at fsn.hu>  wrote
>>   a message of 269 lines which said:
>>
>>> It seems the problem is that facebook DNS servers time out on AAAA
>>> records, so unbound gets the false assumption that they are
>>> unavailable.
>>
>> I would say "unbound gets the correct assumption that they are
>> out-of-order".
>>
>> http://status.aa.net.uk/apost.cgi?incident=1392
>
> An update to looking at unbound's code.  The log excerpt previously has
> some code-paths printed out that are impossible; from the code this
> output should not be possible.  That indicates trouble at compiletime;
> however, there is no resolution on this.
>
> Additionally, in unbound's svn trunk, there is a patch that unlinks A,
> AAAA, and other-type timeouts.  Thus if AAAA lookups timeout, then A
> lookups will still cause a query to be sent out.  (up to a small limit,
> enough to catch these cases as working, but very small for the qps to
> actual offline servers).
>

Given that the load-balancer in question in non DNS compliant why do 
extra work to work around the brokeness.
If enough resolvers say broken the load-balancer will get fixed.

	Olafur (who has been arguing this now for 10 years, and we still have 
broken load balancers because resolvers are too accomodating)