Two thirds of DNS queries for IPv6 hosts sent to Chinese resolvers fail, researchers find
Network boffins can't say why, suggest not using the worst providers
China's DNS resolvers fail two thirds of the time when handling queries for IPv6 addresses, and botch one in eight queries for IPv4, according to a group of Chinese academics.
As explained in a paper titled "A deep dive into DNS behavior and query failures" and summarized in a blog post at APNIC (the Asia Pacific's regional internet address registry), the authors worked with log files describing 2.8 billion anonymized DNS queries processed at Chinese ISPs.
Among the paper's findings:
- 86.2 percent of queries were for A records – the record for a resource with an IPv4 address;
- 10.4 percent were for AAAA records that point to resources with an IPv6 address;
- 93.1 percent of queries for A records succeeded;
- 35.8 percent of requests for AAAA records succeeded.
The researchers – led by professor Zhenyu Li and Donghui Yang, both from the Institute of Computing Technology at the Chinese Academy of Sciences – suggest the reason for the low success rate of AAAA record queries is poor performance by some Chinese players.
One outfit, 114DNS, succeeded with just 14.5 percent of AAAA queries. Alibaba Group's AliDNS succeeded 54.3 percent of the time – more than Google or Cisco’s OpenDNS, which were found to resolve 43.4 percent and 49.2 percent of AAAA queries respectively.
A fifth of DNS resolvers never succeed at handling IPv6 AAAA queries.
"Overall, A and MX queries are successfully resolved most frequently, while AAAA and PTR manifest lower success rates," the summary reads. "Specifically, the failure rate of AAAA queries is surprisingly over 64.2 percent — two out of three AAAA queries failed."
- Apple network traffic takes mysterious detour through Russia
- How legacy IPv6 addresses can spoil your network privacy
- Cloudflare explains how it managed to break the internet
"We also found the success rates for new generic Top-Level Domains (gTLDs) and Internationalized Domain Names (IDNs) were lower than that of well-established domains, primarily because of the prevalence of malicious domains," wrote professor Li.
However the researchers did not identity why DNS resolution rates are so low, especially for AAAA queries. Nor do they mention what the poor IPv6 resolution rates mean for China's plans for mass adoption of IPv6 by 2030.
The blog post recommends users adopt "a larger negative caching time-to-live for AAAA records associated with domains that only map to IPv4 addresses reliably." Checking DNS resolvers' success rates is also suggested ahead of making a choice of DNS provider. ®
In other DNS-related news, Cisco's OpenDNS service today wobbled for a few hours in North America.
WeWork offices, wherein some of our vultures toil, experienced network problems, as did at least one university. We've also heard reports that the incident impacted email security guardian Spamhaus.
UIT Vendor Update: Mitigation steps have been taken to address network issues, but the root issue with the OpenDNS vendor are still occurring. You may continue to experience issues as the vendor works to resolve this permanently.— MSU IT Alerts (@MSU_IT_Alerts) August 17, 2022
The issue was resolved without Cisco offering any explanation for the incident.