Mailing List Archive: problem with www.xbox.com / akamai

problem with www.xbox.com / akamai

Jun 14, 2014, 9:49 AM

Post #1 of 6 (4550 views)

This is a little suspect to me:

(from Deutsche Telekom)

thomas@eee-box:~> ping6 www.xbox.com
unknown host
thomas@eee-box:~> host www.xbox.com
www.xbox.com is an alias for www.gtm.xbox.com.
www.gtm.xbox.com is an alias for wildcard.xbox.com-c.edgekey.net.
wildcard.xbox.com-c.edgekey.net is an alias for wildcard.xbox.com-c.edgekey.net.globalredir.akadns.net.
wildcard.xbox.com-c.edgekey.net.globalredir.akadns.net is an alias for e2820.dspb.akamaiedge.net.
e2820.dspb.akamaiedge.net has address 92.122.27.141
e2820.dspb.akamaiedge.net has IPv6 address 2a02:26f0:3:181::b04
e2820.dspb.akamaiedge.net has IPv6 address 2a02:26f0:3:186::b04
e2820.dspb.akamaiedge.net has IPv6 address 2a02:26f0:3:185::b04
thomas@eee-box:~>

the same at a different site:

(from LRZ/DFN)

thomas@diener:~> host www.xbox.com
www.xbox.com is an alias for www.gtm.xbox.com.
www.gtm.xbox.com is an alias for wildcard.xbox.com-c.edgekey.net.
wildcard.xbox.com-c.edgekey.net is an alias for wildcard.xbox.com-c.edgekey.net.globalredir.akadns.net.
wildcard.xbox.com-c.edgekey.net.globalredir.akadns.net is an alias for e2820.dspb.akamaiedge.net.
e2820.dspb.akamaiedge.net has address 23.9.212.150
e2820.dspb.akamaiedge.net has IPv6 address 2a02:26f0:3:185::b04
e2820.dspb.akamaiedge.net has IPv6 address 2a02:26f0:3:183::b04
e2820.dspb.akamaiedge.net has IPv6 address 2a02:26f0:3:186::b04
thomas@diener:~> ping6 www.xbox.com
unknown host
thomas@diener

But sometimes it works.

Is it an resolver-problem, or is the network not stable, or is it PEBKAC?

Can anybody confirm this problem, or suggest a better test?

Thomas

Re: problem with www.xbox.com / akamai [ In reply to ]

dougb at dougbarton

Jun 14, 2014, 10:02 AM

Post #2 of 6 (4496 views)

It's not just you, I'm experiencing the same from both a FreeBSD and an
Ubuntu host on dramatically different networks (one in LA, one in
Omaha). What's more interesting to me is that 'ping www.xbox.com' works,
as does 'ping6 www.yahoo.com' which has just as many CNAMEs in its chain
(albeit they are not going to Akamai).

weird,

Doug

On 06/14/2014 11:49 AM, Thomas Schäfer wrote:
> This is a little suspect to me:
>
> (from Deutsche Telekom)
>
> thomas@eee-box:~> ping6 www.xbox.com
> unknown host
> thomas@eee-box:~> host www.xbox.com
> www.xbox.com is an alias for www.gtm.xbox.com.
> www.gtm.xbox.com is an alias for wildcard.xbox.com-c.edgekey.net.
> wildcard.xbox.com-c.edgekey.net is an alias for wildcard.xbox.com-c.edgekey.net.globalredir.akadns.net.
> wildcard.xbox.com-c.edgekey.net.globalredir.akadns.net is an alias for e2820.dspb.akamaiedge.net.
> e2820.dspb.akamaiedge.net has address 92.122.27.141
> e2820.dspb.akamaiedge.net has IPv6 address 2a02:26f0:3:181::b04
> e2820.dspb.akamaiedge.net has IPv6 address 2a02:26f0:3:186::b04
> e2820.dspb.akamaiedge.net has IPv6 address 2a02:26f0:3:185::b04
> thomas@eee-box:~>
>
> the same at a different site:
>
> (from LRZ/DFN)
>
> thomas@diener:~> host www.xbox.com
> www.xbox.com is an alias for www.gtm.xbox.com.
> www.gtm.xbox.com is an alias for wildcard.xbox.com-c.edgekey.net.
> wildcard.xbox.com-c.edgekey.net is an alias for wildcard.xbox.com-c.edgekey.net.globalredir.akadns.net.
> wildcard.xbox.com-c.edgekey.net.globalredir.akadns.net is an alias for e2820.dspb.akamaiedge.net.
> e2820.dspb.akamaiedge.net has address 23.9.212.150
> e2820.dspb.akamaiedge.net has IPv6 address 2a02:26f0:3:185::b04
> e2820.dspb.akamaiedge.net has IPv6 address 2a02:26f0:3:183::b04
> e2820.dspb.akamaiedge.net has IPv6 address 2a02:26f0:3:186::b04
> thomas@diener:~> ping6 www.xbox.com
> unknown host
> thomas@diener
>
> But sometimes it works.
>
> Is it an resolver-problem, or is the network not stable, or is it PEBKAC?
>
> Can anybody confirm this problem, or suggest a better test?
>
> Thomas
>
>

Re: problem with www.xbox.com / akamai [ In reply to ]

niels=cluenet at bakker

Jun 14, 2014, 10:07 AM

Post #3 of 6 (4481 views)

* thomas@cis.uni-muenchen.de (Thomas Schäfer) [Sat 14 Jun 2014, 18:50 CEST]:
>thomas@diener:~> host www.xbox.com
[...]

>thomas@diener:~> ping6 www.xbox.com
>unknown host
>thomas@diener
>
>But sometimes it works.
>
>Is it an resolver-problem, or is the network not stable, or is it PEBKAC?

This is a problem with Microsoft's loadbalancing nameserver
implementation, it seems. They return CNAME when asked for A but no
CNAME when asked for AAAA.

The chain is as follows:

www.xbox.com -> ns[1-6].msft.net say CNAME for www.gtm.xbox.com ->
ns*-*.gtm.xbox.com respond with empty in case of AAAA and CNAME
wildcard.xbox.com-c.edgekey.net when queried for A.

You see this working sometimes because if you asked first for A then
your resolver will know the CNAME and while the TTL of 30 seconds
hasn't yet expired it will know where to ask for AAAA records (Akamai).

>Can anybody confirm this problem, or suggest a better test?

Talk to Microsoft, their GLSB code is out of spec. And it will break
visiting xbox.com for all dual-stacked hosts, and for everybody else
in the next 300 seconds, if the cache was empty!

I'm Cc'ing Mehmet who knows something (heh) about DNS and is with
Microsoft.

-- Niels.

--
"It's amazing what people will do to get their name on the internet,
which is odd, because all you really need is a Blogspot account."
-- roy edroso, alicublog.blogspot.com

Re: problem with www.xbox.com / akamai [ In reply to ]

niels=cluenet at bakker

Jun 14, 2014, 10:12 AM

Post #4 of 6 (4487 views)

* dougb@dougbarton.us (Doug Barton) [Sat 14 Jun 2014, 19:03 CEST]:
>It's not just you, I'm experiencing the same from both a FreeBSD and
>an Ubuntu host on dramatically different networks (one in LA, one in
>Omaha). What's more interesting to me is that 'ping www.xbox.com'
>works, as does 'ping6 www.yahoo.com' which has just as many CNAMEs
>in its chain (albeit they are not going to Akamai).

The problem isn't the amount of CNAMEs, the problem is Microsoft's
broken nameserver implementation.

Compare 'dig +trace a www.xbox.com' with 'dig +trace aaaa www.xbox.com'.
Basic DNS troubleshooting.

If you ping at most 300 seconds before you ping6 the latter will
succeed, if you start from an empty cache and ping6 first, it will
fail to resolve until you ping.

-- Niels.

--
"It's amazing what people will do to get their name on the internet,
which is odd, because all you really need is a Blogspot account."
-- roy edroso, alicublog.blogspot.com

Re: problem with www.xbox.com / akamai [ In reply to ]

niels=cluenet at bakker

Jun 14, 2014, 10:16 AM

Post #5 of 6 (4501 views)

A slight correction to what I wrote: of course empty responses aren't
cached so this doesn't break v4 access when you ask for v6 first. The
impact is limited to significantly shifting hits to www.xbox.com to
IPv4 where they could have had more IPv6 traffic.

-- Niels.

--

For illustration. The commands below were entered a few seconds apart.
Your .akamaiedge.net host will likely vary from the one returned below:

% ping6 www.xbox.com
ping6: Non-recoverable failure in name resolution
% ping www.xbox.com
PING e2820.dspb.akamaiedge.net (172.229.187.141): 56 data bytes
64 bytes from 172.229.187.141: icmp_seq=0 ttl=59 time=2.577 ms
^C
--- e2820.dspb.akamaiedge.net ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 2.577/2.577/2.577/0.000 ms
% ping6 www.xbox.com
PING6(56=40+8+8 bytes) 2001:610:600:a33::2 --> 2a02:26f0:6b:1a0::b04
16 bytes from 2a02:26f0:6b:1a0::b04, icmp_seq=0 hlim=58 time=3.747 ms
16 bytes from 2a02:26f0:6b:1a0::b04, icmp_seq=1 hlim=58 time=3.579 ms
^C
--- e2820.dspb.akamaiedge.net ping6 statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 3.579/3.663/3.747/0.084 ms

% _

Re: problem with www.xbox.com / akamai [ In reply to ]

dougb at dougbarton

Jun 14, 2014, 10:22 AM

Post #6 of 6 (4484 views)

On 06/14/2014 12:12 PM, niels=cluenet@bakker.net wrote:
> The problem isn't the amount of CNAMEs, the problem is Microsoft's
> broken nameserver implementation.

Quite correct, your message arrived shortly after I sent mine, and your
analysis was more thorough.

Doug