English translation from Spanish of a previous post.

There is an important news website in Chile that takes long to load on my browser. An analysis revealed there is a problem with the DNS records for IPv6.

The problem is the DNS servers for the domain of this website does not answer anything for an AAAA query (record type for IPv6 addresses), resulting in a “timeout” from customer’s viewpoint. This is an incorrect behavior. If a zone doesn’t have an AAAA record for a name, it must answer an empty response immediately (return code NOERROR, with answer count = 0). Or if it is an old name server, with no knowledge of AAAA records, with an RCODE indicating it doesn’t understand the query. But in both cases is an immediate response, which allows to take proper action. This “no response” behavior may be caused by a firewall in front of the DNS servers that is allowing packets for certain known query types , and is discarding anything else, forbidding the name server from handling the query.

As a consequence of “chained timeouts” is that my browser takes FORTY-FIVE seconds to load the main page. This because I have IPv6 connectivity, so the browser sends both A and AAAA queries to my local resolver. Queries for A records respond immediately, but for AAAA times out after 5 seconds. The failed query is retried 3 times, making a total of 15 seconds only to resolve the name of the site. After that starts loading the page, which contains scripts in another web site from the same domain, again taking 15 seconds to resolve, and finally images on other subdomain, which adds the last 15 seconds.

The latter behavior could also be a browser error, which unnecessarily delays the display of a page with an image, but the scripts must be loaded before the rest.

Moreover, there is unfortunately a very short TTL, which requires a new query every 30 seconds, and even worse, one of the NS records in the zone has a private address, making 1 / 3 of the queries to fail.

The recommendation is to check all name servers about how they respond to AAAA queries, even if they don’t have IPv6 connectivity, because customers connected via IPv6 will query for those records and they will perceive the site as slow or down.