Cloudlare DNS - `nslookup` fails for IPv6 DNS sometimes, but always works for IPv4 DNS

AravindVNair99 · January 30, 2022, 5:05pm

I’m on an FTTH connection that has both IPv4 and IPv6 assigned to it. My ISP is Airtel and my closest Cloudflare datacentre is BLR. I realised that querying for DNS records to any of the 3 Cloudflare DNS services over IPv4 works perfectly fine, but it often fails on IPv6. By often, I mean 95% of the time. On the other hand, it works perfectly fine Google DNS be it IPv4 or IPv6.

By IPv4 and IPv6, I mean the IPv4 / IPv6 DNS server I am connecting to. My network is dual-stack itself throughout the test. Here’s some output from my tests:

Google DNS IPv4

user@host:~$ time nslookup cloudflare.com 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 2606:4700::6810:85e5
Name:   cloudflare.com
Address: 2606:4700::6810:84e5


real    0m0.113s
user    0m0.004s
sys     0m0.017s
user@host:~$ time nslookup cloudflare.com 8.8.4.4
Server:         8.8.4.4
Address:        8.8.4.4#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 2606:4700::6810:85e5
Name:   cloudflare.com
Address: 2606:4700::6810:84e5


real    0m0.107s
user    0m0.013s
sys     0m0.009s

Cloudflare DNS IPv4

user@host:~$ time nslookup cloudflare.com 1.1.1.1
Server:         1.1.1.1
Address:        1.1.1.1#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 2606:4700::6810:84e5
Name:   cloudflare.com
Address: 2606:4700::6810:85e5


real    0m0.030s
user    0m0.017s
sys     0m0.004s
user@host:~$ time nslookup cloudflare.com 1.0.0.1
Server:         1.0.0.1
Address:        1.0.0.1#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 2606:4700::6810:84e5
Name:   cloudflare.com
Address: 2606:4700::6810:85e5


real    0m0.029s
user    0m0.013s
sys     0m0.008s
user@host:~$ time nslookup cloudflare.com 1.1.1.2
Server:         1.1.1.2
Address:        1.1.1.2#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 2606:4700::6810:85e5
Name:   cloudflare.com
Address: 2606:4700::6810:84e5


real    0m0.032s
user    0m0.017s
sys     0m0.005s
user@host:~$ time nslookup cloudflare.com 1.0.0.2
Server:         1.0.0.2
Address:        1.0.0.2#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 2606:4700::6810:85e5
Name:   cloudflare.com
Address: 2606:4700::6810:84e5


real    0m0.032s
user    0m0.005s
sys     0m0.017s
user@host:~$ time nslookup cloudflare.com 1.1.1.3
Server:         1.1.1.3
Address:        1.1.1.3#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 2606:4700::6810:85e5
Name:   cloudflare.com
Address: 2606:4700::6810:84e5


real    0m0.033s
user    0m0.007s
sys     0m0.014s
user@host:~$ time nslookup cloudflare.com 1.0.0.3
Server:         1.0.0.3
Address:        1.0.0.3#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 2606:4700::6810:84e5
Name:   cloudflare.com
Address: 2606:4700::6810:85e5


real    0m0.034s
user    0m0.010s
sys     0m0.011s

Google DNS IPv6

user@host:~$ time nslookup cloudflare.com 2001:4860:4860::8888
Server:         2001:4860:4860::8888
Address:        2001:4860:4860::8888#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 2606:4700::6810:84e5
Name:   cloudflare.com
Address: 2606:4700::6810:85e5


real    0m0.094s
user    0m0.014s
sys     0m0.007s
user@host:~$ time nslookup cloudflare.com 2001:4860:4860::8844
Server:         2001:4860:4860::8844
Address:        2001:4860:4860::8844#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 2606:4700::6810:84e5
Name:   cloudflare.com
Address: 2606:4700::6810:85e5


real    0m0.102s
user    0m0.000s
sys     0m0.021s

Cloudflare DNS IPv6

user@host:~$ time nslookup cloudflare.com 2606:4700:4700::1111
;; connection timed out; no servers could be reached



real    0m15.018s
user    0m0.009s
sys     0m0.014s
user@host:~$ time nslookup cloudflare.com 2606:4700:4700::1001
;; connection timed out; no servers could be reached



real    0m15.019s
user    0m0.009s
sys     0m0.014s
user@host:~$ time nslookup cloudflare.com 2606:4700:4700::1112
Server:         2606:4700:4700::1112
Address:        2606:4700:4700::1112#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 104.16.133.229
;; connection timed out; no servers could be reached



real    0m15.032s
user    0m0.010s
sys     0m0.013s
user@host:~$ time nslookup cloudflare.com 2606:4700:4700::1002
Server:         2606:4700:4700::1002
Address:        2606:4700:4700::1002#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 2606:4700::6810:84e5
Name:   cloudflare.com
Address: 2606:4700::6810:85e5


real    0m0.050s
user    0m0.013s
sys     0m0.009s
user@host:~$ time nslookup cloudflare.com 2606:4700:4700::1113
Server:         2606:4700:4700::1113
Address:        2606:4700:4700::1113#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 104.16.133.229
;; connection timed out; no servers could be reached



real    0m15.037s
user    0m0.017s
sys     0m0.011s
user@host:~$ time nslookup cloudflare.com 2606:4700:4700::1003
;; connection timed out; no servers could be reached



real    0m15.016s
user    0m0.012s
sys     0m0.016s

Google DNS via hostname

user@host:~$ time nslookup cloudflare.com dns.google
Server:         dns.google
Address:        2001:4860:4860::8888#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 2606:4700::6810:85e5
Name:   cloudflare.com
Address: 2606:4700::6810:84e5


real    0m0.094s
user    0m0.018s
sys     0m0.006s

Cloudflare DNS via hostname

user@host:~$ time nslookup cloudflare.com one.one.one.one
Server:         one.one.one.one
Address:        2606:4700:4700::1111#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 2606:4700::6810:84e5
Name:   cloudflare.com
Address: 2606:4700::6810:85e5


real    0m1.096s
user    0m0.013s
sys     0m0.013s
user@host:~$ time nslookup cloudflare.com 1dot1dot1dot1.cloudflare-dns.com
Server:         1dot1dot1dot1.cloudflare-dns.com
Address:        2606:4700:4700::1001#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 2606:4700::6810:84e5
Name:   cloudflare.com
Address: 2606:4700::6810:85e5


real    0m0.078s
user    0m0.014s
sys     0m0.010s
user@host:~$ time nslookup cloudflare.com security.cloudflare-dns.com
Server:         security.cloudflare-dns.com
Address:        2606:4700:4700::1112#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 2606:4700::6810:84e5
Name:   cloudflare.com
Address: 2606:4700::6810:85e5


real    0m1.112s
user    0m0.026s
sys     0m0.000s
user@host:~$ time nslookup cloudflare.com family.cloudflare-dns.com
Server:         family.cloudflare-dns.com
Address:        1.0.0.3#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 2606:4700::6810:84e5
Name:   cloudflare.com
Address: 2606:4700::6810:85e5


real    0m4.072s
user    0m0.022s
sys     0m0.009s

Sometimes it works fine, but 95% of the time I see delays or no response. Sometimes I get partial responses. I’m unable to figure out what exactly is the issue.

AravindVNair99 · January 30, 2022, 5:12pm

Related: Cloudflare "server failed" or timeout for some sites

AravindVNair99 · January 30, 2022, 5:22pm

I just tried curl -I <IP address> for all 12 IP addresses of Cloudflare and I noticed from the CF-RAY header that all my IPv4 requests are going to BLR whereas all my IPv6 is going to MAA. Doesn’t BLR support IPv6?

milk · January 30, 2022, 5:32pm

I’m seeing the same here. Queries always fail on IPv6. This is on AMS location.

~> dig cloudflare.com @2606:4700:4700::1111   

; <<>> DiG 9.10.6 <<>> cloudflare.com @2606:4700:4700::1111
;; global options: +cmd
;; connection timed out; no servers could be reached

Works fine on Google.

~> dig cloudflare.com @2001:4860:4860::8888   

; <<>> DiG 9.10.6 <<>> cloudflare.com @2001:4860:4860::8888
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16614
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;cloudflare.com.			IN	A

;; ANSWER SECTION:
cloudflare.com.		283	IN	A	104.16.132.229
cloudflare.com.		283	IN	A	104.16.133.229

;; Query time: 13 msec
;; SERVER: 2001:4860:4860::8888#53(2001:4860:4860::8888)
;; WHEN: Sun Jan 30 18:25:43 CET 2022
;; MSG SIZE  rcvd: 75

AravindVNair99 · January 30, 2022, 5:38pm

@milk Thanks for pitching in! Have you been facing this issue recently or is it something that you have noticed for a while?

I was using Google DNS all this while and last few days I did some benchmarks and found Cloudflare performing better for me in IPv4 and Google DNS for IPv6 in my location. That’s how I came across this issue.

milk · January 30, 2022, 5:54pm

I would not know when this would have started as my main network with monitoring is still IPv4-only. Using WARP I am able to get IPv6 and then queries to 1.1.1.1’s IPv6 servers do not work.
However, I just tested it on my mobile IPv6 connection and there all the IPv6 queries seem to work fine.

AravindVNair99 · January 30, 2022, 5:57pm

@milk I too just tested my mobile data, and it seems to be working perfectly fine there whereas, on my FTTH connection, it’s a hit or miss. Sometimes I get a response, most of the time I don’t. Both are IPv4 + IPv6 connections.

AravindVNair99 · January 30, 2022, 6:22pm

@milk Are your Cloudflare locations for IPv4 and IPv6 the same on the connection you were facing issues with?

I’m wondering if this has to do with ISPs not routing correctly. Although both via mobile data and FTTH, IPv4 for me connects to BLR and IPv6 to MAA. And the issue is only with my FTTH and not my mobile data. Google DNS seems to be working on everything.

Refer this to check: Cloudlare DNS - `nslookup` fails for IPv6 DNS sometimes, but always works for IPv4 DNS - #3 by AravindVNair99

user21517 · January 30, 2022, 6:42pm

How is IPv6 generally in India? My ISP in Europe is still IPv4-only, and I think most ISPs in the country are. I have FTTC.

I have a cloud VM with IPv6 support, though. I am able to get the correct DNS responses from all 6 of Cloudflare’s DNS servers over IPv6. I suspect this a problem with your ISP’s IPv6 routing, but I could be wrong.

AravindVNair99 · January 30, 2022, 6:59pm

@user21517 Thanks for pitching in! I too am suspecting some misconfiguration in the IPv6 routing, but I’m not sure either. Airtel and Jio are two ISPs that have good IPv4 and IPv6 coverage in India. Not sure of Vodafone Idea which is another popular ISP in India although a huge majority use Airtel and Jio. I use Airtel for my FTTH and also my mobile data. By default, both were set to IPv4, but I changed both to IPv4 + IPv6 in the router’s WAN and mobile’s APN settings respectively. My mobile has been on IPv4 + IPv6 for a couple of years now whereas, on my router, I changed to IPv4 + IPv6 a few days ago. But generally speaking in India I’ve seen some customers get IPv4 only by default and some get both IPv4 + IPv6. I’ve seen cases where some get only IPv6 as well. But for all of these one can manually enable or if not call up the customer care/service team to get it enabled. I would say the coverage is good. In fact, I wouldn’t even have noticed this issue had I not tried doing a DNS benchmark.

Also, which location is your VM in? Because @milk says they are in Amsterdam (AMS), Netherlands, although I am not sure which Cloudflare data centre they are connected to. Whereas my IPv4 connects to Bengaluru (BLR), India and IPv6 connects to Chennai (MAA), India. I’m currently in Bengaluru.

user21517 · January 30, 2022, 7:25pm

The VM is in DigitalOcean’s London location. traceroute6 2606:4700:4700::1113 shows the connection going via 2400:cb00:373:1024::ac46:a127, which ipinfo.io suggests is in London. The connection also only took 7 hops, which suggests fairly close proximity.

I think @milk was saying they connected to AMS, but not necessarily that they are in Amsterdam. Amsterdam has quite a lot of network infrastructure so it probably has the largest Cloudflare datacentre for quite a large area.

AravindVNair99 · January 30, 2022, 7:45pm

@user21517 Yeah that could be true.

Could you try checking the HTTP header via curl for your IPv4 and IPv6 requests from your VM as I mentioned here: Cloudlare DNS - `nslookup` fails for IPv6 DNS sometimes, but always works for IPv4 DNS - #3 by AravindVNair99 The CF-RAY header shows which datacentre you connected to.

AravindVNair99 · January 30, 2022, 7:52pm

@user21517 and @milk I have put together a script that you could run to save some time. Could you both post the output of this? I’m curious if the situation is the same for all or if it’s just that BLR doesn’t support IPv6 yet.

curl -sI 1.1.1.1 | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "1.1.1.1" $(tail -c 5)
curl -sI 1.1.1.2 | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "1.1.1.2" $(tail -c 5)
curl -sI 1.1.1.3 | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "1.1.1.3" $(tail -c 5)
curl -sI 1.0.0.1 | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "1.0.0.1" $(tail -c 5)
curl -sI 1.0.0.2 | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "1.0.0.2" $(tail -c 5)
curl -sI 1.0.0.3 | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "1.0.0.3" $(tail -c 5)
curl -sI [2606:4700:4700::1111] | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "2606:4700:4700::1111" $(tail -c 5)
curl -sI [2606:4700:4700::1001] | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "2606:4700:4700::1001" $(tail -c 5)
curl -sI [2606:4700:4700::1112] | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "2606:4700:4700::1112" $(tail -c 5)
curl -sI [2606:4700:4700::1002] | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "2606:4700:4700::1002" $(tail -c 5)
curl -sI [2606:4700:4700::1113] | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "2606:4700:4700::1113" $(tail -c 5)
curl -sI [2606:4700:4700::1003] | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "2606:4700:4700::1003" $(tail -c 5)

Here’s my output:

1.1.1.1 BLR
1.1.1.2 BLR
1.1.1.3 BLR
1.0.0.1 BLR
1.0.0.2 BLR
1.0.0.3 BLR
2606:4700:4700::1111 MAA
2606:4700:4700::1001 MAA
2606:4700:4700::1112 MAA
2606:4700:4700::1002 MAA
2606:4700:4700::1113 MAA
2606:4700:4700::1003 MAA

user21517 · January 30, 2022, 8:45pm

The script didn’t work for me as is (awk doesn’t seem to get piped to tail correctly). I tweaked it a bit:

foreach ip (
    "1.1.1.1"
    "1.0.0.1"
    "1.1.1.2"
    "1.0.0.2"
    "1.1.1.3"
    "1.0.0.3"
    "[2606:4700:4700::1111]"
    "[2606:4700:4700::1001]"
    "[2606:4700:4700::1112]"
    "[2606:4700:4700::1002]"
    "[2606:4700:4700::1113]"
    "[2606:4700:4700::1003]"
)
    printf "$ip: "
    curl -sI "$ip" | awk -v FS=": " '/^CF-RAY/{print $2}' | tail -c 5
end

From that I get LHR from every server:

1.1.1.1: LHR
1.0.0.1: LHR
1.1.1.2: LHR
1.0.0.2: LHR
1.1.1.3: LHR
1.0.0.3: LHR
[2606:4700:4700::1111]: LHR
[2606:4700:4700::1001]: LHR
[2606:4700:4700::1112]: LHR
[2606:4700:4700::1002]: LHR
[2606:4700:4700::1113]: LHR
[2606:4700:4700::1003]: LHR

milk · January 30, 2022, 9:46pm

I am from Amsterdam and get routed to AMS for all.

1.1.1.1: AMS
1.0.0.1: AMS
1.1.1.2: AMS
1.0.0.2: AMS
1.1.1.3: AMS
1.0.0.3: AMS
[2606:4700:4700::1111]: AMS
[2606:4700:4700::1001]: AMS
[2606:4700:4700::1112]: AMS
[2606:4700:4700::1002]: AMS
[2606:4700:4700::1113]: AMS
[2606:4700:4700::1003]: AMS

All IPv6 servers are unreachable for me for DNS queries via WARP.

AravindVNair99 · January 31, 2022, 1:20pm

The script didn’t work for me as is ( awk doesn’t seem to get piped to tail correctly). I tweaked it a bit

@user21517 Ah looks neater now. I use bash shell, so foreach isn’t supported in that, unfortunately.

So, both you and @milk have one location for IPv4 and IPv6, but not me. Let me see if I can get any of my friends in other parts of India to test. Thanks for the output!

Because from my understanding, it should be going to the same location unless there are routing issues which then causes it to retry or go to some other location. I just ran the location test again and I now have a mix of BLR and MAA:

1.1.1.1 BLR
1.1.1.2 BLR
1.1.1.3 BLR
1.0.0.1 BLR
1.0.0.2 BLR
1.0.0.3 BLR
2606:4700:4700::1111 BLR
2606:4700:4700::1001 MAA
2606:4700:4700::1112 BLR
2606:4700:4700::1002 MAA
2606:4700:4700::1113 BLR
2606:4700:4700::1003 BLR

AravindVNair99 · January 31, 2022, 2:51pm

Spun up a VM via AWS in ap-south-1. Here are the results:

1.1.1.1 BOM
1.1.1.2 BOM
1.1.1.3 BOM
1.0.0.1 BOM
1.0.0.2 BOM
1.0.0.3 BOM
2606:4700:4700::1111 BOM
2606:4700:4700::1001 BOM
2606:4700:4700::1112 BOM
2606:4700:4700::1002 BOM
2606:4700:4700::1113 BOM
2606:4700:4700::1003 BOM

The region is correct for both IPv4 and IPv6. I was able to successfully perform nslookup on all of them as well.

On a side note, although I didn’t check throughout the day, today it seems to be working fine on my FTTH as well. Although I can see IPv6 switching between BLR and MAA while IPv4 always remains on BLR.

username@hostname:~$ curl -sI 1.1.1.1 | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "1.1.1.1" $(tail -c 5)
curl -sI 1.1.1.2 | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "1.1.1.2" $(tail -c 5)
curl -sI 1.1.1.3 | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "1.1.1.3" $(tail -c 5)
curl -sI 1.0.0.1 | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "1.0.0.1" $(tail -c 5)
curl -sI 1.0.0.2 | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "1.0.0.2" $(tail -c 5)
curl -sI 1.0.0.3 | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "1.0.0.3" $(tail -c 5)
curl -sI [2606:4700:4700::1111] | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "2606:4700:4700::1111" $(tail -c 5)
curl -sI [2606:4700:4700::1001] | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "2606:4700:4700::1001" $(tail -c 5)
curl -sI [2606:4700:4700::1112] | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "2606:4700:4700::1112" $(tail -c 5)
curl -sI [2606:4700:4700::1002] | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "2606:4700:4700::1002" $(tail -c 5)
curl -sI [2606:4700:4700::1113] | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "2606:4700:4700::1113" $(tail -c 5)
curl -sI [2606:4700:4700::1003] | awk -v FS=": " '/^CF-RAY/{print $2}' | echo "2606:4700:4700::1003" $(tail -c 5)
1.1.1.1 BLR
1.1.1.2 BLR
1.1.1.3 BLR
1.0.0.1 BLR
1.0.0.2 BLR
1.0.0.3 BLR
2606:4700:4700::1111 MAA
2606:4700:4700::1001 MAA
2606:4700:4700::1112 MAA
2606:4700:4700::1002 MAA
2606:4700:4700::1113 MAA
2606:4700:4700::1003 BLR
username@hostname:~$ time nslookup cloudflare.com 2606:4700:4700::1111
time nslookup cloudflare.com 2606:4700:4700::1001
time nslookup cloudflare.com 2606:4700:4700::1112
time nslookup cloudflare.com 2606:4700:4700::1002
time nslookup cloudflare.com 2606:4700:4700::1113
time nslookup cloudflare.com 2606:4700:4700::1003
Server:         2606:4700:4700::1111
Address:        2606:4700:4700::1111#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 2606:4700::6810:84e5
Name:   cloudflare.com
Address: 2606:4700::6810:85e5


real    0m0.035s
user    0m0.004s
sys     0m0.017s
Server:         2606:4700:4700::1001
Address:        2606:4700:4700::1001#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 2606:4700::6810:85e5
Name:   cloudflare.com
Address: 2606:4700::6810:84e5


real    0m0.035s
user    0m0.005s
sys     0m0.016s
Server:         2606:4700:4700::1112
Address:        2606:4700:4700::1112#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 2606:4700::6810:85e5
Name:   cloudflare.com
Address: 2606:4700::6810:84e5


real    0m0.038s
user    0m0.013s
sys     0m0.008s
Server:         2606:4700:4700::1002
Address:        2606:4700:4700::1002#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 2606:4700::6810:84e5
Name:   cloudflare.com
Address: 2606:4700::6810:85e5


real    0m0.040s
user    0m0.013s
sys     0m0.008s
Server:         2606:4700:4700::1113
Address:        2606:4700:4700::1113#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 2606:4700::6810:85e5
Name:   cloudflare.com
Address: 2606:4700::6810:84e5


real    0m0.037s
user    0m0.013s
sys     0m0.008s
Server:         2606:4700:4700::1003
Address:        2606:4700:4700::1003#53

Non-authoritative answer:
Name:   cloudflare.com
Address: 104.16.132.229
Name:   cloudflare.com
Address: 104.16.133.229
Name:   cloudflare.com
Address: 2606:4700::6810:84e5
Name:   cloudflare.com
Address: 2606:4700::6810:85e5


real    0m0.036s
user    0m0.017s
sys     0m0.005s
username@hostname:~$

AravindVNair99 · February 4, 2022, 3:51pm

@mvavrusa mtr as requested (Cloudflare DNS - `nslookup` fails for IPv6 DNS sometimes, but always works for IPv4 DNS - #3 by mvavrusa):

$ mtr 1.1.1.1 -bz -c 10
                                                                              Packets               Pings
 Host                                                                        Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. AS???    192.168.1.1 (192.168.1.1)                                        0.0%    10    0.7   0.6   0.4   0.7   0.1
 2. AS24560  223.178.56.1 (223.178.56.1)                                      0.0%    10    4.2   4.3   3.8   7.1   1.0
 3. AS9498   nsg-corporate-97.95.187.122.airtel.in (122.187.95.97)            0.0%    10    4.1   4.2   3.8   4.9   0.3
 4. AS9498   116.119.52.252 (116.119.52.252)                                  0.0%    10    4.3   4.2   3.8   4.3   0.2
 5. AS9498   182.79.164.25 (182.79.164.25)                                    0.0%    10    5.2   5.4   4.1  12.2   2.4
 6. AS13335  one.one.one.one (1.1.1.1)                                        0.0%    10    2.7   3.8   2.7   4.1   0.4

$ mtr 1.0.0.1 -bz -c 10

                                                                                Packets               Pings
 Host                                                                        Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. AS???    192.168.1.1 (192.168.1.1)                                        0.0%    10    0.5   0.5   0.4   0.6   0.1
 2. AS24560  223.178.56.1 (223.178.56.1)                                      0.0%    10    3.1   4.4   3.1   9.5   1.8
 3. AS9498   nsg-corporate-97.95.187.122.airtel.in (122.187.95.97)            0.0%    10    3.5   4.1   3.5   4.4   0.3
 4. AS???    182.79.153.1 (182.79.153.1)                                      0.0%    10    4.1   6.6   4.0  28.2   7.6
 5. AS9498   182.79.164.25 (182.79.164.25)                                    0.0%    10    4.7   4.4   2.9   6.1   0.9
 6. AS13335  one.one.one.one (1.0.0.1)                                        0.0%    10    3.4   3.8   3.4   4.2   0.3

$ mtr 1.1.1.2 -bz -c 10

                                                                                Packets               Pings
 Host                                                                        Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. AS???    192.168.1.1 (192.168.1.1)                                        0.0%    10    0.5   0.5   0.4   0.5   0.0
 2. AS24560  223.178.56.1 (223.178.56.1)                                      0.0%    10    3.7   4.9   3.5  10.2   2.3
 3. AS9498   nsg-corporate-97.95.187.122.airtel.in (122.187.95.97)            0.0%    10   22.3  12.4   3.9  25.3   7.4
 4. AS???    182.79.153.3 (182.79.153.3)                                      0.0%    10    3.9   4.7   3.8   7.9   1.4
 5. AS9498   182.79.164.25 (182.79.164.25)                                    0.0%    10    4.8   5.2   4.3   8.7   1.3
 6. AS13335  1.1.1.2 (1.1.1.2)                                                0.0%    10    3.9   3.9   3.7   4.1   0.1

$ mtr 1.0.0.2 -bz -c 10

                                                                                Packets               Pings
 Host                                                                        Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. AS???    192.168.1.1 (192.168.1.1)                                        0.0%    10    0.5   0.5   0.4   0.7   0.1
 2. AS24560  223.178.56.1 (223.178.56.1)                                      0.0%    10    4.1   5.2   3.8   9.5   1.9
 3. AS9498   nsg-corporate-101.95.187.122.airtel.in (122.187.95.101)         22.2%    10    4.1   4.0   3.4   4.4   0.3
 4. AS9498   182.79.164.25 (182.79.164.25)                                    0.0%    10    4.1   5.0   4.1   9.6   1.6
 5. AS13335  1.0.0.2 (1.0.0.2)                                                0.0%    10    3.9   3.8   3.2   4.1   0.3

$ mtr 1.1.1.3 -bz -c 10

                                                                                Packets               Pings
 Host                                                                        Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. AS???    192.168.1.1 (192.168.1.1)                                        0.0%    10    0.5   0.5   0.4   0.6   0.0
 2. AS24560  223.178.56.1 (223.178.56.1)                                      0.0%    10    3.8   4.9   3.2  10.2   2.3
 3. AS9498   nsg-corporate-97.95.187.122.airtel.in (122.187.95.97)            0.0%    10    4.1   5.5   3.6  20.3   5.2
 4. AS???    182.79.153.1 (182.79.153.1)                                      0.0%    10    4.3   6.2   3.8  24.9   6.5
 5. AS9498   182.79.164.25 (182.79.164.25)                                    0.0%    10    4.5   5.7   4.4  10.3   2.3
 6. AS13335  1.1.1.3 (1.1.1.3)                                                0.0%    10    4.2   3.8   3.4   4.2   0.2

$ mtr 1.0.0.3 -bz -c 10

                                                                                Packets               Pings
 Host                                                                        Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. AS???    192.168.1.1 (192.168.1.1)                                        0.0%    10    0.6   0.6   0.5   0.7   0.1
 2. AS24560  223.178.56.1 (223.178.56.1)                                      0.0%    10    8.9   5.2   2.7  11.9   2.9
 3. AS9498   nsg-corporate-101.95.187.122.airtel.in (122.187.95.101)          0.0%    10    4.2   4.2   3.8   5.0   0.3
 4. AS9498   182.79.164.25 (182.79.164.25)                                    0.0%    10    4.7   6.5   4.2  23.3   5.9
 5. AS13335  1.0.0.3 (1.0.0.3)                                                0.0%    10    3.7   3.9   3.7   4.4   0.2

$ mtr 2606:4700:4700::1111 -bz -c 10

                                                                                Packets               Pings
 Host                                                                        Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. AS24560  2401:4900:1f25:8fff::5:6bb5 (2401:4900:1f25:8fff::5:6bb5)        0.0%    10    0.7   0.6   0.6   0.7   0.0
 2. AS24560  2401:4900:1f25:8fff::1 (2401:4900:1f25:8fff::1)                  0.0%    10    7.8   5.5   1.9  13.1   3.5
 3. AS9498   2404:a800:3a00::3fd (2404:a800:3a00::3fd)                        0.0%    10    3.4  10.9   3.3  47.9  13.5
 4. AS9498   g2600-1417-0078-0000-0000-0000-0000-0001.deploy.static.akamaite  0.0%    10   11.0  12.2  10.4  19.4   2.8
 5. AS9498   2404:a800:0:29::af (2404:a800:0:29::af)                          0.0%    10   10.6  12.6   9.7  30.0   6.1
 6. AS13335  one.one.one.one (2606:4700:4700::1111)                           0.0%    10   10.4  10.3   9.9  10.7   0.3

$ mtr 2606:4700:4700::1001 -bz -c 10

                                                                                Packets               Pings
 Host                                                                        Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. AS24560  2401:4900:1f25:8fff::5:6bb5 (2401:4900:1f25:8fff::5:6bb5)        0.0%    10    0.8   0.7   0.6   0.8   0.1
 2. AS24560  2401:4900:1f25:8fff::1 (2401:4900:1f25:8fff::1)                  0.0%    10   19.2   6.1   3.5  19.2   4.9
 3. AS9498   2404:a800:3a00::401 (2404:a800:3a00::401)                        0.0%    10    4.0   4.8   3.4  14.6   3.4
 4. AS9498   2404:a800:0:29::225 (2404:a800:0:29::225)                        0.0%    10   12.0   6.2   3.9  14.5   3.8
 5. AS13335  one.one.one.one (2606:4700:4700::1001)                           0.0%    10    1.9   3.4   1.9   4.0   0.6

$ mtr 2606:4700:4700::1112 -bz -c 10

                                                                               Packets               Pings
 Host                                                                        Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. AS24560  2401:4900:1f25:8fff::5:6bb5 (2401:4900:1f25:8fff::5:6bb5)        0.0%    10    0.6   0.7   0.6   0.8   0.1
 2. AS24560  2401:4900:1f25:8fff::1 (2401:4900:1f25:8fff::1)                  0.0%    10    3.6   4.6   3.3  12.4   2.8
 3. AS9498   2404:a800:3a00::3fd (2404:a800:3a00::3fd)                        0.0%    10    3.7   6.3   3.1  13.2   3.5
 4. AS9498   g2600-1417-0078-0000-0000-0000-0000-0001.deploy.static.akamaite  0.0%    10   29.6  13.6  10.3  29.6   6.1
 5. AS9498   2404:a800:0:29::af (2404:a800:0:29::af)                          0.0%    10   10.8  10.8  10.0  13.2   0.9
 6. AS13335  2606:4700:4700::1112 (2606:4700:4700::1112)                      0.0%    10   10.9  10.9  10.7  11.2   0.1

$ mtr 2606:4700:4700::1002 -bz -c 10

                                                                                Packets               Pings
 Host                                                                        Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. AS24560  2401:4900:1f25:8fff::5:6bb5 (2401:4900:1f25:8fff::5:6bb5)        0.0%    10    0.6   0.6   0.6   0.7   0.1
 2. AS24560  2401:4900:1f25:8fff::1 (2401:4900:1f25:8fff::1)                  0.0%    10    3.4   3.7   3.3   5.1   0.6
 3. AS9498   2404:a800:3a00::401 (2404:a800:3a00::401)                        0.0%    10    3.6   4.8   3.4  13.9   3.2
 4. AS9498   2404:a800:0:29::225 (2404:a800:0:29::225)                        0.0%    10    3.8   6.7   3.0  30.1   8.3
 5. AS13335  2606:4700:4700::1002 (2606:4700:4700::1002)                      0.0%    10    3.1   3.4   3.1   3.8   0.2

$ mtr 2606:4700:4700::1113 -bz -c 10

                                                                                Packets               Pings
 Host                                                                        Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. AS24560  2401:4900:1f25:8fff::5:6bb5 (2401:4900:1f25:8fff::5:6bb5)        0.0%    10    0.6   0.6   0.5   0.7   0.0
 2. AS24560  2401:4900:1f25:8fff::1 (2401:4900:1f25:8fff::1)                  0.0%    10    3.2   4.6   2.9  10.3   3.0
 3. AS9498   2404:a800:3a00::401 (2404:a800:3a00::401)                       88.9%    10    3.7   3.7   3.7   3.7   0.0
 4. AS9498   2404:a800:0:29::225 (2404:a800:0:29::225)                        0.0%    10    3.7   5.3   3.7  15.5   3.6
 5. AS13335  2606:4700:4700::1113 (2606:4700:4700::1113)                      0.0%    10    3.7   3.4   3.1   3.7   0.2

$ mtr 2606:4700:4700::1003 -bz -c 10

                                                                                Packets               Pings
 Host                                                                        Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. AS24560  2401:4900:1f25:8fff::5:6bb5 (2401:4900:1f25:8fff::5:6bb5)        0.0%    10    0.6   0.6   0.5   0.6   0.0
 2. AS24560  2401:4900:1f25:8fff::1 (2401:4900:1f25:8fff::1)                  0.0%    10   32.1   7.5   3.0  32.1   8.8
 3. AS9498   2404:a800:3a00::401 (2404:a800:3a00::401)                       55.6%    10    8.2   7.2   3.5  13.5   4.7
 4. AS9498   2404:a800:0:29::225 (2404:a800:0:29::225)                        0.0%    10    3.9   4.5   3.9   7.8   1.2
 5. AS13335  2606:4700:4700::1003 (2606:4700:4700::1003)                      0.0%    10    3.6   3.4   2.7   3.7   0.3

mvavrusa · February 11, 2022, 9:29pm

At least the ICMP seems to be okay here. Did you take the mtr at the same time when you were experiencing packet loss? Do you have the same issue with TCP or TLS? (kdig @2606:4700:4700::1111 +tls) From your original post it seems like you get a packet loss on all IPv6 endpoints regardless of whether they are routed to BLR and MAA. I can double check if there’s any congestion there though.

AravindVNair99 · February 20, 2022, 7:58pm

Hey @mvavrusa!

Apologies for the delay in getting back to you.

Did you take the mtr at the same time when you were experiencing packet loss?

No, when I got the output of mtr, I didn’t notice any packet loss. I was able to resolve DNS lookups as seen in the output.

Do you have the same issue with TCP or TLS? ( kdig @2606:4700:4700::1111 +tls )

The output of the command is:

user@host:~$ kdig @2606:4700:4700::1111 +tls
;; TLS session (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 31201
;; Flags: qr aa rd ra; QUERY: 1; ANSWER: 13; AUTHORITY: 0; ADDITIONAL: 27

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1232 B; ext-rcode: NOERROR
;; PADDING: 121 B

;; QUESTION SECTION:
;; .                            IN      NS

;; ANSWER SECTION:
.                       517898  IN      NS      a.root-servers.net.
.                       517898  IN      NS      b.root-servers.net.
.                       517898  IN      NS      c.root-servers.net.
.                       517898  IN      NS      d.root-servers.net.
.                       517898  IN      NS      e.root-servers.net.
.                       517898  IN      NS      f.root-servers.net.
.                       517898  IN      NS      g.root-servers.net.
.                       517898  IN      NS      h.root-servers.net.
.                       517898  IN      NS      i.root-servers.net.
.                       517898  IN      NS      j.root-servers.net.
.                       517898  IN      NS      k.root-servers.net.
.                       517898  IN      NS      l.root-servers.net.
.                       517898  IN      NS      m.root-servers.net.

;; ADDITIONAL SECTION:
a.root-servers.net.     517898  IN      A       198.41.0.4
a.root-servers.net.     517898  IN      AAAA    2001:503:ba3e::2:30
b.root-servers.net.     517898  IN      A       199.9.14.201
b.root-servers.net.     517898  IN      AAAA    2001:500:200::b
c.root-servers.net.     517898  IN      A       192.33.4.12
c.root-servers.net.     517898  IN      AAAA    2001:500:2::c
d.root-servers.net.     517898  IN      A       199.7.91.13
d.root-servers.net.     517898  IN      AAAA    2001:500:2d::d
e.root-servers.net.     517898  IN      A       192.203.230.10
e.root-servers.net.     517898  IN      AAAA    2001:500:a8::e
f.root-servers.net.     517898  IN      A       192.5.5.241
f.root-servers.net.     517898  IN      AAAA    2001:500:2f::f
g.root-servers.net.     517898  IN      A       192.112.36.4
g.root-servers.net.     517898  IN      AAAA    2001:500:12::d0d
h.root-servers.net.     517898  IN      A       198.97.190.53
h.root-servers.net.     517898  IN      AAAA    2001:500:1::53
i.root-servers.net.     517898  IN      A       192.36.148.17
i.root-servers.net.     517898  IN      AAAA    2001:7fe::53
j.root-servers.net.     517898  IN      A       192.58.128.30
j.root-servers.net.     517898  IN      AAAA    2001:503:c27::2:30
k.root-servers.net.     517898  IN      A       193.0.14.129
k.root-servers.net.     517898  IN      AAAA    2001:7fd::1
l.root-servers.net.     517898  IN      A       199.7.83.42
l.root-servers.net.     517898  IN      AAAA    2001:500:9f::42
m.root-servers.net.     517898  IN      A       202.12.27.33
m.root-servers.net.     517898  IN      AAAA    2001:dc3::35

;; Received 936 B
;; Time 2022-02-21 01:14:59 IST
;; From 2606:4700:4700::1111@853(TCP) in 20.8 ms

From your original post it seems like you get a packet loss on all IPv6 endpoints regardless of whether they are routed to BLR and MAA.

I faced the issue only with Cloudflare DNS and not Google DNS. I’ve noticed all my IPv4 go to BLR. I’m in BLR as well. But IPv6 always keeps changing between IPv4 and IPv6.

I can double check if there’s any congestion there though.

Sure, thank you! I just tried running my initial queries again and I don’t seem to be having an issue now although I switched back to Google DNS as it was unbearable to use Cloudflare DNS especially when I got no reply from the Cloudflare team after waiting for a few weeks and the issue not resolving. However, I am happy to assist in any way I can to get to the root cause of the problem.

Speaking of IPv6, I ended up facing another issue though which is quite related to this: HDFC Net banking not loading with Cloudflare DNS which is what made me switch back as I wasn’t sure what’s the next issue I am going to face. Seems like IPv6 is a mess while using Cloudflare DNS.

Topic		Replies	Views
Cloudflare DNS - `nslookup` fails for IPv6 DNS sometimes, but always works for IPv4 DNS 1.1.1.1	7	3601	March 22, 2022
Ipv4 or ipv6 to cloudflare, ipv6 ONLY to origin DNS & Network	3	5061	May 24, 2020
Ipv6 not working behind cloudflare DNS & Network	3	1590	July 19, 2023
Setting Up Oookla Speedtest Server Problem DNS & Network	1	996	September 19, 2023
DNS64 support 1.1.1.1 dns	8	11740	June 18, 2021