Hello
One customer contacted us, because the Migros Banking App does not work from within our network and asked me to contact the Migros NOC to find out what we should change to make it work.
From the Migros NOC I got the feedback, that this is an issue they observed with customers whose ISP have IPv6 enabled DNS Server. They recommend that either the ISP disables IPv6 on the nameservers, or that the customers uses a different ISP, for example via Mobile Phone Hotspot to use their Banking app.
Apparently UPC Cablecom is another ISP with the same issue and cablecom is able to resolve the issue by disabling IPv6 for the affected customers.
I am a bit puzzled. I first suspected a DNSSEC issue as our servers do validate DNSSEC. But this does not seem to be the case.
I can resolve the hostnames without any problems via our DNS Servers.
Our DNS Servers are IPv6 enabled. When another DNS Server has an IPv6 address, they will prefer IPv6. But our customer does not get an IPv6 address. So his local resolver does only know the IPv4 address of our DNS Servers. The Migros DNS Servers do not publish an IPv6 address. So how is IPv6 involved in this issue?
The Domain in Question: mbmid.ch is:
mbmid.ch. 241 IN NS ns1.datacenter-migros.ch. mbmid.ch. 241 IN NS migze104.migros.ch. mbmid.ch. 241 IN NS migze100.migros.ch.
ns1.datacenter-migros.ch. 146 IN A 164.14.130.66 migze100.migros.ch. 3222 IN A 146.67.146.20 migze104.migros.ch. 3222 IN A 193.8.177.201
They are not DNSSEC Signed.
The only issue I found is that ns1.datacenter-migros.ch is not published in the registrar glue record, but this also would not lead to a failure to resolve the hostname.
Has anyone else come across that issue and could give me a hint where to further investigate?
-BenoƮt Panizzon-