[dns-operations] Using all the addresses of every name server? (Was: ANY efforts at taking additional responses more compact?

Paul Vixie paul at redbarn.org
Sun Sep 11 19:43:35 UTC 2016 


Stephane Bortzmeyer wrote:
> On Wed, Sep 07, 2016 at 05:33:48PM +0900,
>   Paul Vixie<paul at redbarn.org>  wrote
>   a message of 30 lines which said:
>
>> but the non-unrolling behaviour is reasonable and it is compliant
>
> Really? I read RFC 1035, section 4.2.1, and specially 7.2, as saying
> that a resolver must (not RFC 2119 MUST, RFC 1035 was written before)
> try all IP addresses of an authoritative name server. RFC 1034,
> section 5.3.3 is even clearer "The strategy is to cycle around all of
> the addresses for all of the servers with a timeout between each
> transmission.  In practice it is important to use all addresses of a
> multihomed host [...]"

for the purpose of determining which address is closest, it's certainly 
necessary to try every address. not all DNS resolvers do this; i'm aware 
of one who always tries a-root first and never tries any other server 
unless a-root doesn't answer.

in the general case of multihoming not just for DNS but for all 
services, error conditions share fate differently. ICMP Type 3 
(Destination unreachable) divides up into subtypes 0 (network), 1 
(host), 2 (protocol), 4 (fragmentation needed) and 5 (source route 
failed) which are per-address, vs. subtype 3 (port) which is per-host.

note: i realize that modern DNS servers have one listening socket per 
address, due to limitations of the BSD Sockets API; however, those are 
implementation specific and a multihomed DNS server listening on 
INADDR_ANY (0.0.0.0) can exist in principle, and more will exist in the 
future as the industry moves beyond the BSD Sockets API.

> [Which does not mean it is properly implemented by everyone, of
> course.]

of course. but when revising a specification, what's important is 
potentially reasonable assumptions made by previous implementors. for 
example, when BIND4 could not understand multiple RR's per message in an 
AXFR, this wasn't consindered reasonable, BIND4 was declared buggy, we 
all worked around it for a few years, and then we declared it dead.

that won't happen for implementors who treat ICMP type 3 subtype 3 as an 
excuse to skip the other addresses attached to a multihomed host, 
because their expectations aren't unreasonable.

-- 
P Vixie

More information about the dns-operations mailing list