[dns-operations] Using all the addresses of every name server? (Was: ANY efforts at taking additional responses more compact?
Florian Weimer
fweimer at redhat.com
Mon Sep 12 07:47:50 UTC 2016
On 09/11/2016 09:09 PM, Stephane Bortzmeyer wrote:
> On Wed, Sep 07, 2016 at 05:33:48PM +0900,
> Paul Vixie <paul at redbarn.org> wrote
> a message of 30 lines which said:
>
>> but the non-unrolling behaviour is reasonable and it is compliant
>
> Really? I read RFC 1035, section 4.2.1, and specially 7.2, as saying
> that a resolver must (not RFC 2119 MUST, RFC 1035 was written before)
> try all IP addresses of an authoritative name server. RFC 1034,
> section 5.3.3 is even clearer "The strategy is to cycle around all of
> the addresses for all of the servers with a timeout between each
> transmission. In practice it is important to use all addresses of a
> multihomed host [...]"
It's a bad idea. A few resolvers implement this, but it leads to a
problem: If there is a query which leads to an unexpected response from
the upstream servers, the query will be *sent* to all of them. This can
lead to service availability problems.
Florian
More information about the dns-operations
mailing list