[dns-operations] Basic question...Re: Using all the addresses of every name server? (Was: ANY efforts at taking additional responses more compact?

Paul Vixie paul at redbarn.org
Tue Sep 13 15:59:59 UTC 2016


Edward Lewis wrote:
> I haven't been following these threads all that closely, but this
> came to mind.
>
> ... my basic question, given any two IP addresses, how would you know
> they are handled by the same process? ...

that's the wrong question.

the reasonable-assumption here is that if someone means to indicate that 
two addresses belong to different hosts, they can use different NS RR's 
to denote those hosts, and that if a single NS points to multiple 
addresses, it's a multihomed host.

this is a reasonable assumption, not a rule. if someone doesn't express 
their connectivity that way, things will still work. but if they give a 
single NS RR with a dozen addresses, and one of those addresses returns 
ICMP port unreachable, an initiator can reasonably assume that the other 
addresses of the same host would return the same ICMP.

this doesn't extend to ICMP host unreachable or ICMP network unreachable 
or ICMP administrative denial or ICMP fragmentation needed. those are 
per-address by nature, whereas ICMP port unreachable *can be* per 
address in the way your wrong question assumes, but an initiator who 
assumes that ICMP port unreachable is per-NS, isn't unreasonable. so if 
you express your many servers as a single NS with N addresses, you take 
the risk that a resolver will skip N-1 of those addresses if it gets 
ICMP port unreachable from one of them.

again-- not a rule. just reasonable assumptions made by others. if you 
want to make such assumptions unreasonable, the RFC that describes the 
service they are connecting to would have to explicitly decry them, and 
in this case, you'd also need a time machine.

-- P Vixie



More information about the dns-operations mailing list