At 02:13 AM 6/22/2005 +0000, John Levine wrote:
We still need to specify what an SMTP server should do if it
sees more than one.
I'd say that senders MUST NOT publish more than one SRV record per
name. Recipient SMTP servers SHOULD treat an RRset with more than one
SRV record as an error and act as though it found no RR's at all, but
they MAY be coded by amateurs and pick one record at one random and
pretend it's the only one.
By the way, the comment about BIND doing round robin is pretty
persuasive. Now that I think about it, if you look at the semantics
of all of the other RR types, if there are a whole bunch of records
and you only get some of them, that's OK because they're telling you
about multiple alternate places to get equivalent services, and any
will do. But now we have a design that depends on getting all of the
RRs in a set.
So let's say I have a pool of 50 hosts that HELO as, say, blurch.com,
so I set up a SRV record that refers to _csv.blurch.com, and then add
50 A records for _csv.blurch.com for all those hosts. Will DNS servers
return all 50 of them, or will they pick a dozen and figure that's all
I need. Has anyone done experiments, particularly with bind 4.x?
Using BIND 9.2.4, a typical query to aol.com gets:
dave(_at_)ubuntu:~$ dig aol.com mx
; <<>> DiG 9.2.4 <<>> aol.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59482
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 9
;; QUESTION SECTION:
;aol.com. IN MX
;; ANSWER SECTION:
aol.com. 3166 IN MX 15 mailin-02.mx.aol.com.
aol.com. 3166 IN MX 15 mailin-03.mx.aol.com.
aol.com. 3166 IN MX 15 mailin-04.mx.aol.com.
aol.com. 3166 IN MX 15 mailin-01.mx.aol.com.
;; ADDITIONAL SECTION:
mailin-02.mx.aol.com. 296 IN A 64.12.138.89
mailin-02.mx.aol.com. 296 IN A 205.188.156.249
mailin-02.mx.aol.com. 296 IN A 205.188.159.217
mailin-02.mx.aol.com. 296 IN A 64.12.137.121
mailin-01.mx.aol.com. 204 IN A 205.188.155.89
mailin-01.mx.aol.com. 204 IN A 205.188.156.185
mailin-01.mx.aol.com. 204 IN A 205.188.159.57
mailin-01.mx.aol.com. 204 IN A 64.12.137.89
mailin-01.mx.aol.com. 204 IN A 64.12.138.57
;; Query time: 3597 msec
;; SERVER: 216.183.68.110#53(216.183.68.110)
;; WHEN: Tue Jun 21 21:14:29 2005
;; MSG SIZE rcvd: 276
I seem to always get the same 4 MX records, so apparently round-robin is
turned OFF at aol. However, if what we are really looking for is the A
records, I get a different set each time. So it looks like we will need to
do separate queries on each of the MX names to make sure we have all the A
records. UGH!! For efficiency, we might need to interleave the queries
with the IP comparison, and quit as soon as there is a match. At least
those queries seem to return a little faster than the 3.6 seconds above.
By the way, it looks like the ability to turn off round-robin is a recent
addition to BIND. From p.274 in "DNS & BIND, 4th edition: "BIND 8.2 and
later name servers -- but not BIND 9 name servers, as of 9.1.0 -- allow you
to turn off round robin for certain domain names and types of
records." This seems inconsistent with RFC-2181, section 5.1: "
A query for a specific (or non-specific) label, class, and type, will
always return all records in the associated RRSet - whether that be one or
more RRs. The response must be marked as "truncated" if the entire RRSet
will not fit in the response." What a mess!!
--
Dave************************************************************ *
* David MacQuigg, PhD email: david_macquigg at yahoo.com * *
* IC Design Engineer phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. Tucson, Arizona 85710 *
************************************************************ *