In
<5(_dot_)2(_dot_)1(_dot_)1(_dot_)0(_dot_)20050621220049(_dot_)02fdbad8(_at_)pop(_dot_)mail(_dot_)yahoo(_dot_)com>
David MacQuigg <dmquigg-clear(_at_)yahoo(_dot_)com> writes:
Using BIND 9.2.4, a typical query to aol.com gets:
dave(_at_)ubuntu:~$ dig aol.com mx
; <<>> DiG 9.2.4 <<>> aol.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59482
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 9
;; QUESTION SECTION:
;aol.com. IN MX
;; ANSWER SECTION:
aol.com. 3166 IN MX 15 mailin-02.mx.aol.com.
aol.com. 3166 IN MX 15 mailin-03.mx.aol.com.
aol.com. 3166 IN MX 15 mailin-04.mx.aol.com.
aol.com. 3166 IN MX 15 mailin-01.mx.aol.com.
;; ADDITIONAL SECTION:
mailin-02.mx.aol.com. 296 IN A 64.12.138.89
mailin-02.mx.aol.com. 296 IN A 205.188.156.249
mailin-02.mx.aol.com. 296 IN A 205.188.159.217
mailin-02.mx.aol.com. 296 IN A 64.12.137.121
mailin-01.mx.aol.com. 204 IN A 205.188.155.89
mailin-01.mx.aol.com. 204 IN A 205.188.156.185
mailin-01.mx.aol.com. 204 IN A 205.188.159.57
mailin-01.mx.aol.com. 204 IN A 64.12.137.89
mailin-01.mx.aol.com. 204 IN A 64.12.138.57
;; Query time: 3597 msec
;; SERVER: 216.183.68.110#53(216.183.68.110)
;; WHEN: Tue Jun 21 21:14:29 2005
;; MSG SIZE rcvd: 276
I seem to always get the same 4 MX records, so apparently round-robin
is turned OFF at aol.
The round-robin stuff is determined by the name server *you* query,
not the authoratative name server. AOL can't turn it off.
While you get the same 4 MX records, I bet you get them in a different
order on each query.
As for the records in the additional section, if you query AOL
direction (e.g. 'dig @dns-01.ns.aol.com aol.com mx'), you will get
additional records for all of the MXes. However, I suspect that many
(most?) caching name servers will ignore them because they can't tell
if they received authorative answers or not. Name servers can't just
accept any old answer they get in the additional section due to cache
poisoning problems.
The reason why your response returns the A records for the -01 and -02
MXes is probably because your name server had to look them up at one
time and received direct answers. I suspect that if you do a
'dig mailin-03.mx.aol.com', and then repeat your query for AOL's MXes,
the -03 A records will show up in the Additional section.
However, if what we are really looking for is
the A records, I get a different set each time.
Do you? Or, are they just in a different order?
So it looks like we
will need to do separate queries on each of the MX names to make sure
we have all the A records. UGH!!
Yes. Same goes for SRV records. Depending on your name server
software, the A record information from some or all of the MXes may
already be cached.
By the way, it looks like the ability to turn off round-robin is a
recent addition to BIND.
Again, this is for *local* queries.
"BIND 8.2 and later name servers -- but not BIND 9 name servers, as of
9.1.0 -- allow you to turn off round robin for certain domain names
and types of records." This seems inconsistent with RFC-2181, section
5.1: "
A query for a specific (or non-specific) label, class, and type, will
always return all records in the associated RRSet - whether that be
one or more RRs. The response must be marked as "truncated" if the
entire RRSet will not fit in the response." What a mess!!
There is nothing inconsistent here. The bind returns all records in
the RRset, only the order is changed. I'm not sure what djbdns does.
DJB has never been too keen on conforming to RFCs.
-wayne