In <p06101105bcc95aa068c9(_at_)[216(_dot_)43(_dot_)25(_dot_)67]> Pete Resnick
<presnick(_at_)qualcomm(_dot_)com> writes:
On 5/13/04 at 10:25 AM -0500, wayne wrote:
Because many DNS servers will return records in a round robin order
and because that order depends on other queries made by other
systems, an individual system can't depend on the order of the
records in a RR set.
As far as I understand (and maybe I'm mistaken), returning records in
a round robin order is completely configurable for the DNS
server. Indeed, sending things in different order every time is harder
From the BIND9 documentation:
Note: The rrset-order statement is not yet implemented in BIND
9. BIND 9 currently supports only a "random-cyclic" ordering,
where the server randomly chooses a starting point within the
RRset and returns the records in order starting at that point,
wrapping around the end of the RRset if necessary.
If a DNS
server is going to serve up MARID records in a random order, it gets
what it pays for.
True, BIND9 is free software. Still, requiring people to switch name
server software might slow the adoption somewhat.
IIRC, Dave Crocker is right. Only two-level expressions of ANDs of
Correction: It was Phillip Hallam-Baker who talked about this, not DC.
ORed variables or ORs of ANDed variables (and the equivalent
UNION/INTERSECTION set notation) are needed to express anything.
Actually, you could do everything with NANDs, but we are straying a bit here.
Well, NANDs need more than two-levels of expressions, but that would
be yet another example of theoretically interesting semantics/syntax
that would be horrible in practice.
So, example.com has:
example.com. MX smtp.example.com.
smtp.example.com. A 1.2.3.4
example.com. MX secondary.example.net.
and under the control of example.net:
secondary.example.net. A 5.6.7.8
Now, even if you add the complement-set operator, you can't easily
express the set of illegitimate IP address since !smtp.example.com
includes the IP address of secondary.example.net and vice
versa. More over, example.com may have no idea when example.net
changes the IP address for secondary.example.net.
This I don't understand. Why can't example.com list
secondary.example.net in its MARID record? It was perfectly capable of
listing it in its MX.
There is no problem using secondary.example.net to describe the
Legitimate set (L). However, it is useless when trying to describe
the Illegitimate set (I).
Part of the problem with just describing the semantics with out even a
suggested syntax is that you can't work out example cases. Of course,
even playing around with example cases is no subsitute for actual live
testing. For example, you discover things like there is some name
server software out there that timesout with a SERVFAIL when you do a
TXT query, but works fine for A/MX queries.
-wayne