North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: dns based loadbalancing/failover
> Is 'behaviour not intended by the original rfc' your definition of 'broken'? Nope. > But the main question is, if this is "broken.", please elaborate what > exactly "breaks." I take it that unless I can point to some specific situation in which some specific application or user community is negatively impacted by this, you'll go on assuming that this deviant behaviour is merely an exercise in creativity. In that case, discussion would be pointless. If that's not the case, though, consider that a correct implementation of DNS would be within its rights to take note of the "same serial number but incoherent answers" condition and declare the zone unreachable. I'm not saying that BIND will ever do this (nor that it won't!), but I will say that I wish it had done this all along, since this is not by far the only erroneous configuration that such logic would have detected. It's possible that DNSSEC, if deployed, will cause these erroneous configurations to be detected and properly dealt with. If you're doing something that a correct implementation (which merely happens not to exist yet) could correctly treat as an error, then what you're doing fits my definition of "broken." If you think that the protocol specification is simply out of date and needs to take account of this kind of intentional incoherence, then you are welcome to try updating it. DNS is a distributed, autonomous, reliable, coherent database -- not a mapping service. DNS is about fact, not value -- it's about mechanism, not policy. No matter how you slice it, intentionally incoherent DNS zones are "broken."