| |
| |
| |
|
Comments:
<0> We're noticing that if bind has multiple A records for a given domain, MS sorts them and uses the first one every time. Their doc seem to suggest that they expect DNS to respond with a single A record and it's up to the server to do the round-robin output of just one.
<0> Anyone seen this? Is there a way to get bind to just return one of the list in the zone file?
<0> (just return one == cyclic or even random)
<1> moin
<1> MS as in MicroSoft?
<0> Yup
<1> format c:
<0> Nah, not the problem. We have a pile of mail servers. MS Mail servers always send to the one with the lowest IP :)
<1> which domain?
<0> filter1.mailguard.com.au
<1> i.e. users send emails to someone@filter1.mailguard.com.au ?
<0> Nah, they send it to foo@bar.com. bar.com has filter1.mailguard.com.au as it's MX record
<1> only one mx record or multiple?
<0> Multiple, but what does that matter?
<1> it does matter
<0> bar.com MX 10 filter1, MX 20 filter2 etc
<1> when you have 3 mx records, e.g. MX 10 mail1 MX 20 mail2 MX 30 mail3
<1> it will always send to mail1 first when it behaves correctly
<0> OK, I'm not explaining myself properly obviously
<1> ok. filter1 has a lot of a records
<0> MS wants to send mail to foo@bar.com, it checks bar.com's MX and gets filter1.mailguard.com.au. It then resolves that
<1> when your micro**** software always uses the same a record it's broken and you can't do anything about it.
<0> It gets a list back, but it *sorts* that list rather than just using the first record
<0> Yes, we can't. But I'm hoping there's some way for bind to just return 1 each time as only one is needed
<1> there's no built in way. change the source
<1> or you can use a lower ttl value
<1> use a ttl value of 0 and it should work as expected. but it generates lot of traffic and delays while sending mails
<0> It's at 1
<1> then it should work
<0> Interestingly, one of our servers is returning a sorted list
<0> What should? MS?
<0> MS is sorting them
<1> it's not, at least on one machine I just tested it it won't sort them
<0> Yeah, only one of them .. didn't have rrorder set or something (other bloke found that :))
<0> Gaj
<0> gah
<0> It's not windows
<0> If you query baz.com's NS for our records, baz.com return them in whatever order it wants to rather than returning them in the order we specified
<0> So ms-user.com's mail server queries whatever DNS it wants to (local or ISP) which, even if it's bind, returns them in whatever order it wants
<1> the order is not important, your client should randomize it too iirc
<0> Nothing does though .. even ping just uses the first on the list
<0> We're thinking that bind is really incorrect in reordering
<0> The resolver is running getHostByName which get the list from DNS, and returning the first record
<1> your bind always sends records in the same order?
<0> So maybe the problem is that getHostByAddr should be returning a random element, but it probably presumes it's getting an ordered list
<0> Nah, our bind randomises the list every time
<1> thats correct.
<0> But without the rrset-order flag, it sorts them
<0> Even though the server it GOT them from was randomised
<0> Resolver --- DNS --- Our Bind .... 'DNS' there is sorting the results it gets from 'Our Bind'
<0> Now I'm not surprised that MS does that, but the problem is that bind does the same
<0> Even with the flag set, if bind is 'DNS' then it re-randomises them. Without it, it sorts them.
<0> There doesn't seem to be a way to let them p*** though unmolested
<0> It would be wrong for us to patch bind to only send ONE A record each time, as the DNS should be able to return the whole list
<1> my bind configuration has no ordering flags and it never sorts the records
<0> (And there's other places where we'd WANT to send the whole list)
<0> what v?
<1> 8.3.3 and 9.2.4 and others
<0> 9.3.1 is either ordering or randomising, but never p***ing through
<1> what's wrong with not p***ing though?
<0> If 'Our Bind' sets an order, it's a bit presumtuous of 'DNS' to change that order ..
<2> hi all :) is it possible that: dig ns subdomain.domain.com gives the correct nameserver (ns.subdomain.domain.com) together with it's ip, and that dig @ip-of-ns subdomain.domain.com gives the correct ip for the A record, while dig subdomain.domain.com doesn't give anything?
<2> it seems a ns record always needs a name, not an ip address... well problem solved
<3> Hey, does BIND have some way to make it respond for any hostname? Like I want a record to say "If you don't match anything else, point to foo"
Return to
#bind
or
Go to some related
logs:
#css
cpanel php_escape_html_entities
debian remove ipv6 howto
chomp $variab
raid cannot read block bitmap
#css
gentoo libpci
oracle turn off core dump
#math
baby picutres
|
|