Home / server / Questions / 1008036
Accepted
Dan
Asked: 2020-03-24 08:06:07 +0800 CST

How should a DNS server pass on an upstream response with multiple responses?

  • 772

I'm looking to explore the technical details of a quirk I've found.

I have an authoritative DNS server, performing Global Services Load Balancing. It responds with multiple IP addresses, in the order of preference based on its Load Balancing algorithms. So, for example if all services are healthy, but x.y.z.3 is least loaded, the response may look like:

x.y.z.3
x.y.z.1
x.y.z.2

However, what I've discovered is that if a user uses Google's DNS (8.8.8.8) they get a response exactly as above. However, OpenDNS appears to further round-robin these responses.

In other words, a user using 8.8.8.8 as their DNS server will always get this response:

x.y.z.3
x.y.z.1
x.y.z.2

But a user using OpenDNS could see them in any order.

I can immediately resolve this issue by only returning x.y.z.3, but I'd like to know:

  1. Is there an alternative way to resolve this?
  2. Is this behaviour covered in an RFC or standard?
  3. Is the OpenDNS behaviour expected and correct?
domain-name-system load-balancing dns-hosting

1 Answers

  1. Best Answer

    Your direct questions are a bit tricky to answer as a result of being founded in assumptions that partially do not align with how DNS works.

    The resource records that exist for a given combination of name, class, and type form a resource record set (commonly referred to as RRSet).
    As that term suggests (particularly it being a set), the order in which the records are enumerated has no significance to the system.

    I believe the first place where this lack of ordering is pointed out is in RFC1033:

    The domain system does not guarantee to preserve the order of resource records. Listing RRs (such as multiple address records) in a certain order does not guarantee they will be used in that order.

    With that knowledge, it's already clear that having expectations on ordering means relying on behavior that was not guaranteed in the first place.

    Next up, a common use-case for having record sets with multiple address records (A/AAAA) has been a crude means of load balancing in DNS.
    In order to help that work a bit better, many caching resolvers will reorder the records with each response (whether round-robin or just randomized order) to help simple client applications that just pick the first address to not all hit the same address for however long the TTL is.
    Ie, it's more that the standards allow for this kind of behavior to be implemented (order is not significant) than actually mandating this.

    All in all, you just have to consider the order of records to have no actual significance and that clients can be expected to use all the addresses present in the record set.

    If it's truly important that only the least loaded host gets traffic, you would have to either only return its address, or if the client software supports SRV (this rules out web browsers) possibly make use of that and adjust the SRV priority and/or weight fields to reflect your current preference.
    However, do keep in mind that caching will still be a thing, so it could still be for the best that clients somewhat spread the load over the available hosts "on their own".

    • 2