[nsd-users] DNSSEC question

dmitry kohmanyuk dk at hostmaster.ua
Mon Apr 4 21:54:47 UTC 2016


On 4 квіт. 2016 р., at 23:32, Peter Hessler <phessler at theapt.org> wrote:
> 
> No.  DNS does not have "an order".
> 

Indeed. Apart from record types which include weight field (MX, SRV). Perhaps author wants AAAA tried before A in case if "smart" resolver omits DNSSEC-unsigned responses?
This is orthogonal to presence of DNSSEC in the zone, and is on client side only.

So please specify your problem more precisely: is that a resolver/cache you control, zone, or both?

> On 2016 Apr 04 (Mon) at 13:29:15 -0700 (-0700), Michael A. Peters wrote:
> :Sometimes when a owner has multiple A (or AAAA) records, recursive resolvers
> :change the order in which a client receives them.
> :
> :Does DNSSEC force them to be in the same order or is the order still subject
> :to change and the whim of a recursive server?
> :
> :What I am trying to do is set up fall-back IP addresses in case a particular
> :IP address is offline, and trying to find work-around for a lack of order
> :preference (like MX records have) in A/AAAA records.
> :
> :I use DNSSEC anyway and am *hoping* that means DNSSEC enforcing resolvers
> :will preserve the order the records have coming from the authoritative
> :server.
> :
> :Thanks for suggestions.
> 
> -- 
> Cable is not a luxury, since many areas have poor TV reception.
>        -- The mayor of Tucson, Arizona, 1989
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> https://open.nlnetlabs.nl/mailman/listinfo/nsd-users




More information about the nsd-users mailing list