Re: [DNSOP] BCP on rrset ordering for round-robin? Also head's up on bind 9.12 bug (sorting rrsets by default)

Shumon Huque <> Sat, 16 June 2018 00:12 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C67DD130E5A for <>; Fri, 15 Jun 2018 17:12:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bGKRjfVtRK0n for <>; Fri, 15 Jun 2018 17:12:49 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4002:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 927DD130DC9 for <>; Fri, 15 Jun 2018 17:12:49 -0700 (PDT)
Received: by with SMTP id v197-v6so3914059ywc.13 for <>; Fri, 15 Jun 2018 17:12:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=j904+MQVZ6xTov4swDzhfmA/11RtKcZxDIqMuHH6uXk=; b=aMYlUpvHX9Qew2ycCc4H8qSCyTPYnKYjfeTBgTeetiLwlgiEnWO0Jg2arbpaQHvhHC +J7gIfmrvTMIrFEMItf+zHA+8H7KOCZaiQmeGgkrWw0m4qKB58bxv4qGtNq91SCgbz8n 61pXGSIF8XAOAKhRIHRfiN6LUN5hjfBZ5QIwIIbq4QTXGbE6SUJEzIbjO+8VQIgKG11c G+uXT7dsCl2/Lw2OT9H9rrgU7/g8p0sJKXF5UwsK3/dfGCRUdYPHFNS5fJeoVUai6Jrb 1wBiJJulVhcktnAorfInXiXr1mznSDX7VOuCXk8SA4hq0yxZacSiPsk4puM0Tvapjhz8 TTbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=j904+MQVZ6xTov4swDzhfmA/11RtKcZxDIqMuHH6uXk=; b=TXGOE4B+2vP+YI0Fkoa57S4sRqw7/tWY7XMVtr5k91nvQUA2Lv696MIMi8t22L8PC/ S7yktUmsyAOLxBTsppYedvs5GoCG9PHeOGQP7E2EeKvPyy3pbB59OXIQMBYRfslL2VOP Kmajs4z8ARLCU2yMMk945qOLH6O9J/RD4hHYTUwxIerR54VB3gU17h62+8fexunDHaHv pOXQNDVrN+iS2g1jRUFTlb6qXQUH+n19DmPAvvpXccwqFIa0m8tFWOND4Gr+WaKbW0wL X6NrDV4m9/YX2Am2E9CnpAEoZ+PL4iFePrb10+SyRUFEKuawC2FNT4d4+FMxU45wljvj xNFQ==
X-Gm-Message-State: APt69E38F5i/V2WgUDN53v3QIpE16z9fYQYsZdb+/1NNnFcbexhEoRFR OKruAiGLmnrtbAljfbZymNCk2uQXlS69ap7B1lg=
X-Google-Smtp-Source: ADUXVKLitIWl0tZ8lFMbbWBAQoGoDwdmqrH1iETeD28axRbPpqPmBqv8nVDl8X6KH+3y4BwOp5poCgQKulN8cIJI+Ko=
X-Received: by 2002:a81:7d06:: with SMTP id y6-v6mr1918218ywc.371.1529107968816; Fri, 15 Jun 2018 17:12:48 -0700 (PDT)
MIME-Version: 1.0
References: <> <>
In-Reply-To: <>
From: Shumon Huque <>
Date: Fri, 15 Jun 2018 20:12:37 -0400
Message-ID: <>
To: Mark Andrews <>
Cc:, " WG" <>
Content-Type: multipart/alternative; boundary="0000000000004e003e056eb73155"
Archived-At: <>
Subject: Re: [DNSOP] BCP on rrset ordering for round-robin? Also head's up on bind 9.12 bug (sorting rrsets by default)
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 16 Jun 2018 00:12:52 -0000

On Fri, Jun 15, 2018 at 6:40 PM Mark Andrews <> wrote:

> What we should be asking is why a service that needs multiple machines
> isn’t using SRV. It has randomisation between servers explicitly defined
> along with proportional load balancing.

That would be nice, but sadly major applications like the web, have (in my
assessment) never seriously shown any interest in using SRV records. To
quote some of the discussion of HTTP2 on this subject:


--- excerpt

"We discussed this, but decided not to support SRV in HTTP/2 - mostly
because HTTP/2 needs to be backwards-compatible with the existing Web,
which doesn't use SRV. In discussion, it also became pretty clear that if
we were to use an additional record type for HTTP, SRV may not suit,
because we need to do things like protocol version negotiation.

There were also concerns about latency and interoperability (especially
considering how many DNS requests a page load can make, and the unfortunate
limitations of some DNS gateways/proxies)."

--- end excerpt

The latter point about additional latency, due to the need for additional
follow-on queries to resolve the address records for the SRV targets (if
the resolver hasn't provided them), has been a pretty potent blocker for
SRV adoption in the web.

Also, in my experience, many implementations of client applications that do
employ SRV don't even bother to implement the load balancing aspect, just
the priority aspect. This was particularly true in Kerberos from my

> It also addresses CNAME at the apex which quite frankly is only used to
> find the name of the HTTP server for the zone which SRV  is quite capable
> of doing.

Yup ..