Re: [DNSOP] BCP on rrset ordering for round-robin? Also head's up on bind 9.12 bug (sorting rrsets by default)

Tony Finch <dot@dotat.at> Fri, 15 June 2018 16:54 UTC

Return-Path: <dot@dotat.at>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2D4D130DFB for <dnsop@ietfa.amsl.com>; Fri, 15 Jun 2018 09:54:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fzm2oE-ouipP for <dnsop@ietfa.amsl.com>; Fri, 15 Jun 2018 09:53:59 -0700 (PDT)
Received: from ppsw-31.csi.cam.ac.uk (ppsw-31.csi.cam.ac.uk [131.111.8.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BA011130E36 for <dnsop@ietf.org>; Fri, 15 Jun 2018 09:53:59 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus
Received: from grey.csi.cam.ac.uk ([131.111.57.57]:56499) by ppsw-31.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.137]:25) with esmtps (TLSv1:ECDHE-RSA-AES256-SHA:256) id 1fTrz4-000I6F-Jd (Exim 4.91) (return-path <dot@dotat.at>); Fri, 15 Jun 2018 17:53:58 +0100
Date: Fri, 15 Jun 2018 17:53:57 +0100
From: Tony Finch <dot@dotat.at>
To: Erik Nygren <erik+ietf@nygren.org>
cc: dnsop WG <dnsop@ietf.org>
In-Reply-To: <CAKC-DJimMOtNCSE95kRs6Dy3dC_mxB=8O2WVA7badp8GK2ci-Q@mail.gmail.com>
Message-ID: <alpine.DEB.2.11.1806151712520.916@grey.csi.cam.ac.uk>
References: <CAKC-DJimMOtNCSE95kRs6Dy3dC_mxB=8O2WVA7badp8GK2ci-Q@mail.gmail.com>
User-Agent: Alpine 2.11 (DEB 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/EXOWAvb0aR3N4Gz9ub5N53sL-oo>
Subject: Re: [DNSOP] BCP on rrset ordering for round-robin? Also head's up on bind 9.12 bug (sorting rrsets by default)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jun 2018 16:54:02 -0000

Erik Nygren <erik+ietf@nygren.org> wrote:

> A number of folks have been bitten by a bug in bind 9.12 where it silently
> changes the default sorting of rrsets to always be sorted (even if the
> authoritative response wasn't sorted).

Huh, I noticed this and put the workaround in my config but I didn't
realise it counted as a bug.

Anyway, there's a related issue, RFC 3484 address sorting. I believe glibc
used to derandomize addresses in getaddrinfo(), but it seems to have
stopped doing so. (However I can't find a changelog item saying so...)

Windows had a similar issue (I think it was fixed in Windows 7?):

https://support.microsoft.com/en-us/help/968920/windows-vista-and-windows-server-2008-dns-clients-do-not-honor-dns-rou

I never understood how RFC 3484 sorting could possibly make sense when
there's no way for an edge device (or even an expert sysadmin) to know
anything meaningful about how IP addresses relate to network topology.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
Sole, Lundy, Fastnet: West or southwest 3 or 4, increasing 5 or 6. Moderate or
rough. Occasional rain or showers. Good, occasionally poor.