Actually, I just asked one of the powerdns devs, and their
recursor/resolver implementation does actually only return what is in
its cache when answering an ANY query.
On 10/15/2015 4:46 PM, Robin Geuze wrote:
Hey Baptiste,
Using ANY queries for this kind of stuff is considered by most people
to be a bad practice since besides all the things you named it can
lead to incomplete responses. Basically a resolver is allowed to just
return whatever it has in cache when it receives an ANY query instead
of actually doing an ANY query at the authoritative nameserver. Thus
if it only received queries for an A record before you do an ANY query
you will not get an AAAA record even if it is actually available since
the resolver doesn't have it in its cache. Even worse if before it
only got MX queries, you won't get either A or AAAA.
Currently I don't know of any resolver that actually behaves this way,
but it is allowed as per the DNS related RFC's, so using ANY queries
might at some point lead to really weird results.
-Robin-
On 10/15/2015 4:35 PM, Baptiste wrote:
Hey guys,
by default, HAProxy tries to resolve server IPs using an ANY query
type, then fails over to resolve-prefer type, then to "remaining"
type.
So ANY -> A -> AAAA or ANY -> AAAA -> A.
In some cases, ANY query type is ignored or response contains no
records, which leads HAProxy to try next query type.
Today, 0yvind reported that weave DNS server actually answers with an
NX response, preventing HAProxy to failover to next query type (this
is by design).
Jan, a fellow HAProxy user, already reported me that ANY query types
are less and less fashion (for many reasons I'm not going to develop
here).
Amongs the many way to fix this issue, the one below has my preference:
A new resolvers section directive (flag in that case) which prevent
HAProxy from sending a ANY query type for the nameservers in this
section ie "option dont-send-any-qtype".
An other option, would to make HAProxy to failover to next query type
in case of NX response.
This would also cover the case where a server returns a NX because no
AAAA records exists.
Any comments are welcome.
Baptiste
