On Tue, Aug 11, 2015 at 03:56:03PM +0100, Ralph Corderoy wrote: > > Which clients that are not recursive resolvers talk directly to > > authoritative nameservers (not counting "nslookup", "dig", ...)? > > Those, like ping, where a foo.local is provided by a local, > authoritative, nameserver. DNS is increasing being used on a local > level, e.g. as a distributed key/value lookup. That's one reason why > new servers are coming along and meeting old clients. The ping program talks to whichever recursive resolver is specificed in /etc/resolv.conf. Perhaps in the case of ".local" and mDNS, there are platform-specific variations in how such names are resolved. > > However, it is not clear why the order of records in a non-recursive > > response needs to be constrained in any way. Surely, recursive > > resolvers can reorder the records as necessary? > > I have a lack of DNS Fu. If the recursive resolver looking up (A? > foo.local) talked to the authoratitive server that answered (A > bar.local=1, CNAME foo.local=bar.local) then, assuming it understood > that completely answered the question, might it not simply copy the > answer back to the client without re-ordering? Recursive resolvers construct answers from their caches, and may need to query multiple nameservers to obtain the information needed to provide the answer returned to the client. They generally don't just proxy response packets from upstream servers. -- Viktor.