On Tue, Jan 12, 2016 at 03:47:16PM +0100, Stephane Bortzmeyer wrote:
> > returned RRSIG first for 44% of my statistically dubious sample.
>
> It is said that PowerDNS does it at random, on purpose, to break
> erroneous programs.
Let me clarify that. PowerDNS Authoritative has always randomized record
order in responses. We did not change that when DNSSEC came along, so
frequently you'll get the RRSIG record before the A record (for example).
When I pondered special casing that ordering, I took into account that no
one can rely on DNS records arriving in a specific order. So I felt no
need to throw a bunch of special casing in there to protect weak
implementations, as I would not actually be helping them. It would not make
the world more robust.
So that's how this came to be.
Incidentally, we were not quite as sentimental about CNAME ordering because
we estimated that stub resolvers would not be able to deal with anything
that looked not absolutely canonical. Since stubs are such founts of
quality.
Bert
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
