|[chrony-users] DNS RR and chrony|
[ Thread Index |
| More chrony.tuxfamily.org/chrony-users Archives
- To: chrony-users@xxxxxxxxxxxxxxxxxxxx
- Subject: [chrony-users] DNS RR and chrony
- From: Ben Kochie <bjk@xxxxxxxxxxxxxx>
- Date: Wed, 24 Feb 2016 16:18:36 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=soundcloud-com.20150623.gappssmtp.com; s=20150623; h=mime-version:date:message-id:subject:from:to:content-type; bh=J90noxTkZYSuWyYVAul/0J69ibMnYLhEArGeH49aIL0=; b=kse4JlFxBoC3/oUmaaJWSU/kzzgBaa7snRp62D5xnLUw2kXQC9GyU0qM67nKa+tlSG x9B9/qvuiyaAzhkPNw30t9jdYiLuCn4Yo8u5gxiS0aMFQnamXKXJuKocA+/kL76uy06W fMgMUAc2fwU5wsyQmVzr9UPDuJJrEJphRz0qCye1hG2SNvCSGJ3XII4uTW8YmQdWY/nv pxptfMA6CMc6pbtrEgLgsruPtv13Yjg0458chkgsPHR8Qw8B7WAbYafTCu/Q+nuTgP2u uY+zlf2QQ6IXTBVGovj+d9m8Np47OiQkGtVP4UAi5MPnOXruEdc86D6rJFg4o5vQ+0w3 zj6Q==
When using pools in the config, chrony is subject to some implementation "problems" with libc's getaddrinfo() on many platforms. This breaks DNS round-robin as served by the DNS server.
There is a long standing "bug" in several libc implementations due to strict adherence to RFC 3484 Rule #9. There were many long arguments about this in the 2007 era, with no resolution.
Thankfully RFC 6724 obsoletes 3484, but nobody's implemented it yet, and it's not likely to get backported to stable distributions like Debian.
The end result here is that getaddrinfo() always sorts the output of IPv4 results and chrony will pick the first N in that list. For example I have a DNS record internally that has 8 servers, and I have chrony pick 4. Every node has the same identical 4 node list instead of a random sampling of the 4.
It would be nice if chrony were have an option to shuffle the list before selecting.
Something like this: