Importance of the answer order in a DNS lookup

Question

How important is the order of a DNS answer?

Example:

if you type host -a google.com into the terminal, you will see:

;; ANSWER SECTION:
google.com.     300 IN  A   172.217.21.14
google.com.     300 IN  AAAA    2a00:1450:4016:80b::200e
google.com.     3600    IN  TXT "v=spf1 include:_spf.google.com ~all"
google.com.     345600  IN  NS  ns4.google.com.
google.com.     600 IN  MX  30 alt2.aspmx.l.google.com.
google.com.     600 IN  MX  40 alt3.aspmx.l.google.com.
google.com.     345600  IN  NS  ns2.google.com.
google.com.     60  IN  SOA ns1.google.com. dns-admin.google.com. 192227941 900 900 1800 60
google.com.     300 IN  TXT "docusign=05958488-4752-4ef2-95eb-aa7ba8a3bd0e"
google.com.     600 IN  MX  20 alt1.aspmx.l.google.com.
google.com.     600 IN  MX  50 alt4.aspmx.l.google.com.
google.com.     345600  IN  NS  ns3.google.com.
google.com.     86400   IN  CAA 0 issue "pki.goog"
google.com.     600 IN  MX  10 aspmx.l.google.com.
google.com.     345600  IN  NS  ns1.google.com.

My Question
How important is the order of this reply? Because I saw many websites that send the MX then TXT then the SOA and then the NS and after all that the A. Is there a speed difference, or something else?

HBruijn · Accepted Answer · 2018-04-12T15:32:11.307

With host -a you query for ANY record. which is one of the special “magic” types in DNS. Instead of being a query for a single type like A , AAAA or MX, ANY retrieves all the available types for a given name.

ANY requests are mainly a a diagnostic tool for human operators.Normally an application would make queries for only a single specific type.

There is no relevance in the order in which ANY responses are returned.

When you query for specific record types, i.e.with host -t MX google.com or dig -t A serverfault.com and you get multiple responses there may indeed be a relevant effect in the order they get returned.

Nameservers and resolvers usually perform round-robin DNS when a specific query will result in multiple responses. They will vary, between one request and the next, the order in which they send those responses. Since most clients will connect to the first response they receive such variation will result in some load balancing.

A , AAAA, NS (and probably others) - multiple responses are allowed and possible and round-robin DNS will happen.
For instance see what happens when you perform multiple lookups of the serverfault.com ip-address:

$ host -t A serverfault.com
serverfault.com has address 151.101.193.69      <=== 1
serverfault.com has address 151.101.1.69        <=== 2
serverfault.com has address 151.101.65.69       <=== 3
serverfault.com has address 151.101.129.69      <=== 4

$ host -t A serverfault.com
serverfault.com has address 151.101.1.69        <=== 2
serverfault.com has address 151.101.65.69       <=== 3
serverfault.com has address 151.101.129.69      <=== 4
serverfault.com has address 151.101.193.69      <=== 1

$ host -t A serverfault.com
serverfault.com has address 151.101.65.69       <=== 3
serverfault.com has address 151.101.129.69      <=== 4
serverfault.com has address 151.101.193.69      <=== 1
serverfault.com has address 151.101.1.69        <=== 2

MX - multiple responses are allowed. The order in which the resolver returns them does usually not matter for the client, as MX records have a priority field that defines the relative ranking of the available MX records, but multiple MX records with the same priority should result in a round-robin effect similar to that of for instance multiple A records :

                              _ MX preference aka priority 
                             /
google.com.     600 IN  MX  30 alt2.aspmx.l.google.com.
google.com.     600 IN  MX  40 alt3.aspmx.l.google.com. 
google.com.     600 IN  MX  20 alt1.aspmx.l.google.com.
google.com.     600 IN  MX  50 alt4.aspmx.l.google.com.
google.com.     600 IN  MX  10 aspmx.l.google.com.

SOA - only a single response is allowed, ordering is not an issue

CNAME - only a single response is allowed (see this Q&A) , ordering is not an issue

There is relevance for RR of the same type since most clients use the first entry first, so DNS-RR (weighting and preference) can be controlled by the DNS server. This is typically used by Global Loadbalancers to influence clients. — eckes, Apr 10 '18 at 11:04
Nitpick: `ANY` does not retrieve all the available **records** for a given **label**, it gives back the content of the resolver cache, which may or may not be all records that exist. Hence `ANY` rarely does what everyone think it does, it should not be used in practice, and may become deprecated in the future for these exact reasons. — Patrick Mevzek, Apr 12 '18 at 13:16
`ANY` is now indeed considered deprecated and nameservers are free to stop answering it fully: https://tools.ietf.org/html/rfc8482 "Providing Minimal-Sized Responses to DNS Queries That Have QTYPE=ANY". TL;DR: Never use type `ANY` for any DNS troubleshooting. — Patrick Mevzek, Aug 10 '20 at 17:28

Importance of the answer order in a DNS lookup

1 Answers1