On Wed, 14 Jan 2026, Libor Peltan wrote:
Anyway, shouldn't we rather go the opposite way of declaring that any section of DNS response is unordered (why should the answer section be special?) and the receiver MUST be able to find all the wanted info regardless -- even in ridiculous cases when the CNAME target is put first and the CNAME itself afterwards...?
I agree :) That is exactly what DNSOP did after a long discussion in RFC 7901, the Chain Query Requests in DNS, where there IS a lot of value if RRsets come in a specific top down order but we STILL said you cannot depend on any RRset ordering. https://datatracker.ietf.org/doc/html/rfc7901#section-5.4 The added DNS RRsets start with the first chain element below the received closest trust point up to and including the NS and DS RRsets that represent the zone cut (authoritative servers) of the QNAME. The added RRsets MAY be added in matching hierarchical order, but a DNS client MUST NOT depend on the order of the added RRsets for validation. Paul _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
