Category: Soap Box

PSA: DNS servers have no priority order

It is a common misconception that DNS servers that your system uses are managed in a priority order. I had this misunderstanding for years, and I’ve seen many others with the same.

The problem comes from the router or OS setup where you can list a “Primary” and “Secondary” DNS server. This certainly gives you the impression that you have one that is ‘mostly used’ and a ‘backup one’ that is used if the first one is broken, or too slow. This is false, but confusingly also sometimes true.

Consider this stack exchange question/answer. Or this serverfault question.  If you go searching there are many more questions on this topic.

Neither DNS resolver lists nor NS record sets are intrinsically ordered, so there is no “primary”. Clients are free to query whichever one they want in whichever order they want. For resolvers specifically, clients might default to using the servers in the same order as they were given to the client, but, as you’ve discovered, they also might not.

Let me also assure you from my personal experience, there is no guarantee of order. Some systems will always try the “Primary” first, then fall back to the “Secondary”. Others will round-robin queries. Some will detect a single failure and re-order the two servers for all future queries. Some devices (Amazon Fire Tablets) will magically use a hard coded DNS server if the configured ones are not working.

Things get even more confusing to understand because there is the behaviour of the individual clients (like your laptop or phone), and then the layers of DNS servers between you and the authoritative server. DNS is a core part of how the internet works, and there is lots of information on the different parts of DNS out there.

The naming “Primary” and “Secondary” come from the server side of DNS. When you are hosting a system and configure the domain name to IP mapping, you set up your DNS records in the “Primary” system. The “Secondary” system is usually an automated replica of that “Primary”. This really has nothing to do with what the client devices are going to do with those addresses.

Another pit-fall people run into when they think there is an ordering, is when they setup a pi-hole for ad-blocking. They will use their new pi-hole installation as the “Primary” and then use a popular public DNS server (like 8.8.8.8) as the “Secondary”.  This configuration sort of works – at least some of the time, your client machine will hit your pi-hole and ad-blocking will work. Then, unpredictably it will not block an ad – because the client has used the “Secondary”.

Advice: Assume all DNS servers are the same and will return the same answer. There is no ordering.

I personally run two pi-hole installations. My “Primary” handles about 80% of the traffic, and the “Secondary” about 20%. This isn’t because 20% of the time my “Primary” is unavailable or too slow, but simply that about 20% of the client requests are deciding to use the “Secondary” for whatever reason (and that a large amount of my traffic comes from my Ubuntu server machine). Looking deeper at the two pi-hole dashboards, the mix of clients looks about the same, but the “Secondary” has fewer clients – it does seem fairly random.

If your ISP hands out IPv6 addresses, you may find that things get even more interesting as you’ll also have clients assigned an IPv6 DNS address, this adds yet another interface to the client device and another potential DNS server (or two) that may be used for name lookups.

Remember, it’s always DNS.

30 Years

I’ve passed 20, then 25-year milestones and while it was very nice to hear from co-workers and friends on those dates it wasn’t significant. Hitting 30 years is surprisingly different for me, it is unbelievable to hit this milestone. I’m fortunate to have more than a handful of co-workers who have longer tenure than I do, some more than a decade ahead of me. It is these people that are showing me the way forward from here.

I’m proud to be a technical leader in my area. Recognized as a “Master Inventor“. Called upon to mentor and coach people both in my group and outside. I regularly work with customers, consultants, and other companies. Sometimes I even get my hands dirty with code and the work of keeping some of our cloud services going. 30 years in, and there is still plenty to keep me actively engaged and looking for the next hill to climb.

Now, 30 years counts all my full-time work. The company I started at: Object Technology International, was purchased by IBM and we were granted our tenure at that company as IBM tenure. I have many great memories of the work we did at OTI. Inside IBM we continued to make our mark in the Java space. I did a stint in Corporate helping communicate technical strategy. My most recent chapter is about building IBM Cloud. While this has all been within “one company” I’ve had a lot of different jobs over the years.

One of the things that I find attractive about computers is what they enable a single individual to accomplish. That is still true, but I’ve learned that the real magic is when you get a team of people working together to solve a problem that a has real impact. It is all my team members, past and present that I’m thankful for.

IBM continues to be a great place for me. I hope to continue to grow and learn. I’ve certainly become a better person over time, and I hope that I’ve helped others build their skills too.

None of my accomplishments would have been possible without the support of my wife and kids, to them I am forever grateful.

The Culture of Disposable Technology

I really like taking things apart. When it comes to smart phones, the Nexus 4 was the last phone I really did any actual tinkering around inside. That phone had a 7/10 repairability score on ifixit, not bad. I had replaced the battery multiple times, and even the motherboard.

My current phone is the Google Pixel XL, it also surprisingly gets a 7/10 on ifixit. Looking at the battery replacement guide, it seems the display is likely to break when you pry it off. This seems much worse than the Nexus 4 to me since other than the screen, the battery is probably the next most likely component you’ll want to replace.

It wasn’t always this way. Removable batteries were common, that is before the rise of smartphones. Some lay the blame on Apple and the iPhone, but the industry as a whole needs to own this problem. The rate and pace of improvements has driven this issue, it’s quite common to replace your phone after 2 years – why make anything repairable?

Even the latest macbook pro has a removable cover.

 

Imagine if we put a few screws on the back of the Google Pixel XL in the same style? The battery is stuck right on the back cover.

The only hitch is the battery connector is on the wrong side of the circuit board.

It might be awesome to create after market phone bodies which enable easy repair, but re-house the existing electronics. While it’s unfortunate that modern screens are glued to the frame – I can deal with that being a part I need to replace as a whole. The structural benefits of the screen being firmly affixed are worth that. The back of the phone, other than possibly being a water-resistance problem, seems like an obvious location for access to the inside.

There is a security story here, making it hard to open the phone means you can trust the insides haven’t been tampered with. For the majority of users, this isn’t a key part of their threat model. Also, everything is broken anyways. Tamper proof stickers are also an easy solution to that. I’d even be ok if the panel on the back was glued on – and removing it voided my warranty.

It is probably a difficult business case to justify building an aftermarket phone body to re-house the electronics. Still I can dream.

The trend of making the screen the thing you need to remove to get into the phone is a bad decision for repairability. If the latest macbook pro can have screws on the underside, why can’t modern smart phones?

There is some hope if we look at the maker community and projects like kiteboard. There is also the Fairphone as an option, but it is not available in all countries.