Hi Karl O. Pinc wrote: > So, unless you're pulling names out of /etc/hosts it's likely > that randomization does nothing. And if the bind administrator > has gone to the extra work to enable a fixed ordering of > RR records then randomization destroys his work.
That's entirely dependent on the DNS server. Some DNS servers do not randomize the order (so I've heard). Moreover, if you consider that openvpn is mostly used to connect to central resources from a random location, you can not assume anything about the nameserver(s) you resolve through. Therefore even if you go through the trouble of enabling fixed ordering on your DNS, it is likely that the (caching) nameservers that the clients resolve through randomize the list sometimes and you will get unpredictable results anyway. So IMO it would better to pick at random for load balancing (the case when ISP local nameserver caches and respons with a static list) as there is no obvious reason for fixed ordering and even if there were, it would not work anyway (unless used in a environment entirely under your control). Siim