Maybe Deepak means: "When I ask for an S3 endpoint I get 1 answer, which is 1 of a set of N. Why would the 'loadbalancer' send me all N?" (I don't know a aws s3 url to test this out with, an example from Deepak would be handy) Regards, K. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@biplane.com.au<mailto:kauer@biplane.com.au>) http://www.biplane.com.au/kauer First, thanks for translating “Deepak” for everyone. Second, I was in the back of a car, so I didn’t have a convenient dig prompt. I considered it, but went for it anyway. I’ll blame the time of day and a lack of caffeine. You’ll see from the time stamps that these were done in rapid succession at a command prompt. Even though I used 8.8.8.8, I can replicate the results with a single recursive server. I just wanted something easy for anyone to replicate. [deleted the dig information, for giggles run: dig @8.8.8.8 s3.amazonaws.com a few times in rapid succession. The TLDR is that I got this set of IPs. With more runs, I might get more. There is an obvious operational impact here, say AWS is doing Geo-based load balancing and spitting things out, and networks with eyeballs are doing their own things for traffic management and trying to do shortest paths to things – and responsible operators want to minimize the non-desirable and non-deterministic behaviors. s3.amazonaws.com. 3 IN A 52.216.105.101 s3.amazonaws.com. 1 IN A 52.216.171.13 s3.amazonaws.com. 2 IN A 52.216.236.45 s3.amazonaws.com. 2 IN A 52.216.105.101 s3.amazonaws.com. 2 IN A 52.216.138.197 s3.amazonaws.com. 2 IN A 52.217.107.14 s3.amazonaws.com. 3 IN A 52.216.206.53 s3.amazonaws.com. 2 IN A 52.217.129.32 s3.amazonaws.com. 1 IN A 52.216.236.45 s3.amazonaws.com. 3 IN A 52.216.243.22 The question is how are they spitting out 1 IP from their pool programmatically? There are a lot of reasons why someone may want this… particularly to manage *other* people geo-basing their transport, but is this a local hack or is this a feature of one of the major auth-DNS packages. If its local hackery, trying to manage for it becomes a thankless activity. If there is a standard or published method, then the feedback loop stuff can be curtailed. Thanks again! Deepak