What is a Round Robin DNS? and other security issues..
Kevin Darcy
kcd at daimlerchrysler.com
Thu Jan 27 21:58:30 UTC 2000
Joseph S D Yao wrote:
> On Thu, Jan 27, 2000 at 03:23:06PM -0500, Josh Rivel wrote:
> > Round robin DNS = Having multiple ip addresses (A records) for the
> > same hostname.
> >
> > I.E.
> >
> > lame:~> host www.msn.com
> > www.msn.com A 207.46.179.143
> > www.msn.com A 207.46.185.138
> > www.msn.com A 207.46.185.140
> > www.msn.com A 207.46.209.218
> > www.msn.com A 207.46.176.120
> > www.msn.com A 207.46.176.121
> > www.msn.com A 207.46.179.134
> >
> > Jari Ivanoff wrote...
> > > Sorry for this perhaps trivial question.. but what is a Round Robin DNS??
>
> This answer is incomplete. It is only "round robin" when the first
> answer returned [which is often the only answer looked at] rotates
> evenly among all addresses. This can be undone by cached answers, by
> intermediate name servers that do not rotate answers, or by changing
> the default sort order on the home name server.
>
> I guess some kind of "true round robin" would preserve the order while
> changing the first one presented; but since most clients wouldn't care
> about the others, I wouldn't make that a requirement. I believe that
> this behavior is the kind of "round robin" that BIND V8 exhibits,
> anyway.
Not quite. For "cyclic" order (the default ordering scheme), BIND picks one of
the RRset records at random, and then presents them in rotational order using
that record as the origin. For an RRset with only 2 records, therefore, there is
functionally no difference between "random" and "cyclic". "True" round-robin, in
my opinion, would entail keeping track of the last answer given and only
advancing one "click" at a time, thus giving each record consistently equal
weight and thus helping to smooth out some of the "spikes" that can occur with
randomization.
- Kevin
More information about the bind-users
mailing list