Name server selection in Bind >=9.6
Ricardo Oliveira
rvelosoo at gmail.com
Wed Sep 15 18:52:20 UTC 2010
Hello,
A question about ns selection in bind. It seems up to bind 9.5, it
selects the ns with the lowest rtt, but there were some changes in
bind 9.6 that makes it doing random selection, from https://www.isc.org/software/bind/new-features/9.6
:
"As a security improvement to make forgery a little more difficult,
BIND 9.6 now attempts to make the order of the server selection for
queries less predictable. Previously, BIND would prefer to query the
server with the lowest round trip time (RTT). Now servers that haven't
been tried yet have their RTT set to a random value between 0 ms and 7
ms. And the RTT values of servers which have been tried are now
randomly changed up to 128 ms."
Does anyone in this list knows more details about this change short of
looking at the source code? How often are RTTs randomly changed, on
every query? Is the value picked randomly between 0 and 128ms?
Thanks,
--Ricardo
More information about the bind-users
mailing list