[dns-operations] Bailiwick stats? Idea for mitigation...
Paul Vixie
vixie at isc.org
Mon Aug 11 03:07:07 UTC 2008
> > Here's an observation... very likely load balancers will hash on
> > some subset tuple of (src IP, dst IP, src port, dst port).
>
> "Very likely" isn't really good enough.
>
> The pool.ntp.org nameservers (for example) intentionally randomize
> just about every request from a pool of more than 1500 IPs.
choosing an answer at random or even choosing the last answer, after
repeating the transaction several times, is not a painful workaround.
certainly it does not invalidate the 'repeat if QID comes in wrong'
approach. so, the fact that answers won't be identical, we can live
with.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the dns-operations
mailing list