[dns-operations] Bailiwick stats? Idea for mitigation...
vixie at isc.org
Mon Aug 11 03:07:07 UTC 2008
> > Here's an observation... very likely load balancers will hash on
> > some subset tuple of (src IP, dst IP, src port, dst port).
> "Very likely" isn't really good enough.
> The pool.ntp.org nameservers (for example) intentionally randomize
> just about every request from a pool of more than 1500 IPs.
choosing an answer at random or even choosing the last answer, after
repeating the transaction several times, is not a painful workaround.
certainly it does not invalidate the 'repeat if QID comes in wrong'
approach. so, the fact that answers won't be identical, we can live
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the dns-operations