[dns-operations] NS selection in bind
mgraff at isc.org
Fri Sep 17 12:55:42 UTC 2010
On 9/17/10 4:53 AM, Ricardo Oliveira wrote:
> Does anyone in this list knows more details about this change short of
> looking at the source code?
> How often are RTTs randomly changed, on every query?
> Is the value picked randomly between 0 and 128ms?
This is referred to (by us anyway) as RTT banding.
That is, we break the RTT response times from servers into 128ms groups,
so anything 0-127ms will be considered "the same" while anything
128-255ms will be "the same" for random selection.
The purpose is to make it harder to know which of several reasonably
speedy servers are likely to be responded to, so a brute force flood
attack is harder.
This was one of many mitigation techniques, along with source port
randomization, to defend against such.
More information about the dns-operations