[dns-operations] NS selection in bind

Michael Graff mgraff at isc.org
Fri Sep 17 12:55:42 UTC 2010

On 9/17/10 4:53 AM, Ricardo Oliveira wrote:

> Does anyone in this list knows more details about this change short of
> looking at the source code?
> How often are RTTs randomly changed, on every query?
> Is the value picked randomly between 0 and 128ms?

This is referred to (by us anyway) as RTT banding.

That is, we break the RTT response times from servers into 128ms groups,
so anything 0-127ms will be considered "the same" while anything
128-255ms will be "the same" for random selection.

The purpose is to make it harder to know which of several reasonably
speedy servers are likely to be responded to, so a brute force flood
attack is harder.

This was one of many mitigation techniques, along with source port
randomization, to defend against such.


More information about the dns-operations mailing list