RE: Resolver optimization of auth selection - Truth or Myth?

Mon, 08 Feb 2016 11:07:47 -0800 

I suspect they changed the algorithm, in light of recent research findings 
about attackability. See 
http://www.cs.technion.ac.il/~gnakibly/papers/WOOT13.pdf

                                                                                
                                                                                
- Kevin


From: [email protected] 
[mailto:[email protected]] On Behalf Of MURTARI, JOHN
Sent: Monday, February 08, 2016 1:36 PM
To: [email protected]
Subject: Resolver optimization of auth selection - Truth or Myth?

Folks,
                Just trying to settle a question on BIND based resolver 
operation.  When given multiple authoritative servers for a zone, does it 
optimize selection based on auth server response times?  For example:

-------
                I'm located in Sydney, Australia and my ISP has a couple of 
BIND based resolvers also located there.  I'm trying to get to 
www.example.com<http://www.example.com> and it happens to have three 
authoritative servers, ns{1,2,3}.example.com with a single unicast IP and 
located as follows:

                ns1.example.com - Signapore,   ns2.example.com - Los Angeles,   
ns3.example.com - New York

                We'll assume DNS round trip time (RTT) are proportional to 
distance from Sydney; also,  the fine folks at example.com have set a 10 minute 
TTL on all their resource records and have never heard of anycast IPs.   They 
are also very reliable, so we're not considering the effects of a 
non-responsive server.

                So.....do the BIND resolvers in Sydney begin to notice their 
quickest source of responses is ns1 and when cache data expires, do they go 
there first?  Or, are did the people at example.com waste money trying to 
locate one of their authoritative servers in Singapore to better serve their 
Australian visitors?
-----

                I did do a little searching on this and found what seemed to be 
a decent paper, no date, but covered up to BIND 9.8: 
http://irl.cs.ucla.edu/data/files/papers/res_ns_selection.pdf

                If you take a look at sections 4.1 & 4.2 - they seem to say  
BIND 9.8 gets it a little backwards and starts to prefer higher latency servers?

                Any clarification on this is welcome.
                Thanks!

John



----------------
John Murtari - [email protected]<mailto:[email protected]>
Ciberspring
office: 315-944-0998
cell: 315-430-2702


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to