Maintained by: NLnet Labs

[Unbound-users] Does/can unbound use RTT values to prioritise DNS servers

Carsten Strotmann
Sun Nov 28 18:41:49 CET 2010


On 11/27/10 8:21 PM, Nick B wrote:
> Does or can unbound be configured to prioritise recursive queries
> using the lowest RTT values, maybe from the Infra cache? In this
> instance 'K' is preferable to 'M' for example.
Hello Nick,

Unbound is using "RTT banding", it randomly pickes a server within a 
so-called RTT band of 400 msec, see
http://www.unbound.net/documentation/info_timeout.html
and
http://www.unbound.net/documentation/patch_announce102.html

> Destination address randomisation. Unbound performs RTT banding, a 
> method to select the destination server that provides additional 
> randomness. This provides between 1 and 4 bits of randomness. Perhaps 
> 2 on average. Arguments that choosing the fastest destination reduces 
> the attack time window are no longer relevant given the recent full 
> disclosure at the Blackhat conference. Additional time windows are 
> easily achieved.

-- Carsten