Maintained by: NLnet Labs

[Unbound-users] patch implementing round robin rrsets

Thijs Kinkhorst
Wed Mar 7 12:48:43 CET 2012

Hi all,

We've created a patch to have unbound randomize the order of the returned
records if one has an rrset with multiple records of the same type 
(well-known as a round robin configuration and deployed widely).

We're running this in production on our site for a few weeks now. Our site
has thousands of synchronous users with a host of different platforms. To
date, nothing has broken. We use nsd as our authoritative server and we've
enabled DNSSEC.

The reason for implementing this is that we host some services on two
IP's, and since we've switched from bind as authoritative and recursive
server to nsd and unbound a few years ago, one of the servers providing the
service gets nearly all traffic while the second one is idling. This is
because neither nsd nor unbound randomize the order of rrset contents.
Obviously, I've first read some of the previous discussions on this list
about randomizing the round robin return sets. They were a few years ago so
the views may have changed, but I'd like to add my take to the
then-presented arguments and why I think this patch improves the situation.

- Selecting a random IP should be done on the client systems.

Our users use a wide range of devices, including various Windows versions,
Mac OS X and Linux. None of these do this by default, 'not even' my own
Linux workstation. As people bring their own device, it's not feasible to
change the configuration of all devices for this, nor to expect us to
convince all OS vendors to change this. This behaviour by clients is at
least for the foreseeable future, a given.

- Unbound tries its best to keep the rrset ordered.

A set by definition doesn't have an ordering, so I'm not sure what value
there is in preserve the order it had when it arrives. What does this

- It's not fast to reorder.

With our thousands of clients we've not experienced any measurable effect
in a speed sense of this patch.

- Randomizing the rrsets is feature creep.

This is of course subjective, but I dare to disagree: with 10 insertions
and 8 deletions the patch is small by any standard.

The patch can be found here:
That folder also contains patched Debian packages that we currently use in

I'm looking forward to your response.

Thijs Kinkhorst <thijs at> – LIS Unix

Universiteit van Tilburg – Library and IT Services
Bezoekadres > Warandelaan 2 • Tel. 013 466 3035 • G 236