How does bind 9.x chooses root servers?

Mukund Sivaraman muks at isc.org
Fri Sep 19 10:07:04 UTC 2014


Hi Jittinan

On Fri, Sep 19, 2014 at 03:57:32PM +0700, Jittinan Suwanruengsri wrote:
> How does bind 9.x chooses root servers? 

The question is better phrased as "How does BIND choose name servers?"

The SRTT selection method used by BIND is not quite described anywhere
in an ISC document (such as in the ARM), but sometime ago there was a
presentation about a vulnerability that described it:

https://www.usenix.org/sites/default/files/conference/protected-files/hay_woot13_slides.pdf

Since the publication of this presentation, it has been tweaked, but the
selection method is somewhat similar and the paper will give you a good
description.

See also ISC's KB article about the issue described in the presentation:

https://kb.isc.org/article/AA-01030/169/Operational-Notification-A-Vulnerability-in-the-SRTT-Algorithm-affects-BIND-9-Authoritative-Server-Selection.html

		Mukund
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 2881 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140919/cce49ad0/attachment.bin>


More information about the bind-users mailing list