Resolver optimization of auth selection - Truth or Myth?

Darcy Kevin (FCA) kevin.darcy at
Mon Feb 8 19:06:20 UTC 2016

I suspect they changed the algorithm, in light of recent research findings about attackability. See

                                                                                                                                                                - Kevin

From: bind-users-bounces at [mailto:bind-users-bounces at] On Behalf Of MURTARI, JOHN
Sent: Monday, February 08, 2016 1:36 PM
To: bind-users at
Subject: Resolver optimization of auth selection - Truth or Myth?

                Just trying to settle a question on BIND based resolver operation.  When given multiple authoritative servers for a zone, does it optimize selection based on auth server response times?  For example:

                I'm located in Sydney, Australia and my ISP has a couple of BIND based resolvers also located there.  I'm trying to get to<> and it happens to have three authoritative servers, ns{1,2,3} with a single unicast IP and located as follows:

       - Signapore, - Los Angeles, - New York

                We'll assume DNS round trip time (RTT) are proportional to distance from Sydney; also,  the fine folks at have set a 10 minute TTL on all their resource records and have never heard of anycast IPs.   They are also very reliable, so we're not considering the effects of a non-responsive server.

       the BIND resolvers in Sydney begin to notice their quickest source of responses is ns1 and when cache data expires, do they go there first?  Or, are did the people at waste money trying to locate one of their authoritative servers in Singapore to better serve their Australian visitors?

                I did do a little searching on this and found what seemed to be a decent paper, no date, but covered up to BIND 9.8:

                If you take a look at sections 4.1 & 4.2 - they seem to say  BIND 9.8 gets it a little backwards and starts to prefer higher latency servers?

                Any clarification on this is welcome.


John Murtari - jm5903 at<mailto:jm5903 at>
office: 315-944-0998
cell: 315-430-2702

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list